[2008/03/25 15:30:38, 2] lib/interface.c:add_interface(81) added interface ip=172.16.1.87 bcast=172.16.1.255 nmask=255.255.254.0 [2008/03/25 15:30:38, 5] lib/util.c:init_names(287) Netbios name list:- my_netbios_names[0]="ANUBIS" [2008/03/25 15:30:38, 2] lib/interface.c:add_interface(81) added interface ip=172.16.1.87 bcast=172.16.1.255 nmask=255.255.254.0 [2008/03/25 15:30:38, 5] lib/gencache.c:gencache_init(61) Opening cache file at /var/cache/samba/gencache.tdb [2008/03/25 15:30:38, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2008/03/25 15:30:38, 4] lib/time.c:TimeInit(1258) TimeInit: Serverzone is -3600 [2008/03/25 15:30:38, 2] lib/tallocmsg.c:register_msg_pool_usage(105) Registered MSG_REQ_POOL_USAGE [2008/03/25 15:30:38, 2] lib/dmallocmsg.c:register_dmalloc_msgs(75) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2008/03/25 15:30:38, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2222) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2008/03/25 15:30:38, 2] nsswitch/winbindd_util.c:add_trusted_domain(171) Added domain domainVE S-1-5-21-752245277-826633387-1819828000 [2008/03/25 15:30:38, 2] nsswitch/winbindd_util.c:add_trusted_domain(171) Added domain ANUBIS S-1-5-21-2312330942-1990374164-568622662 [2008/03/25 15:30:38, 2] nsswitch/winbindd_util.c:add_trusted_domain(171) Added domain BUILTIN S-1-5-32 [2008/03/25 15:30:38, 5] nsswitch/winbindd_util.c:init_child_recv(419) Received child initialization response for domain domainVE [2008/03/25 15:30:38, 5] libsmb/namequery.c:saf_fetch(136) saf_fetch: Returning "HAL9000" for "domainVE" domain [2008/03/25 15:30:38, 5] libads/dns.c:sitename_fetch(674) sitename_fetch: No stored sitename for [2008/03/25 15:30:38, 5] libsmb/namecache.c:namecache_fetch(214) name HAL9000#20 found. [2008/03/25 15:30:38, 5] libsmb/cliconnect.c:cli_session_request(1400) Sent session request [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]= 8192 (0x2000) smb_vwv[12]=23220 (0x5AB4) smb_vwv[13]=33813 (0x8415) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]= 8192 (0x2000) smb_vwv[12]=23220 (0x5AB4) smb_vwv[13]=33813 (0x8415) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2008/03/25 15:30:38, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(507) cm_get_ipc_userpass: No auth-user defined [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=6144 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=6144 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2008/03/25 15:30:38, 5] nsswitch/winbindd_cm.c:cm_prepare_connection(810) Connected anonymously [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2008/03/25 15:30:38, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1589) set_dc_type_and_flags: domain domainVE [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 280 (0x118) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[1806]: \lsarpc auth_type 0, auth_level 0 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.±Ð. .¨.ÀOÙ.õ [010] 00 00 00 00 .... [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 3919286a [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : b10c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : 11d0 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : 9b a8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 00 c0 4f d9 2e f5 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \lsarpc fnum 0x1806 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6150 (0x1806) smb_bcc=87 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/03/25 15:30:38, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine HAL9000 pipe \lsarpc fnum 0x1806 bind request returned ok. [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00007c0c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0002 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 00 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 00 00 00 00 00 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000000 [2008/03/25 15:30:38, 2] rpc_client/cli_pipe.c:check_bind_response(1692) bind_rpc_pipe: transfer syntax differs [2008/03/25 15:30:38, 2] rpc_client/cli_pipe.c:rpc_pipe_bind(2098) rpc_pipe_bind: check_bind_response failed. [2008/03/25 15:30:38, 3] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2272) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=7 smt_wct=0 smb_bcc=0 [2008/03/25 15:30:38, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1597) set_dc_type_and_flags: Could not bind to PI_LSARPC_DS on domain domainVE: (NT_STATUS_BUFFER_TOO_SMALL) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 280 (0x118) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[1804]: \lsarpc auth_type 0, auth_level 0 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« [010] 00 00 00 00 .... [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345778 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 89 ab [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \lsarpc fnum 0x1804 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6148 (0x1804) smb_bcc=87 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/03/25 15:30:38, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine HAL9000 pipe \lsarpc fnum 0x1804 bind request returned ok. [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00007c0d [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_q_open_pol2(368) init_q_open_pol2: attr:0 da:33554432 [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.H.A.L.9.0.0.0... [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 len : 00000018 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 ptr_root_dir: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c ptr_obj_name: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 attributes : 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 ptr_sec_desc: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0038 ptr_sec_qos : 00000001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 003c len : 0000000c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0040 sec_imp_level : 0002 