The Samba-Bugzilla – Attachment 3708 Details for
Bug 5870
Cannot join pure Win2008 AD
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Output of "net ads join -U Administrator -d 10"
net_ads_join-output.txt (text/plain), 197.14 KB, created by
Roland Hebertinger
on 2008-11-04 02:39:29 UTC
(
hide
)
Description:
Output of "net ads join -U Administrator -d 10"
Filename:
MIME Type:
Creator:
Roland Hebertinger
Created:
2008-11-04 02:39:29 UTC
Size:
197.14 KB
patch
obsolete
>remus:~ # net ads join -U Administrator -d 10 >[2008/11/04 09:34:01, 5] lib/debug.c:debug_dump_status(407) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > registry: False/0 >[2008/11/04 09:34:01, 3] param/loadparm.c:lp_load_ex(8754) > lp_load_ex: refreshing parameters >[2008/11/04 09:34:01, 3] param/loadparm.c:init_globals(4597) > Initialising global parameters >[2008/11/04 09:34:01, 3] param/params.c:pm_process(569) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2008/11/04 09:34:01, 3] param/loadparm.c:do_section(7417) > Processing section "[global]" > doing parameter workgroup = VERLAG > doing parameter realm = VERLAG.VN.IDOWA.DE > doing parameter netbios name = sr-home-1 >[2008/11/04 09:34:01, 4] param/loadparm.c:handle_netbios_name(6765) > handle_netbios_name: set global_myname to: SR-HOME-1 > doing parameter security = ADS > doing parameter password server = sr-dc-1.verlag.vn.idowa.de > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter printcap cache time = 750 > doing parameter cups options = raw > doing parameter map to guest = Bad User > doing parameter logon path = \\%L\profiles\.msprofile > doing parameter logon home = \\%L\%U\.9xprofile > doing parameter logon drive = P: > doing parameter usershare allow guests = Yes >[2008/11/04 09:34:01, 4] param/loadparm.c:lp_load_ex(8798) > pm_process() returned Yes >[2008/11/04 09:34:01, 7] param/loadparm.c:lp_servicenumber(9003) > lp_servicenumber: couldn't find homes >[2008/11/04 09:34:01, 10] param/loadparm.c:set_server_role(7976) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2LE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2LE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16LE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16LE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2BE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2BE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16BE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16BE >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF8 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF8 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-8 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-8 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ASCII >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset ASCII >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset 646 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset 646 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ISO-8859-1 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset ISO-8859-1 >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS2-HEX >[2008/11/04 09:34:01, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS2-HEX >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:01, 5] lib/util.c:init_names(271) > Netbios name list:- > my_netbios_names[0]="SR-HOME-1" >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth0 ip=fe80::214:5eff:fed8:9816%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth1 ip=fe80::214:5eff:fed8:9818%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth0 ip=192.168.1.28 bcast=192.168.1.255 netmask=255.255.255.0 >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth0 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0 >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0 >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth0 ip=192.168.1.195 bcast=192.168.1.255 netmask=255.255.255.0 >[2008/11/04 09:34:01, 2] lib/interface.c:add_interface(337) > added interface eth1 ip=10.168.1.195 bcast=10.168.1.255 netmask=255.255.255.0 >Enter Administrator's password: >[2008/11/04 09:34:07, 1] libnet/libnet_join.c:libnet_Join(1770) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'SR-HOME-1' > domain_name : * > domain_name : 'VERLAG.VN.IDOWA.DE' > account_ou : NULL > admin_account : 'Administrator' > admin_password : * > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > secure_channel_type : SEC_CHAN_WKSTA (2) >[2008/11/04 09:34:07, 10] libsmb/dsgetdcname.c:dsgetdcname(1406) > dsgetdcname: domain_name: VERLAG.VN.IDOWA.DE, domain_guid: (null), site_name: (null), flags: 0x40001010 >[2008/11/04 09:34:07, 10] libsmb/dsgetdcname.c:debug_dsdcinfo_flags(47) > debug_dsdcinfo_flags: 0x40001010 > DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME >[2008/11/04 09:34:07, 5] lib/gencache.c:gencache_init(61) > Opening cache file at /var/lib/samba/gencache.tdb >[2008/11/04 09:34:07, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/VERLAG.VN.IDOWA.DE, value = Straubing, timeout = Sun Feb 7 07:28:15 2106 >[2008/11/04 09:34:07, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for VERLAG.VN.IDOWA.DE: "Straubing" >[2008/11/04 09:34:07, 10] lib/gencache.c:gencache_get_data_blob(291) > Returning valid cache entry: key = DSGETDCNAME/DOMAIN/VERLAG.VN.IDOWA.DE, timeout = Tue Nov 4 09:47:12 2008 > info: struct netr_DsRGetDCNameInfo > dc_unc : * > dc_unc : 'sr-dc-1.verlag.vn.idowa.de' > dc_address : * > dc_address : '\\192.168.1.82' > dc_address_type : DS_ADDRESS_TYPE_INET (1) > domain_guid : ebfa812f-b22e-41ac-8ab9-372fdb238e11 > domain_name : * > domain_name : 'verlag.vn.idowa.de' > forest_name : * > forest_name : 'verlag.vn.idowa.de' > dc_flags : 0xe00011fd (3758100989) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 1: DS_DNS_CONTROLLER > 1: DS_DNS_DOMAIN > 1: DS_DNS_FOREST > dc_site_name : * > dc_site_name : 'Straubing' > client_site_name : * > client_site_name : 'Straubing' >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_start_connection(1632) > Connecting to host=sr-dc-1.verlag.vn.idowa.de >[2008/11/04 09:34:07, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/VERLAG.VN.IDOWA.DE, value = Straubing, timeout = Sun Feb 7 07:28:15 2106 >[2008/11/04 09:34:07, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for VERLAG.VN.IDOWA.DE: "Straubing" >[2008/11/04 09:34:07, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up sr-dc-1.verlag.vn.idowa.de#20 (sitename Straubing) >[2008/11/04 09:34:07, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/SR-DC-1.VERLAG.VN.IDOWA.DE#20, value = 192.168.1.82:0, timeout = Tue Nov 4 09:43:12 2008 >[2008/11/04 09:34:07, 5] libsmb/namecache.c:namecache_fetch(233) > name sr-dc-1.verlag.vn.idowa.de#20 found. >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/11/04 09:34:07, 3] lib/util_sock.c:open_socket_out(1331) > Connecting to 192.168.1.82 at port 445 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_KEEPALIVE = 0 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_REUSEADDR = 0 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_BROADCAST = 0 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_NODELAY = 1 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPCNT = 9 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPIDLE = 7200 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPINTVL = 75 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_LOWDELAY = 0 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_THROUGHPUT = 0 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDBUF = 16384 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVBUF = 87380 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDLOWAT = 1 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVLOWAT = 1 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDTIMEO = 0 >[2008/11/04 09:34:07, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVTIMEO = 0 >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,194) >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,194) wrote 194 >[2008/11/04 09:34:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 193 >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11179 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]= 6784 (0x1A80) > smb_vwv[12]=33362 (0x8252) > smb_vwv[13]=22546 (0x5812) > smb_vwv[14]=51518 (0xC93E) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 80 09 26 84 FB 6B 81 42 97 AB 69 62 8E FA 6D 39 ..