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0042 sec_ctxt_mode : 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0043 effective_only: 00 [2008/03/25 15:30:38, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 des_access: 02000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0060 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000048 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 002c [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \lsarpc fnum 0x1804 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6148 (0x1804) smb_bcc=111 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : afafc73f [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fa5c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 11dc [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 97 b5 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : c8 59 03 13 4f 48 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_q_query2(3141) init_q_query2 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query_info2 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : afafc73f [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fa5c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 11dc [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 97 b5 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : c8 59 03 13 4f 48 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 000c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000016 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 002e [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \lsarpc fnum 0x1804 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6148 (0x1804) smb_bcc=61 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 23 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0020 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(799) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c reserved: 00000000 [2008/03/25 15:30:38, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine HAL9000 pipe \lsarpc fnum 0x1804! [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) init_open_pol: attr:0 da:33554432 [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 system_name: 005c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 len : 00000018 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c ptr_root_dir: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 ptr_obj_name: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 attributes : 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 ptr_sec_desc: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c ptr_sec_qos : 00000001 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 len : 0000000c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 sec_imp_level : 0002 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0026 sec_ctxt_mode : 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0027 effective_only: 00 [2008/03/25 15:30:38, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 des_access: 02000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000002c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0006 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \lsarpc fnum 0x1804 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6148 (0x1804) smb_bcc=83 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : afafc740 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fa5c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 11dc [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 97 b5 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : c8 59 03 13 4f 48 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/03/25 15:30:38, 5] rpc_parse/parse_lsa.c:init_q_query(488) init_q_query [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : afafc740 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fa5c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 11dc [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 97 b5 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : c8 59 03 13 4f 48 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 0005 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000016 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0007 [2008/03/25 15:30:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \lsarpc fnum 0x1804 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6148 (0x1804) smb_bcc=61 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0064 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000004c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 dom_ptr: 00159298 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 info_class: 0005 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 uni_dom_max_len: 000c [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a uni_dom_str_len: 000e [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c buffer_dom_name: 0014be30 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 buffer_dom_sid : 0018cce0 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 uni_max_len: 00000007 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 offset : 00000000 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c uni_str_len: 00000006 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0020 buffer : A.I.V.E.V.E. [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c num_auths: 00000004 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0030 sid_rev_num: 01 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0031 num_auths : 04 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0032 id_auth[0] : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0033 id_auth[1] : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0034 id_auth[2] : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0035 id_auth[3] : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0036 id_auth[4] : 00 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0037 id_auth[5] : 05 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_uint32s(997) 0038 sub_auths : 00000015 2cd65a1d 31456cab 6c785f20 [2008/03/25 15:30:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0048 status: NT_STATUS_OK [2008/03/25 15:30:38, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1705) set_dc_type_and_flags: domain domainVE is NOT in native mode. [2008/03/25 15:30:38, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1708) set_dc_type_and_flags: domain domainVE is NOT running active directory. [2008/03/25 15:30:38, 5] lib/util.c:show_msg(484) [2008/03/25 15:30:38, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=14 smt_wct=0 smb_bcc=0 [2008/03/25 15:30:38, 2] nsswitch/winbindd_util.c:add_trusted_domain(171) Added domain domain S-1-5-21-869146592-727527273-7473742 [2008/03/25 15:31:48, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14012]: request interface version [2008/03/25 15:31:48, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14012]: request location of privileged pipe [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(447) [14012]: uid to sid 0 [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(477) [14012]: gid to sid 0 [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308) [14012]: sid to gid S-1-5-32-544 [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308) [14012]: sid to gid S-1-5-32-545 [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(477) [14012]: gid to sid 99 [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(477) [14012]: gid to sid 98 [2008/03/25 15:31:48, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14012]: ping [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308) [14012]: sid to gid S-1-1-0 [2008/03/25 15:31:48, 5] nsswitch/winbindd_async.c:winbindd_sid2gid_recv(527) sid2gid returned an error [2008/03/25 15:31:48, 5] nsswitch/winbindd_sid.c:sid2gid_recv(254) Could not convert sid S-1-1-0 [2008/03/25 15:31:48, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14012]: ping [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308) [14012]: sid to gid S-1-5-2 [2008/03/25 15:31:48, 5] nsswitch/winbindd_async.c:winbindd_sid2gid_recv(527) sid2gid returned an error [2008/03/25 15:31:48, 5] nsswitch/winbindd_sid.c:sid2gid_recv(254) Could not convert sid S-1-5-2 [2008/03/25 15:31:48, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14012]: ping [2008/03/25 15:31:48, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308) [14012]: sid to gid S-1-5-32-546 [2008/03/25 15:31:48, 5] nsswitch/winbindd_async.c:winbindd_sid2gid_recv(527) sid2gid returned an error [2008/03/25 15:31:48, 5] nsswitch/winbindd_sid.c:sid2gid_recv(254) Could not convert sid S-1-5-32-546 [2008/03/25 15:31:48, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14012]: ping [2008/03/25 15:32:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14043]: request interface version [2008/03/25 15:32:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14043]: request location of privileged pipe [2008/03/25 15:32:01, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:06, 5] nsswitch/winbindd_util.c:init_child_recv(419) Received child initialization response for domain domain [2008/03/25 15:32:06, 5] libsmb/namequery.c:saf_fetch(133) saf_fetch: failed to find server for "domain" domain [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=15 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1280 (0x500) smb_vwv[ 3]= 280 (0x118) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[1805]: \NETLOGON auth_type 0, auth_level 0 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345678 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 cf fb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1805 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6149 (0x1805) smb_bcc=87 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/03/25 15:32:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine HAL9000 pipe \NETLOGON fnum 0x1805 bind request returned ok. [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00007c18 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/03/25 15:32:06, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from ANUBIS to \\HAL9000 [2008/03/25 15:32:06, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2008/03/25 15:32:06, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.H.A.L.9.0.0.0... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 uni_max_len: 00000007 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c uni_str_len: 00000007 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0030 buffer : A.N.U.B.I.S... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data: b6 50 4a 26 34 4d a3 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 005e [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000008 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000046 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0004 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1805 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6149 (0x1805) smb_bcc=109 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0024 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000008 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: 6f e2 87 21 70 00 00 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0008 status: NT_STATUS_OK [2008/03/25 15:32:06, 5] libsmb/credentials.c:creds_init_64(119) creds_init_64 [2008/03/25 15:32:06, 5] libsmb/credentials.c:creds_init_64(120) clnt_chal_in: B6504A26344DA310 [2008/03/25 15:32:06, 5] libsmb/credentials.c:creds_init_64(121) srv_chal_in : 6FE2872170000000 [2008/03/25 15:32:06, 5] libsmb/credentials.c:creds_init_64(122) clnt+srv : 2533D247A44DA310 [2008/03/25 15:32:06, 5] libsmb/credentials.c:creds_init_64(123) sess_key_out : E7FEC15F2638D64F [2008/03/25 15:32:06, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) cli_net_auth2: srv:\\HAL9000 acct:ANUBIS$ sc:2 mc: ANUBIS neg: 400701ff [2008/03/25 15:32:06, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2008/03/25 15:32:06, 5] rpc_parse/parse_misc.c:init_log_info(1450) make_log_info 1450 [2008/03/25 15:32:06, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.H.A.L.9.0.0.0... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 uni_max_len: 00000008 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c uni_str_len: 00000008 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0030 buffer : A.N.U.B.I.S.$... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0040 sec_chan: 0002 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 uni_max_len: 00000007 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0048 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 004c uni_str_len: 00000007 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0050 buffer : A.N.U.B.I.S... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 005e data: d1 f6 20 58 87 32 17 f3 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0068 neg_flags: 400701ff [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0084 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000009 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000006c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 000f [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1805 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=214 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 132 (0x84) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6149 (0x1805) smb_bcc=147 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0028 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000009 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000010 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: 37 57 f4 1d 29 2a bd 72 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 neg_flags: 400001ff [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 000c status: NT_STATUS_OK [2008/03/25 15:32:06, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) rpccli_netlogon_setup_creds: server HAL9000 credential chain established. [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=19 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 280 (0x118) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[1807]: \NETLOGON auth_type 2, auth_level 6 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 type1: 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 type2: 00000003 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0066 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0016 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345678 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 cf fb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0048 auth_type : 44 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0049 auth_level : 06 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004a auth_pad_len : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004b auth_reserved: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 004c auth_context_id: 00000001 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1807 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 102 (0x66) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 102 (0x66) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6151 (0x1807) smb_bcc=117 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0058 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000a [2008/03/25 15:32:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine HAL9000 pipe \NETLOGON fnum 0x1807 bind request returned ok. [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0058 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00007c19 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=21 smt_wct=0 smb_bcc=0 [2008/03/25 15:32:06, 5] rpc_parse/parse_net.c:init_net_q_getanydcname(488) init_q_getanydcname [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_getanydcname [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_logon_server: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.H.A.L.9.0.0.0... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 ptr_domainname: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 uni_max_len: 00000005 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 uni_str_len: 00000005 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0034 buffer : A.I.V.E... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0080 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0020 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000b [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000003e [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 000d [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0058 auth_type : 44 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0059 auth_level : 06 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 005a auth_pad_len : 02 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 005b auth_reserved: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 005c auth_context_id: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_rpc_auth_schannel_chk [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0060 sig : 77 00 7a 00 ff ff 00 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0068 seq_num: 27 4d e6 62 b3 31 21 3b [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0070 packet_digest: 6a 69 f5 2a d2 b0 02 c6 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0078 confounder: 08 db a3 7e 5a f0 14 eb [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1807 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=210 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6151 (0x1807) smb_bcc=143 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0070 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0020 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000b [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000028 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0048 auth_type : 44 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0049 auth_level : 06 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004a auth_pad_len : 08 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004b auth_reserved: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 004c auth_context_id: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_rpc_auth_schannel_chk [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0050 sig : 77 00 7a 00 ff ff 00 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0058 seq_num: 06 79 a3 1a 2b 9d 60 5f [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0060 packet_digest: a5 ec 79 5f 11 4a 74 2d [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0068 confounder: 15 16 f0 3a dd 41 cb b4 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_getanydcname [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_dcname: 0018bed0 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.V.E.