&..k.B ..ib..m9 > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11179 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]= 6784 (0x1A80) > smb_vwv[12]=33362 (0x8252) > smb_vwv[13]=22546 (0x5812) > smb_vwv[14]=51518 (0xC93E) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 80 09 26 84 FB 6B 81 42 97 AB 69 62 8E FA 6D 39 ..&..k.B ..ib..m9 > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) > Doing spnego session setup (blob length=124) >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 48018 1 2 2 >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 113554 1 2 2 >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 113554 1 2 2 3 >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 3 6 1 4 1 311 2 2 10 >[2008/11/04 09:34:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) > got principal=not_defined_in_RFC4178@please_ignore >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,166) >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,166) wrote 166 >[2008/11/04 09:34:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 519 >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=519 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=11179 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 519 (0x207) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 288 (0x120) > smb_bcc=476 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] A1 82 01 1C 30 82 01 18 A0 03 0A 01 01 A1 0C 06 ....0... ........ > [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 01 04 .+.....7 ........ > [020] 81 FE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 ..NTLMSS P....... > [030] 0C 00 38 00 00 00 15 82 89 62 FE 64 74 F8 56 85 ..8..... .b.dt.V. > [040] 8B 01 00 00 00 00 00 00 00 00 BA 00 BA 00 44 00 ........ ......D. > [050] 00 00 06 00 71 17 00 00 00 0F 56 00 45 00 52 00 ....q... ..V.E.R. > [060] 4C 00 41 00 47 00 02 00 0C 00 56 00 45 00 52 00 L.A.G... ..V.E.R. > [070] 4C 00 41 00 47 00 01 00 0E 00 53 00 52 00 2D 00 L.A.G... ..S.R.-. > [080] 44 00 43 00 2D 00 31 00 04 00 24 00 76 00 65 00 D.C.-.1. ..$.v.e. > [090] 72 00 6C 00 61 00 67 00 2E 00 76 00 6E 00 2E 00 r.l.a.g. ..v.n... > [0A0] 69 00 64 00 6F 00 77 00 61 00 2E 00 64 00 65 00 i.d.o.w. a...d.e. > [0B0] 03 00 34 00 73 00 72 00 2D 00 64 00 63 00 2D 00 ..4.s.r. -.d.c.-. > [0C0] 31 00 2E 00 76 00 65 00 72 00 6C 00 61 00 67 00 1...v.e. r.l.a.g. > [0D0] 2E 00 76 00 6E 00 2E 00 69 00 64 00 6F 00 77 00 ..v.n... i.d.o.w. > [0E0] 61 00 2E 00 64 00 65 00 05 00 24 00 76 00 65 00 a...d.e. ..$.v.e. > [0F0] 72 00 6C 00 61 00 67 00 2E 00 76 00 6E 00 2E 00 r.l.a.g. ..v.n... > [100] 69 00 64 00 6F 00 77 00 61 00 2E 00 64 00 65 00 i.d.o.w. a...d.e. > [110] 07 00 08 00 1A 52 82 12 58 3E C9 01 00 00 00 00 .....R.. X>...... > [120] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [130] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( > [140] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. > [150] 00 44 00 61 00 74 00 61 00 63 00 65 00 6E 00 74 .D.a.t.a .c.e.n.t > [160] 00 65 00 72 00 20 00 36 00 30 00 30 00 31 00 20 .e.r. .6 .0.0.1. > [170] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. > [180] 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 .P.a.c.k . .1...W > [190] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 .i.n.d.o .w.s. .S > [1A0] 00 65 00 72 00 76 00 65 00 72 00 20 00 28 00 52 .e.r.v.e .r. .(.R > [1B0] 00 29 00 20 00 32 00 30 00 30 00 38 00 20 00 44 .). .2.0 .0.8. .D > [1C0] 00 61 00 74 00 61 00 63 00 65 00 6E 00 74 00 65 .a.t.a.c .e.n.t.e > [1D0] 00 72 00 20 00 36 00 2E 00 30 00 00 .r. .6.. .0.. >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=519 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=11179 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 519 (0x207) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 288 (0x120) > smb_bcc=476 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] A1 82 01 1C 30 82 01 18 A0 03 0A 01 01 A1 0C 06 ....0... ........ > [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 01 04 .+.....7 ........ > [020] 81 FE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 ..NTLMSS P....... > [030] 0C 00 38 00 00 00 15 82 89 62 FE 64 74 F8 56 85 ..8..... .b.dt.V. > [040] 8B 01 00 00 00 00 00 00 00 00 BA 00 BA 00 44 00 ........ ......D. > [050] 00 00 06 00 71 17 00 00 00 0F 56 00 45 00 52 00 ....q... ..V.E.R. > [060] 4C 00 41 00 47 00 02 00 0C 00 56 00 45 00 52 00 L.A.G... ..V.E.R. > [070] 4C 00 41 00 47 00 01 00 0E 00 53 00 52 00 2D 00 L.A.G... ..S.R.-. > [080] 44 00 43 00 2D 00 31 00 04 00 24 00 76 00 65 00 D.C.-.1. ..$.v.e. > [090] 72 00 6C 00 61 00 67 00 2E 00 76 00 6E 00 2E 00 r.l.a.g. ..v.n... > [0A0] 69 00 64 00 6F 00 77 00 61 00 2E 00 64 00 65 00 i.d.o.w. a...d.e. > [0B0] 03 00 34 00 73 00 72 00 2D 00 64 00 63 00 2D 00 ..4.s.r. -.d.c.-. > [0C0] 31 00 2E 00 76 00 65 00 72 00 6C 00 61 00 67 00 1...v.e. r.l.a.g. > [0D0] 2E 00 76 00 6E 00 2E 00 69 00 64 00 6F 00 77 00 ..v.n... i.d.o.w. > [0E0] 61 00 2E 00 64 00 65 00 05 00 24 00 76 00 65 00 a...d.e. ..$.v.e. > [0F0] 72 00 6C 00 61 00 67 00 2E 00 76 00 6E 00 2E 00 r.l.a.g. ..v.n... > [100] 69 00 64 00 6F 00 77 00 61 00 2E 00 64 00 65 00 i.d.o.w. a...d.e. > [110] 07 00 08 00 1A 52 82 12 58 3E C9 01 00 00 00 00 .....R.. X>...... > [120] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [130] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( > [140] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. > [150] 00 44 00 61 00 74 00 61 00 63 00 65 00 6E 00 74 .D.a.t.a .c.e.n.t > [160] 00 65 00 72 00 20 00 36 00 30 00 30 00 31 00 20 .e.r. .6 .0.0.1. > [170] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. > [180] 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 .P.a.c.k . .1...W > [190] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 .i.n.d.o .w.s. .S > [1A0] 00 65 00 72 00 76 00 65 00 72 00 20 00 28 00 52 .e.r.v.e .r. .