-.D.C.0.1... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_werror(830) 0024 status: WERR_OK [2008/03/25 15:32:06, 5] libads/dns.c:sitename_fetch(674) sitename_fetch: No stored sitename for [2008/03/25 15:32:06, 5] libsmb/namecache.c:namecache_fetch(214) name VE-DC01#20 found. [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=19072 (0x4A80) smb_vwv[12]=28548 (0x6F84) smb_vwv[13]=33910 (0x8476) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=19072 (0x4A80) smb_vwv[12]=28548 (0x6F84) smb_vwv[13]=33910 (0x8476) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2008/03/25 15:32:06, 5] passdb/secrets.c:get_trust_pw_clear(720) get_trust_pw_clear: could not fetch clear text trust account password for domain domain [2008/03/25 15:32:06, 5] rpc_parse/parse_net.c:init_net_q_getanydcname(488) init_q_getanydcname [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_getanydcname [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_logon_server: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.H.A.L.9.0.0.0... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 ptr_domainname: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 uni_max_len: 00000005 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 uni_str_len: 00000005 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0034 buffer : A.I.V.E... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0080 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0020 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000003e [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 000d [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0058 auth_type : 44 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0059 auth_level : 06 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 005a auth_pad_len : 02 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 005b auth_reserved: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 005c auth_context_id: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_rpc_auth_schannel_chk [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0060 sig : 77 00 7a 00 ff ff 00 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0068 seq_num: 38 d6 4c c2 f9 6a 2a 07 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0070 packet_digest: ef b5 4c e7 0a 12 fe 9a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0078 confounder: 39 57 4f cb bf dd 6e d7 [2008/03/25 15:32:06, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1807 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=210 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6151 (0x1807) smb_bcc=143 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2008/03/25 15:32:06, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:06, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0070 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0020 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000c [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000028 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0048 auth_type : 44 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0049 auth_level : 06 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004a auth_pad_len : 08 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004b auth_reserved: 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 004c auth_context_id: 00000001 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_rpc_auth_schannel_chk [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0050 sig : 77 00 7a 00 ff ff 00 00 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0058 seq_num: 9c 15 e3 d9 3c a9 b0 cb [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0060 packet_digest: 8c 39 24 d8 2b 30 7d 33 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0068 confounder: a8 87 ac ec 80 1e 3e 3f [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_getanydcname [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_dcname: 0018cd70 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.V.E.-.D.C.0.1... [2008/03/25 15:32:06, 5] rpc_parse/parse_prs.c:prs_werror(830) 0024 status: WERR_OK [2008/03/25 15:32:06, 5] libads/dns.c:sitename_fetch(674) sitename_fetch: No stored sitename for [2008/03/25 15:32:06, 5] libsmb/namecache.c:namecache_fetch(214) name VE-DC01#20 found. [2008/03/25 15:32:06, 5] libsmb/namequery.c:saf_fetch(133) saf_fetch: failed to find server for "domain" domain [2008/03/25 15:32:06, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ", *" [2008/03/25 15:32:06, 5] libsmb/namecache.c:namecache_fetch(214) name domain#1C found. [2008/03/25 15:32:06, 4] libsmb/namequery.c:get_dc_list(1599) get_dc_list: returning 20 ip addresses in an unordered list [2008/03/25 15:32:06, 4] libsmb/namequery.c:get_dc_list(1600) get_dc_list: 172.16.1.81:0 172.16.1.21:0 172.16.1.90:0 172.16.1.30:0 172.16.1.69:0 172.16.0.63:0 172.16.0.78:0 172.17.1.13:0 172.17.1.41:0 172.18.1.13:0 172.18.1.40:0 172.18.1.42:0 172.22.1.14:0 172.21.1.14:0 172.23.1.20:0 172.22.1.82:0 172.21.1.41:0 172.22.1.41:0 169.254.130.107:0 169.254.206.203:0 [2008/03/25 15:32:06, 3] lib/util.c:fcntl_lock(2005) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2008/03/25 15:32:06, 4] libsmb/clidgram.c:cli_send_mailslot(109) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from ANUBIS<00> to domain<1c> IP 172.16.1.81 [2008/03/25 15:32:06, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:07, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:08, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:08, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:09, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:09, 5] libsmb/namecache.c:namecache_status_fetch(346) namecache_status_fetch: no entry for NBT/domain#1C.20.172.16.1.81 found. [2008/03/25 15:32:09, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 50 to (172.16.1.81) on port 137 [2008/03/25 15:32:09, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 265 from (172.16.1.81) port 137 [2008/03/25 15:32:09, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 172.16.1.81(137) header: id=23785 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=domain<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .VE-DC01 hex 0856452D444330312020202020202020 answers 10 char .D.domain hex 00440041495645202020202020202020 answers 20 char ...domain hex 202000C4004149564520202020202020 answers 30 char ...VE-DC01 hex 202020201CC40056452D444330312020 answers 40 char D.domain hex 20202020202020440041495645202020 answers 50 char .D.domain hex 20202020202020201B44004149564520 answers 60 char ...AIV hex 202020202020202020201EC400414956 answers 70 char E .D.. hex 4520202020202020202020201D440001 answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201C4 answers 90 char .....y.......... hex 00000AE4807980000000000000000000 answers a0 char ................ hex 00000000000000000000000000000000 answers b0 char ............... hex 000000000000000000000000000000 [2008/03/25 15:32:09, 5] libsmb/namecache.c:namecache_store(135) namecache_store: storing 1 address for VE-DC01#20: 172.16.1.81:0 [2008/03/25 15:32:09, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:09, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=46208 (0xB480) smb_vwv[12]= 625 (0x271) smb_vwv[13]=33912 (0x8478) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2008/03/25 15:32:09, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:09, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=46208 (0xB480) smb_vwv[12]= 625 (0x271) smb_vwv[13]=33912 (0x8478) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2008/03/25 15:32:09, 5] passdb/secrets.c:get_trust_pw_clear(720) get_trust_pw_clear: could not fetch clear text trust account password for domain domain [2008/03/25 15:32:09, 5] rpc_parse/parse_net.c:init_net_q_getanydcname(488) init_q_getanydcname [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_getanydcname [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_logon_server: 00000001 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.H.A.L.9.0.0.0... [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 ptr_domainname: 00000001 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 uni_max_len: 00000005 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c offset : 00000000 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 uni_str_len: 00000005 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0034 buffer : A.I.V.E... [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0080 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0020 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000d [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000003e [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 000d [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0058 auth_type : 44 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0059 auth_level : 06 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 005a auth_pad_len : 02 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 005b auth_reserved: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 005c auth_context_id: 00000001 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_rpc_auth_schannel_chk [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0060 sig : 77 00 7a 00 ff ff 00 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0068 seq_num: 53 b8 ce 3e 65 54 ae 8b [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0070 packet_digest: 4a 5e 36 03 f6 41 35 db [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0078 confounder: d6 e6 b6 97 75 89 f4 5b [2008/03/25 15:32:09, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine HAL9000 pipe \NETLOGON fnum 0x1807 [2008/03/25 15:32:09, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:09, 5] lib/util.c:show_msg(494) size=210 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 6151 (0x1807) smb_bcc=143 [2008/03/25 15:32:09, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:09, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2008/03/25 15:32:09, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:09, 5] lib/util.c:show_msg(494) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=13898 smb_uid=6144 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0070 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0020 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 0000000d [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000028 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0048 auth_type : 44 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0049 auth_level : 06 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004a auth_pad_len : 08 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8(616) 004b auth_reserved: 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 004c auth_context_id: 00000001 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_rpc_auth_schannel_chk [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0050 sig : 77 00 7a 00 ff ff 00 00 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0058 seq_num: 45 37 f1 db da 2b 79 39 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0060 packet_digest: 45 04 e2 17 65 b9 03 45 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0068 confounder: 8e fb 98 9e 8d 58 77 48 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_getanydcname [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr_dcname: 0018bea0 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 0000000a [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 0000000a [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.V.E.