(.R > [1B0] 00 29 00 20 00 32 00 30 00 30 00 38 00 20 00 44 .). .2.0 .0.8. .D > [1C0] 00 61 00 74 00 61 00 63 00 65 00 6E 00 74 00 65 .a.t.a.c .e.n.t.e > [1D0] 00 72 00 20 00 36 00 2E 00 30 00 00 .r. .6.. .0.. >[2008/11/04 09:34:07, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2008/11/04 09:34:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2008/11/04 09:34:07, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2008/11/04 09:34:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2008/11/04 09:34:07, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2008/11/04 09:34:07, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2008/11/04 09:34:07, 5] lib/util.c:dump_data(2223) > [000] 5A C6 57 64 D9 45 13 B8 Z.Wd.E.. >[2008/11/04 09:34:07, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2008/11/04 09:34:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,270) >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,270) wrote 270 >[2008/11/04 09:34:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 240 >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=240 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=11179 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 240 (0xF0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=197 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [030] 00 30 00 30 00 38 00 20 00 44 00 61 00 74 00 61 .0.0.8. .D.a.t.a > [040] 00 63 00 65 00 6E 00 74 00 65 00 72 00 20 00 36 .c.e.n.t .e.r. .6 > [050] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v > [060] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k > [070] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o > [080] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e > [090] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 > [0A0] 00 30 00 38 00 20 00 44 00 61 00 74 00 61 00 63 .0.8. .D .a.t.a.c > [0B0] 00 65 00 6E 00 74 00 65 00 72 00 20 00 36 00 2E .e.n.t.e .r. .6.. > [0C0] 00 30 00 00 00 .0... >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=240 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=11179 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 240 (0xF0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=197 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [030] 00 30 00 30 00 38 00 20 00 44 00 61 00 74 00 61 .0.0.8. .D.a.t.a > [040] 00 63 00 65 00 6E 00 74 00 65 00 72 00 20 00 36 .c.e.n.t .e.r. .6 > [050] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v > [060] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k > [070] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o > [080] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e > [090] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 > [0A0] 00 30 00 38 00 20 00 44 00 61 00 74 00 61 00 63 .0.8. .D .a.t.a.c > [0B0] 00 65 00 6E 00 74 00 65 00 72 00 20 00 36 00 2E .e.n.t.e .r. .6.. > [0C0] 00 30 00 00 00 .0... >[2008/11/04 09:34:07, 5] libsmb/smb_signing.c:set_smb_signing_real_common(140) > Mandatory SMB signing enabled! >[2008/11/04 09:34:07, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) > SMB signing enabled! >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) > cli_simple_set_signing: user_session_key >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 19 C6 50 55 BE 12 B6 15 59 A6 53 A3 84 CA 72 AC ..PU.... Y.S...r. >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) > cli_simple_set_signing: NULL response_data >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 0 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 42 21 EB 06 8F 5E C0 9B B!...^.. >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 1 mid = 3 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 1 mid = 3 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 1 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 1: got good SMB signature of >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 5D 28 97 D0 FB 29 54 34 ](...)T4 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 2 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 22 45 BB 42 CB 20 6B D6 "E.B. k. >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 3 mid = 4 >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,120) >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,120) wrote 120 >[2008/11/04 09:34:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 56 >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]=65535 (0xFFFF) > smb_vwv[ 4]= 31 (0x1F) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]= 31 (0x1F) > smb_bcc=7 >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 49 50 43 00 00 00 00 IPC.... >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 3 mid = 4 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 3 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 3: got good SMB signature of >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 71 A1 CB 54 F3 6A 47 3A q..T.jG: >[2008/11/04 09:34:07, 10] libsmb/clientgen.c:cli_init_creds(429) > cli_init_creds: user Administrator domain >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 4 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] C0 15 6A 9F C9 7F 7E 79 ..j...~y >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 5 mid = 5 >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,104) >[2008/11/04 09:34:07, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,104) wrote 104 >[2008/11/04 09:34:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:07, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2048 (0x800) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 5 mid = 5 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 5 >[2008/11/04 09:34:07, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 5: got good SMB signature of >[2008/11/04 09:34:07, 10] lib/util.c:dump_data(2223) > [000] 50 94 4F D6 16 9B 68 35 P.O...h5 >[2008/11/04 09:34:07, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[4008]: \lsarpc auth_type 0, auth_level 0 >[2008/11/04 09:34:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2008/11/04 09:34:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/11/04 09:34:07, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/11/04 09:34:07, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/11/04 09:34:07, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2008/11/04 09:34:07, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/11/04 09:34:07, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/11/04 09:34:07, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16392 (0x4008) > smb_bcc=87 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 6 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 90 6D 79 CB A3 0D 4C 02 .my...L. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 7 mid = 6 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,158) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,158) wrote 158 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 124 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 63 60 00 00 0C 00 5C 70 69 70 65 .....c`. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 6 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 7 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 7: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] B5 D0 3A 87 0B 71 FC 93 ..:..q.. >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 63 60 00 00 0C 00 5C 70 69 70 65 .....c`. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 6 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 returned 68 bytes. >[2008/11/04 09:34:08, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 bind request returned ok. >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00006063 >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/11/04 09:34:08, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine sr-dc-1.verlag.vn.idowa.de and bound anonymously. >[2008/11/04 09:34:08, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2008/11/04 09:34:08, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16392 (0x4008) > smb_bcc=83 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 8 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] FA 7A 99 8B FB 71 03 F1 .z...q.. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 9 mid = 7 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,154) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,154) wrote 154 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 E6 4A D7 ........ ......J. > [020] 78 08 B1 C6 49 B1 EC 2D B7 1B 52 D5 65 00 00 00 x...I..- ..R.e... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 7 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 9 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 9: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 86 18 93 B9 69 91 A1 CE ....i... >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 E6 4A D7 ........ ......J. > [020] 78 08 B1 C6 49 B1 EC 2D B7 1B 52 D5 65 00 00 00 x...I..- ..R.e... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 7 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 78d74ae6-b108-49c6-b1ec-2db71b52d565 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 78d74ae6-b108-49c6-b1ec-2db71b52d565 > level : LSA_POLICY_INFO_DNS (12) >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002e >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16392 (0x4008) > smb_bcc=61 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 E6 4A D7 78 08 ........ ....J.x. > [030] B1 C6 49 B1 EC 2D B7 1B 52 D5 65 0C 00 ..I..-.. R.e.. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 10 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] D7 F1 8D 69 46 02 84 CB ...iF... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 11 mid = 8 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,132) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,132) wrote 132 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 284 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=284 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 228 (0xE4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 228 (0xE4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=229 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 E4 00 00 00 03 00 00 ........ ........ > [010] 00 CC 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ > [020] 00 0C 00 0E 00 04 00 02 00 24 00 26 00 08 00 02 ........ .$.&.... > [030] 00 24 00 26 00 0C 00 02 00 2F 81 FA EB 2E B2 AC .$.&.... ./...... > [040] 41 8A B9 37 2F DB 23 8E 11 10 00 02 00 07 00 00 A..7/.#. ........ > [050] 00 00 00 00 00 06 00 00 00 56 00 45 00 52 00 4C ........ .V.E.R.L > [060] 00 41 00 47 00 13 00 00 00 00 00 00 00 12 00 00 .A.G.... ........ > [070] 00 76 00 65 00 72 00 6C 00 61 00 67 00 2E 00 76 .v.e.r.l .a.g...v > [080] 00 6E 00 2E 00 69 00 64 00 6F 00 77 00 61 00 2E .n...i.d .o.w.a.. > [090] 00 64 00 65 00 13 00 00 00 00 00 00 00 12 00 00 .d.e.... ........ > [0A0] 00 76 00 65 00 72 00 6C 00 61 00 67 00 2E 00 76 .v.e.r.l .a.g...v > [0B0] 00 6E 00 2E 00 69 00 64 00 6F 00 77 00 61 00 2E .n...i.d .o.w.a.. > [0C0] 00 64 00 65 00 04 00 00 00 01 04 00 00 00 00 00 .d.e.... ........ > [0D0] 05 15 00 00 00 02 7B F2 5D D3 21 92 97 06 2F DE ......{. ].!.../. > [0E0] B5 00 00 00 00 ..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 8 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 11 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 11: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 34 9E 13 8B 5C 7C 4C 15 4...\|L. >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=284 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 228 (0xE4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 228 (0xE4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=229 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 E4 00 00 00 03 00 00 ........ ........ > [010] 00 CC 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ > [020] 00 0C 00 0E 00 04 00 02 00 24 00 26 00 08 00 02 ........ .$.&.... > [030] 00 24 00 26 00 0C 00 02 00 2F 81 FA EB 2E B2 AC .$.&.... ./...... > [040] 41 8A B9 37 2F DB 23 8E 11 10 00 02 00 07 00 00 A..7/.#. ........ > [050] 00 00 00 00 00 06 00 00 00 56 00 45 00 52 00 4C ........ .V.E.R.L > [060] 00 41 00 47 00 13 00 00 00 00 00 00 00 12 00 00 .A.G.... ........ > [070] 00 76 00 65 00 72 00 6C 00 61 00 67 00 2E 00 76 .v.e.r.l .a.g...v > [080] 00 6E 00 2E 00 69 00 64 00 6F 00 77 00 61 00 2E .n...i.d .o.w.a.. > [090] 00 64 00 65 00 13 00 00 00 00 00 00 00 12 00 00 .d.e.... ........ > [0A0] 00 76 00 65 00 72 00 6C 00 61 00 67 00 2E 00 76 .v.e.r.l .a.g...v > [0B0] 00 6E 00 2E 00 69 00 64 00 6F 00 77 00 61 00 2E .n...i.d .o.w.a.. > [0C0] 00 64 00 65 00 04 00 00 00 01 04 00 00 00 00 00 .d.e.... ........ > [0D0] 05 15 00 00 00 02 7B F2 5D D3 21 92 97 06 2F DE ......{. ].!.../. > [0E0] B5 00 00 00 00 ..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00e4 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 000000cc >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 228, data_len 204, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 228 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 returned 408 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x000c (12) > size : 0x000e (14) > string : * > string : 'VERLAG' > dns_domain: struct lsa_StringLarge > length : 0x0024 (36) > size : 0x0026 (38) > string : * > string : 'verlag.vn.idowa.de' > dns_forest: struct lsa_StringLarge > length : 0x0024 (36) > size : 0x0026 (38) > string : * > string : 'verlag.vn.idowa.de' > domain_guid : ebfa812f-b22e-41ac-8ab9-372fdb238e11 > sid : * > sid : S-1-5-21-1576172290-2542936531-3051237126 > result : NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 78d74ae6-b108-49c6-b1ec-2db71b52d565 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16392 (0x4008) > smb_bcc=59 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 E6 4A D7 78 08 ........ ....J.x. > [030] B1 C6 49 B1 EC 2D B7 1B 52 D5 65 ..I..-.. R.e >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 12 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 85 93 5E 8B 2C 18 00 31 ..^.,..1 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 13 mid = 9 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,130) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,130) wrote 130 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 9 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 13 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 13: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 31 C8 A5 21 94 14 CA F9 1..!.... >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 9 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4008 returned 48 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 14 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 4F 09 0D 8A 0E FD 6F E4 O.....o. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 15 mid = 10 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,45) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,45) wrote 45 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 10 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 15 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 15: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] DA 3E A1 F9 C4 EA 3B 69 .>....;i >[2008/11/04 09:34:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \lsarpc to machine sr-dc-1.verlag.vn.idowa.de >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 16 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 81 80 91 5F 90 04 0C D3 ..._.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 17 mid = 11 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,100) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,100) wrote 100 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2304 (0x900) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 17 mid = 11 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 17 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 17: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] EC 26 1C A0 05 D9 9E 1C .&...... >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[4009]: \samr auth_type 0, auth_level 0 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/11/04 09:34:08, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/11/04 09:34:08, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=87 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 18 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 63 A9 A4 65 44 12 04 46 c..eD..F >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 19 mid = 12 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,158) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,158) wrote 158 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 124 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 64 60 00 00 0C 00 5C 70 69 70 65 .....d`. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 12 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 19 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 19: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 46 94 95 62 1D C7 23 04 F..b..#. >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 64 60 00 00 0C 00 5C 70 69 70 65 .....d`. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 12 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 68 bytes. >[2008/11/04 09:34:08, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 bind request returned ok. >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00006064 >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/11/04 09:34:08, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/11/04 09:34:08, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \samr to machine sr-dc-1.verlag.vn.idowa.de and bound anonymously. > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'sr-dc-1.verlag.vn.idowa.de' > access_mask : 0x02000000 (33554432) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 0: SAMR_ACCESS_ENUM_DOMAINS > 0: SAMR_ACCESS_OPEN_DOMAIN >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0064 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000004c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0039 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=182 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=115 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 64 00 00 00 06 00 00 00 4C .......d .......L > [020] 00 00 00 00 00 39 00 00 00 02 00 1B 00 00 00 00 .....9.. ........ > [030] 00 00 00 1B 00 00 00 73 00 72 00 2D 00 64 00 63 .......s .r.-.d.c > [040] 00 2D 00 31 00 2E 00 76 00 65 00 72 00 6C 00 61 .-.1...v .e.r.l.a > [050] 00 67 00 2E 00 76 00 6E 00 2E 00 69 00 64 00 6F .g...v.n ...i.d.o > [060] 00 77 00 61 00 2E 00 64 00 65 00 00 00 00 00 00 .w.a...d .e...... > [070] 00 00 02 ... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 20 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] A0 AB 46 26 77 27 04 D3 ..F&w'.. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 21 mid = 13 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,186) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,186) wrote 186 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 FD EE 5C ........ .......\ > [020] C6 12 D3 62 4D 8E 91 F5 46 87 00 8D D3 00 00 00 ...bM... F....... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 21 mid = 13 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 21 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 21: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 92 F4 3D 9D 42 55 7C 65 ..=.BU|e >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 FD EE 5C ........ .......\ > [020] C6 12 D3 62 4D 8E 91 F5 46 87 00 8D D3 00 00 00 ...bM... F....... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 21 mid = 13 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 48 bytes. > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c65ceefd-d312-4d62-8e91-f54687008dd3 > result : NT_STATUS_OK > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c65ceefd-d312-4d62-8e91-f54687008dd3 > access_mask : 0x02000000 (33554432) > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 0: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-1576172290-2542936531-3051237126 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 004c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=91 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 > [020] 00 00 00 00 00 07 00 00 00 00 00 FD EE 5C C6 12 ........ .....\.. > [030] D3 62 4D 8E 91 F5 46 87 00 8D D3 00 00 00 02 04 .bM...F. ........ > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 02 ........ ........ > [050] 7B F2 5D D3 21 92 97 06 2F DE B5 {.].!... /.. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 22 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] D6 E5 2A 62 8A 4C E7 E7 ..*b.L.. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 23 mid = 14 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,162) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,162) wrote 162 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 6C A2 ........ .....Cl. > [020] A4 EF 11 D6 43 9E F4 91 CD 71 FC B4 63 00 00 00 ....C... .q..c... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 23 mid = 14 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 23 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 23: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 45 2A EF 7F 9A 6C 85 7C E*...l.| >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 6C A2 ........ .....Cl. > [020] A4 EF 11 D6 43 9E F4 91 CD 71 FC B4 63 00 00 00 ....C... .q..c... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 23 mid = 14 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 48 bytes. > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4a26c43-11ef-43d6-9ef4-91cd71fcb463 > result : NT_STATUS_OK >[2008/11/04 09:34:08, 10] libnet/libnet_join.c:libnet_join_joindomain_rpc(795) > Creating account with desired access mask: -536543056 > samr_CreateUser2: struct samr_CreateUser2 > in: struct samr_CreateUser2 > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4a26c43-11ef-43d6-9ef4-91cd71fcb463 > account_name : * > account_name: struct lsa_String > length : 0x0014 (20) > size : 0x0014 (20) > string : * > string : 'sr-home-1$' > acct_flags : 0x00000080 (128) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > access_mask : 0xe00500b0 (3758424240) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 1: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 005c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000044 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0032 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=174 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=107 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5C 00 00 00 08 00 00 00 44 .......\ .......D > [020] 00 00 00 00 00 32 00 00 00 00 00 43 6C A2 A4 EF .....2.. ...Cl... > [030] 11 D6 43 9E F4 91 CD 71 FC B4 63 14 00 14 00 00 ..C....q ..c..... > [040] 00 02 00 0A 00 00 00 00 00 00 00 0A 00 00 00 73 ........ .......s > [050] 00 72 00 2D 00 68 00 6F 00 6D 00 65 00 2D 00 31 .r.-.h.o .m.e.-.1 > [060] 00 24 00 80 00 00 00 B0 00 05 E0 .$...... ... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 24 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 37 09 91 81 36 99 BD C0 7...6... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 25 mid = 15 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,178) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,178) wrote 178 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 112 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 25 mid = 15 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 25 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 25: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 9C C0 98 10 C9 10 79 77 ......yw >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 25 mid = 15 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0038 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000020 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 56 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 64 bytes. > samr_CreateUser2: struct samr_CreateUser2 > out: struct samr_CreateUser2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > access_granted : * > access_granted : 0x00000000 (0) > rid : * > rid : 0x00000000 (0) > result : NT_STATUS_USER_EXISTS > samr_LookupNames: struct samr_LookupNames > in: struct samr_LookupNames > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4a26c43-11ef-43d6-9ef4-91cd71fcb463 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x0014 (20) > size : 0x0014 (20) > string : * > string : 'sr-home-1$' >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0064 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000004c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0011 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=182 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=115 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 64 00 00 00 09 00 00 00 4C .......d .......L > [020] 00 00 00 00 00 11 00 00 00 00 00 43 6C A2 A4 EF ........ ...Cl... > [030] 11 D6 43 9E F4 91 CD 71 FC B4 63 01 00 00 00 E8 ..C....q ..c..... > [040] 03 00 00 00 00 00 00 01 00 00 00 14 00 14 00 00 ........ ........ > [050] 00 02 00 0A 00 00 00 00 00 00 00 0A 00 00 00 73 ........ .......s > [060] 00 72 00 2D 00 68 00 6F 00 6D 00 65 00 2D 00 31 .r.-.h.o .m.e.-.1 > [070] 00 24 00 .$. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 26 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 5D 92 AA B0 AA 6C 88 FF ]....l.. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 27 mid = 16 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,186) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,186) wrote 186 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 116 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 69 04 00 00 01 00 00 00 04 00 02 .....i.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 27 mid = 16 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 27 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 27: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 33 E5 9F 38 6B D8 27 88 3..8k.'. >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 69 04 00 00 01 00 00 00 04 00 02 .....i.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 27 mid = 16 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000024 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 60 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 72 bytes. > samr_LookupNames: struct samr_LookupNames > out: struct samr_LookupNames > rids : * > rids: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00000469 (1129) > types : * > types: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00000001 (1) > result : NT_STATUS_OK > samr_OpenUser: struct samr_OpenUser > in: struct samr_OpenUser > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4a26c43-11ef-43d6-9ef4-91cd71fcb463 > access_mask : 0x02000000 (33554432) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 0: SAMR_USER_ACCESS_GET_ATTRIBUTES > 0: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 0: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > rid : 0x00000469 (1129) >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0034 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000001c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0022 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=67 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 0A 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 22 00 00 00 00 00 43 6C A2 A4 EF .....".. ...Cl... > [030] 11 D6 43 9E F4 91 CD 71 FC B4 63 00 00 00 02 69 ..C....q ..c....i > [040] 04 00 00 ... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 28 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 69 2C 2F E5 FD 92 BF B7 i,/..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 29 mid = 17 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,138) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,138) wrote 138 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 A6 F8 0E ........ ........ > [020] C7 0A 68 F4 49 98 93 2D 53 F8 9C 4B 9E 00 00 00 ..h.I..- S..K.... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 29 mid = 17 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 29 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 29: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] D6 5C 89 A6 CF AF 0C A0 .\...... >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 A6 F8 0E ........ ........ > [020] C7 0A 68 F4 49 98 93 2D 53 F8 9C 4B 9E 00 00 00 ..h.I..- S..K.... > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 29 mid = 17 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 48 bytes. > samr_OpenUser: struct samr_OpenUser > out: struct samr_OpenUser > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c70ef8a6-680a-49f4-9893-2d53f89c4b9e > result : NT_STATUS_OK > samr_SetUserInfo: struct samr_SetUserInfo > in: struct samr_SetUserInfo > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c70ef8a6-680a-49f4-9893-2d53f89c4b9e > level : 0x0019 (25) > info : * > info : union samr_UserInfo(case 25) > info25: struct samr_UserInfo25 > info: struct samr_UserInfo21 > last_logon : NTTIME(0) > last_logoff : NTTIME(0) > last_password_change : NTTIME(0) > acct_expiry : NTTIME(0) > allow_password_change : NTTIME(0) > force_password_change : NTTIME(0) > account_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > description: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > workstations: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > comment: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > parameters: struct lsa_BinaryString > length : 0x0000 (0) > size : 0x0000 (0) > array : NULL > unknown1: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > unknown2: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > unknown3: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > buf_count : 0x00000000 (0) > buffer : NULL > rid : 0x00000000 (0) > primary_gid : 0x00000000 (0) > acct_flags : 0x00000280 (640) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 1: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > fields_present : 0x03100000 (51380224) > 0: SAMR_FIELD_ACCOUNT_NAME > 0: SAMR_FIELD_FULL_NAME > 0: SAMR_FIELD_RID > 0: SAMR_FIELD_PRIMARY_GID > 0: SAMR_FIELD_DESCRIPTION > 0: SAMR_FIELD_COMMENT > 0: SAMR_FIELD_HOME_DIRECTORY > 0: SAMR_FIELD_HOME_DRIVE > 0: SAMR_FIELD_LOGON_SCRIPT > 0: SAMR_FIELD_PROFILE_PATH > 0: SAMR_FIELD_WORKSTATIONS > 0: SAMR_FIELD_LAST_LOGON > 0: SAMR_FIELD_LAST_LOGOFF > 0: SAMR_FIELD_LOGON_HOURS > 0: SAMR_FIELD_BAD_PWD_COUNT > 0: SAMR_FIELD_NUM_LOGONS > 0: SAMR_FIELD_ALLOW_PWD_CHANGE > 0: SAMR_FIELD_FORCE_PWD_CHANGE > 0: SAMR_FIELD_LAST_PWD_CHANGE > 0: SAMR_FIELD_ACCT_EXPIRY > 1: SAMR_FIELD_ACCT_FLAGS > 0: SAMR_FIELD_PARAMETERS > 0: SAMR_FIELD_COUNTRY_CODE > 0: SAMR_FIELD_CODE_PAGE > 1: SAMR_FIELD_PASSWORD > 1: SAMR_FIELD_PASSWORD2 > 0: SAMR_FIELD_PRIVATE_DATA > 0: SAMR_FIELD_EXPIRED_FLAG > 0: SAMR_FIELD_SEC_DESC > 0: SAMR_FIELD_OWF_PWD > logon_hours: struct samr_LogonHours > units_per_week : 0x0000 (0) > bits : NULL > bad_password_count : 0x0000 (0) > logon_count : 0x0000 (0) > country_code : 0x0000 (0) > code_page : 0x0000 (0) > nt_password_set : 0x00 (0) > lm_password_set : 0x00 (0) > password_expired : 0x00 (0) > unknown4 : 0x00 (0) > password: struct samr_CryptPasswordEx > data : 