-.D.C.0.1... [2008/03/25 15:32:09, 5] rpc_parse/parse_prs.c:prs_werror(830) 0024 status: WERR_OK [2008/03/25 15:32:09, 5] libads/dns.c:sitename_fetch(674) sitename_fetch: No stored sitename for [2008/03/25 15:32:09, 5] libsmb/namecache.c:namecache_fetch(214) name VE-DC01#20 found. [2008/03/25 15:32:09, 5] libsmb/namequery.c:saf_fetch(133) saf_fetch: failed to find server for "domain" domain [2008/03/25 15:32:09, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ", *" [2008/03/25 15:32:09, 5] libsmb/namecache.c:namecache_fetch(214) name domain#1C found. [2008/03/25 15:32:09, 4] libsmb/namequery.c:get_dc_list(1599) get_dc_list: returning 20 ip addresses in an unordered list [2008/03/25 15:32:09, 4] libsmb/namequery.c:get_dc_list(1600) get_dc_list: 172.16.1.81:0 172.16.1.21:0 172.16.1.90:0 172.16.1.30:0 172.16.1.69:0 172.16.0.63:0 172.16.0.78:0 172.17.1.13:0 172.17.1.41:0 172.18.1.13:0 172.18.1.40:0 172.18.1.42:0 172.22.1.14:0 172.21.1.14:0 172.23.1.20:0 172.22.1.82:0 172.21.1.41:0 172.22.1.41:0 169.254.130.107:0 169.254.206.203:0 [2008/03/25 15:32:09, 3] lib/util.c:fcntl_lock(2005) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2008/03/25 15:32:09, 4] libsmb/clidgram.c:cli_send_mailslot(109) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from ANUBIS<00> to domain<1c> IP 172.16.1.81 [2008/03/25 15:32:09, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:10, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:10, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:11, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:11, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1012) Received packet for \MAILSLOT\NET\GETDC510110AC [2008/03/25 15:32:12, 5] libsmb/namecache.c:namecache_status_fetch(346) namecache_status_fetch: no entry for NBT/domain#1C.20.172.16.1.81 found. [2008/03/25 15:32:12, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 50 to (172.16.1.81) on port 137 [2008/03/25 15:32:12, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 265 from (172.16.1.81) port 137 [2008/03/25 15:32:12, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 172.16.1.81(137) header: id=738 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=domain<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .VE-DC01 hex 0856452D444330312020202020202020 answers 10 char .D.domain hex 00440041495645202020202020202020 answers 20 char ...domain hex 202000C4004149564520202020202020 answers 30 char ...VE-DC01 hex 202020201CC40056452D444330312020 answers 40 char D.domain hex 20202020202020440041495645202020 answers 50 char .D.domain hex 20202020202020201B44004149564520 answers 60 char ...AIV hex 202020202020202020201EC400414956 answers 70 char E .D.. hex 4520202020202020202020201D440001 answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201C4 answers 90 char .....y.......... hex 00000AE4807980000000000000000000 answers a0 char ................ hex 00000000000000000000000000000000 answers b0 char ............... hex 000000000000000000000000000000 [2008/03/25 15:32:12, 5] libsmb/namecache.c:namecache_store(135) namecache_store: storing 1 address for VE-DC01#20: 172.16.1.81:0 [2008/03/25 15:32:12, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:12, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]= 7808 (0x1E80) smb_vwv[12]=38239 (0x955F) smb_vwv[13]=33913 (0x8479) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2008/03/25 15:32:12, 5] lib/util.c:show_msg(484) [2008/03/25 15:32:12, 5] lib/util.c:show_msg(494) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=13898 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]= 7808 (0x1E80) smb_vwv[12]=38239 (0x955F) smb_vwv[13]=33913 (0x8479) smb_vwv[14]=51342 (0xC88E) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2008/03/25 15:32:12, 5] passdb/secrets.c:get_trust_pw_clear(720) get_trust_pw_clear: could not fetch clear text trust account password for domain domain [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14043]: request interface version [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14043]: request location of privileged pipe [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14043]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14043]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14043]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14043]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14065]: request interface version [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14065]: request location of privileged pipe [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14065]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14065]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14065]: request interface version [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14065]: request location of privileged pipe [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14065]: ping [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(385) [14065]: domain_info [domain] [2008/03/25 15:32:12, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1685) [14065]: pam auth crap domain: [domain] user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam domain\mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam domain\MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_async.c:query_user_recv(1436) query_user returned an error [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:getpwsid_queryuser_recv(237) Could not query domain domain SID S-1-5-21-869146592-727527273-7473742-1006 [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam mberizzi [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: mberizzi [2008/03/25 15:32:12, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [14065]: getpwnam MBERIZZI [2008/03/25 15:32:12, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(353) Could not parse domain user: MBERIZZI [2008/03/25 15:32:12, 3] nsswitch/winbindd_misc.c:winbindd_ping(470) [14065]: ping