9433be1c7d186fae03f976abceebe1fc5d34112a28eb658118bdf8de8987ddeea64a962b02dcf5764728bba00df4aeb2d793ac70767f90cd9d011887f5975461b2628220377b254c7fe234e5aa7942ac41285a872ed3119922c7a32f4c453b0c8a1ef54c1e11954956f32986aae87aa2b9844951d5febd6193d442bd673b3211261c2d2086c74f7574fbea69215a2b5d953bf2f9d41451bbe416dbf2cf7e3998725363c267c4f9d278ba9d17cac51cd7f8ab3865d57710c82f5839da138a3d9bb4197a47acdab100553c099cfa0bc075e64e3ccd9d70b2ae11be74a40db5046b77c5d6edbedcbfd26789887ae9116189d7fa84876683033937fa384429e096b7aeae9ec98f60db30a2a2ccce49be562d2b3f86957c9b58fa3221537ff2140768750411a8dd85ab13db19e69e21fadd917f2e83a7fe9f8e69137641890032cb5a80f4dac4a59c14a747dfd8276ab960ff532890fc5a002b69de017dbbf24ba37785492471409bb84d295fc8a49e945bcbc194a83a2143215f915a8314de089b140ddbf1e0cd761042f907450c66485f5f128e6958f719e16b3bd26ba7ac3f590b2af0f5eef844d6b8af91c7918d00d34136abdded2b1337d29f4e4b3e4a6e4581a59f74555137de4c6d33803ddc2ba4e92d66ea63ad0b8a85cd62125ec0fc0e47f46dadc2bd +> > be6340f489d1e23552728a1d7325eb7cb5c604b3770a925a2854d6394e135bbf2d2a230840e9966bdbb0bc775a8056 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0308 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 000002f0 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0025 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=858 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 776 (0x308) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 776 (0x308) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=791 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 08 03 00 00 0B 00 00 00 F0 ........ ........ > [020] 02 00 00 00 00 25 00 00 00 00 00 A6 F8 0E C7 0A .....%.. ........ > [030] 68 F4 49 98 93 2D 53 F8 9C 4B 9E 19 00 19 00 00 h.I..-S. .K...... > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E0] 00 00 00 00 00 00 00 80 02 00 00 00 00 10 03 00 ........ ........ > [0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [100] 00 00 00 94 33 BE 1C 7D 18 6F AE 03 F9 76 AB CE ....3..} .o...v.. > [110] EB E1 FC 5D 34 11 2A 28 EB 65 81 18 BD F8 DE 89 ...]4.*( .e...... > [120] 87 DD EE A6 4A 96 2B 02 DC F5 76 47 28 BB A0 0D ....J.+. ..vG(... > [130] F4 AE B2 D7 93 AC 70 76 7F 90 CD 9D 01 18 87 F5 ......pv ........ > [140] 97 54 61 B2 62 82 20 37 7B 25 4C 7F E2 34 E5 AA .Ta.b. 7 {%L..4.. > [150] 79 42 AC 41 28 5A 87 2E D3 11 99 22 C7 A3 2F 4C yB.A(Z.. ..."../L > [160] 45 3B 0C 8A 1E F5 4C 1E 11 95 49 56 F3 29 86 AA E;....L. ..IV.).. > [170] E8 7A A2 B9 84 49 51 D5 FE BD 61 93 D4 42 BD 67 .z...IQ. ..a..B.g > [180] 3B 32 11 26 1C 2D 20 86 C7 4F 75 74 FB EA 69 21 ;2.&.- . .Out..i! > [190] 5A 2B 5D 95 3B F2 F9 D4 14 51 BB E4 16 DB F2 CF Z+].;... .Q...... > [1A0] 7E 39 98 72 53 63 C2 67 C4 F9 D2 78 BA 9D 17 CA ~9.rSc.g ...x.... > [1B0] C5 1C D7 F8 AB 38 65 D5 77 10 C8 2F 58 39 DA 13 .....8e. w../X9.. > [1C0] 8A 3D 9B B4 19 7A 47 AC DA B1 00 55 3C 09 9C FA .=...zG. ...U<... > [1D0] 0B C0 75 E6 4E 3C CD 9D 70 B2 AE 11 BE 74 A4 0D ..u.N<.. p....t.. > [1E0] B5 04 6B 77 C5 D6 ED BE DC BF D2 67 89 88 7A E9 ..kw.... ...g..z. > [1F0] 11 61 89 D7 FA 84 87 66 83 03 39 37 FA 38 44 29 .a.....f ..97.8D) >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 30 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 10 B1 42 7D 7E B6 93 31 ..B}~..1 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 31 mid = 18 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,862) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,862) wrote 862 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 84 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 31 mid = 18 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 31 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 31: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] A1 6F D3 DB 43 CF 9E D1 .o..C... >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 31 mid = 18 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 001c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000004 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 8 bytes. > samr_SetUserInfo: struct samr_SetUserInfo > out: struct samr_SetUserInfo > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c65ceefd-d312-4d62-8e91-f54687008dd3 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0001 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=59 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0C 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 FD EE 5C C6 12 ........ .....\.. > [030] D3 62 4D 8E 91 F5 46 87 00 8D D3 .bM...F. ... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 32 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 4A FE FA 37 47 60 AF 66 J..7G`.f >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 33 mid = 19 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,130) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,130) wrote 130 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 33 mid = 19 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 33 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 33: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] F3 3C 15 1A 9B 72 85 46 .<...r.F >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 33 mid = 19 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 48 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4a26c43-11ef-43d6-9ef4-91cd71fcb463 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0001 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=59 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 43 6C A2 A4 EF ........ ...Cl... > [030] 11 D6 43 9E F4 91 CD 71 FC B4 63 ..C....q ..c >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 34 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] DE 5B 9F F9 23 6B 3C 02 .[..#k<. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 35 mid = 20 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,130) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,130) wrote 130 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 35 mid = 20 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 35 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 35: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 60 85 3E 91 91 14 79 78 `.>...yx >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 35 mid = 20 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 48 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c70ef8a6-680a-49f4-9893-2d53f89c4b9e >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0001 >[2008/11/04 09:34:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=21 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16393 (0x4009) > smb_bcc=59 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0E 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 A6 F8 0E C7 0A ........ ........ > [030] 68 F4 49 98 93 2D 53 F8 9C 4B 9E h.I..-S. .K. >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 36 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 62 3A DF D4 F0 3B 3F 2A b:...;?* >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 37 mid = 21 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,130) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,130) wrote 130 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=21 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0E 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 37 mid = 21 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 37 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 37: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 F1 97 D2 EC EE D2 43 .......C >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=21 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0E 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 37 mid = 21 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/11/04 09:34:08, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/11/04 09:34:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4009 returned 48 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 38 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 9C B5 1F 04 CE 2B CF 34 .....+.4 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 39 mid = 22 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,45) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,45) wrote 45 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=22 > smt_wct=0 > smb_bcc=0 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 39 mid = 22 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 39 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 39: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] C6 7B EA F6 04 E3 6C 63 .{....lc >[2008/11/04 09:34:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \samr to machine sr-dc-1.verlag.vn.idowa.de >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 534543524554532F5349 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0x555555b47c50 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 534543524554532F5349 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 534543524554532F4D41 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0x555555b21160 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 534543524554532F4D41 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 534543524554532F4D41 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0x555555b179b0 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 534543524554532F4D41 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) > Locking key 534543524554532F4D41 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) > Allocated locked data 0x0x555555b21160 >[2008/11/04 09:34:08, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) > Unlocking key 534543524554532F4D41 >[2008/11/04 09:34:08, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to sr-dc-1.verlag.vn.idowa.de (realm: verlag.vn.idowa.de) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000011fd (4605) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : ebfa812f-b22e-41ac-8ab9-372fdb238e11 > forest : 'verlag.vn.idowa.de' > dns_domain : 'verlag.vn.idowa.de' > pdc_dns_name : 'sr-dc-1.verlag.vn.idowa.de' > domain : 'VERLAG' > pdc_name : 'SR-DC-1' > user_name : '' > server_site : 'Straubing' > client_site : 'Straubing' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/11/04 09:34:08, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [VERLAG], sitename = [Straubing], expire = [4294967295] >[2008/11/04 09:34:08, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/VERLAG; value = Straubing and timeout = (null) (-1225787649 seconds ahead) >[2008/11/04 09:34:08, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [verlag.vn.idowa.de], sitename = [Straubing], expire = [4294967295] >[2008/11/04 09:34:08, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/VERLAG.VN.IDOWA.DE; value = Straubing and timeout = (null) (-1225787649 seconds ahead) >[2008/11/04 09:34:08, 3] libads/ldap.c:ads_connect(430) > Successfully contacted LDAP server 192.168.1.82 >[2008/11/04 09:34:08, 10] libads/ldap.c:ldap_open_with_timeout(62) > Opening connection to LDAP server 'sr-dc-1.verlag.vn.idowa.de:389', timeout 15 seconds >[2008/11/04 09:34:08, 10] libads/ldap.c:ldap_open_with_timeout(76) > Connected to LDAP server 'sr-dc-1.verlag.vn.idowa.de:389' >[2008/11/04 09:34:08, 3] libads/ldap.c:ads_connect(480) > Connected to LDAP server sr-dc-1.verlag.vn.idowa.de >[2008/11/04 09:34:08, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/11/04 09:34:08, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [VERLAG], server = [192.168.1.82], expire = [1225788548] >[2008/11/04 09:34:08, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/VERLAG; value = 192.168.1.82 and timeout = Tue Nov 4 09:49:08 2008 > (900 seconds ahead) >[2008/11/04 09:34:08, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [verlag.vn.idowa.de], server = [192.168.1.82], expire = [1225788548] >[2008/11/04 09:34:08, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/VERLAG.VN.IDOWA.DE; value = 192.168.1.82 and timeout = Tue Nov 4 09:49:08 2008 > (900 seconds ahead) >[2008/11/04 09:34:08, 4] libads/ldap.c:ads_current_time(2607) > time offset is -14 seconds >[2008/11/04 09:34:08, 4] libads/sasl.c:ads_sasl_bind(1112) > Found SASL mechanism GSS-SPNEGO >[2008/11/04 09:34:08, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >[2008/11/04 09:34:08, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >[2008/11/04 09:34:08, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >[2008/11/04 09:34:08, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >[2008/11/04 09:34:08, 3] libads/sasl.c:ads_sasl_spnego_bind(789) > ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore >[2008/11/04 09:34:08, 3] libsmb/clikrb5.c:ads_krb5_mk_req(671) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2008/11/04 09:34:08, 10] libads/sasl.c:ads_sasl_spnego_bind(810) > ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >[2008/11/04 09:34:08, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) > kerberos_kinit_password: as Administrator@VERLAG.VN.IDOWA.DE using [MEMORY:net_ads] as ccache and config [(null)] >[2008/11/04 09:34:08, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 04 Nov 2008 19:33:55 CET >[2008/11/04 09:34:08, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) > ads_krb5_mk_req: Ticket (ldap/sr-dc-1.verlag.vn.idowa.de@VERLAG.VN.IDOWA.DE) in ccache (MEMORY:net_ads) is valid until: (Tue, 04 Nov 2008 19:33:55 CET - 1225823635) >[2008/11/04 09:34:08, 3] libsmb/clikrb5.c:ads_krb5_mk_req(713) > ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >[2008/11/04 09:34:08, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) > Got KRB5 session key of length 16 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 40 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] BD 3C 91 3D 0C 95 B7 80 .<.=.... >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 41 mid = 23 >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,39) >[2008/11/04 09:34:08, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,39) wrote 39 >[2008/11/04 09:34:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(642) >[2008/11/04 09:34:08, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=4097 > smb_pid=11179 > smb_uid=6144 > smb_mid=23 > smt_wct=0 > smb_bcc=0 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 41 mid = 23 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 41 >[2008/11/04 09:34:08, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 41: got good SMB signature of >[2008/11/04 09:34:08, 10] lib/util.c:dump_data(2223) > [000] 01 60 08 A3 E8 A3 34 86 .`....4. >[2008/11/04 09:34:08, 1] libnet/libnet_join.c:libnet_Join(1801) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'VERLAG' > dns_domain_name : 'verlag.vn.idowa.de' > dn : NULL > domain_sid : * > domain_sid : S-1-5-21-1576172290-2542936531-3051237126 > modified_config : 0x00 (0) > error_string : 'failed to set machine spn: Can't contact LDAP server' > domain_is_ad : 0x01 (1) > result : WERR_GENERAL_FAILURE >[2008/11/04 09:34:08, 10] intl/lang_tdb.c:lang_tdb_init(138) > lang_tdb_init: /usr/lib64/samba/POSIX.msg: No such file or directory >Failed to join domain: failed to set machine spn: Can't contact LDAP server >[2008/11/04 09:34:08, 2] utils/net.c:main(1172) > return code = -1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 5870
: 3708 |
3712