The Samba-Bugzilla – Attachment 3797 Details for
Bug 5955
Windbind becomes unresponsive when load on winbind is high
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
log.wb-AHUS
log.wb-AHUS (text/plain), 454.48 KB, created by
Erik Sørnes
on 2008-12-09 09:32:46 UTC
(
hide
)
Description:
log.wb-AHUS
Filename:
MIME Type:
Creator:
Erik Sørnes
Created:
2008-12-09 09:32:46 UTC
Size:
454.48 KB
patch
obsolete
>[2008/12/09 16:14:17, 10] lib/events.c:get_timed_events_timeout(318) > timed_events_timeout: 4/990901 >[2008/12/09 16:14:17, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 47 >[2008/12/09 16:14:17, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn INIT_CONNECTION >[2008/12/09 16:14:17, 8] winbindd/winbindd_cm.c:connection_ok(1563) > connection_ok: Connection to for domain AHUS has NULL cli! >[2008/12/09 16:14:17, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS, value = bredde.ahus.no, timeout = Tue Dec 9 16:26:37 2008 >[2008/12/09 16:14:17, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "AHUS" domain >[2008/12/09 16:14:17, 10] winbindd/winbindd_cm.c:cm_open_connection(1398) > cm_open_connection: saf_servername is 'bredde.ahus.no' for domain AHUS >[2008/12/09 16:14:17, 10] winbindd/winbindd_cm.c:cm_open_connection(1430) > cm_open_connection: dcname is 'bredde.ahus.no' for domain AHUS >[2008/12/09 16:14:17, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:17, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:14:17, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:14:17, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 >[2008/12/09 16:14:17, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2008/12/09 16:14:17, 10] winbindd/winbindd_cm.c:cm_prepare_connection(753) > cm_prepare_connection: connecting to DC bredde.ahus.no for domain AHUS >[2008/12/09 16:14:17, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,194) >[2008/12/09 16:14:17, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,194) wrote 194 >[2008/12/09 16:14:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 172 >[2008/12/09 16:14:17, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:17, 5] lib/util.c:show_msg(652) > size=172 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=4113 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=47232 (0xB880) > smb_vwv[12]=57908 (0xE234) > smb_vwv[13]= 4346 (0x10FA) > smb_vwv[14]=51546 (0xC95A) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=103 >[2008/12/09 16:14:17, 10] lib/util.c:dump_data(2223) > [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. > [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ > [060] 41 48 55 53 2E 4E 4F AHUS.NO >[2008/12/09 16:14:17, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:17, 5] lib/util.c:show_msg(652) > size=172 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=4113 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=47232 (0xB880) > smb_vwv[12]=57908 (0xE234) > smb_vwv[13]= 4346 (0x10FA) > smb_vwv[14]=51546 (0xC95A) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=103 >[2008/12/09 16:14:17, 10] lib/util.c:dump_data(2223) > [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. > [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ > [060] 41 48 55 53 2E 4E 4F AHUS.NO >[2008/12/09 16:14:17, 5] winbindd/winbindd_cm.c:cm_prepare_connection(831) > connecting to bredde.ahus.no from LORDVADER with kerberos principal [LORDVADER$@AHUS.NO] and realm [AHUS.NO] >[2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) > Doing spnego session setup (blob length=103) >[2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 48018 1 2 2 >[2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 113554 1 2 2 >[2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 113554 1 2 2 3 >[2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 3 6 1 4 1 311 2 2 10 >[2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) > got principal=bredde$@AHUS.NO >[2008/12/09 16:14:17, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) > kerberos_kinit_password: as LORDVADER$@AHUS.NO using [MEMORY:cliconnect] as ccache and config [(null)] >[2008/12/09 16:14:18, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) > Doing kerberos session setup >[2008/12/09 16:14:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Wed, 10 Dec 2008 02:14:17 CET >[2008/12/09 16:14:18, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) > ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:cliconnect) is valid until: (Wed, 10 Dec 2008 02:14:17 CET - 1228871657) >[2008/12/09 16:14:18, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) > Got KRB5 session key of length 16 >[2008/12/09 16:14:18, 5] libsmb/smb_signing.c:set_smb_signing_real_common(140) > Mandatory SMB signing enabled! >[2008/12/09 16:14:18, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) > SMB signing enabled! >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) > cli_simple_set_signing: user_session_key >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 8D 20 7F 6F 62 A1 6D 70 0F 13 D8 93 DA DE B3 35 . .ob.mp .......5 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) > cli_simple_set_signing: NULL response_data >[2008/12/09 16:14:18, 10] libsmb/cliconnect.c:cli_session_setup_blob(578) > cli_session_setup_blob: Remaining (0) sending (1138) current (1138) >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 60 A1 C0 50 FC 35 65 29 `..P.5e) >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 1 mid = 2 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,1224) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,1224) wrote 1224 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 197 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=197 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=4113 > smb_uid=30721 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 197 (0xC5) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 26 (0x1A) > smb_bcc=154 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H > [010] 82 F7 12 01 02 02 A2 02 04 00 3D 57 00 69 00 6E ........ ..=W.i.n > [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n > [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 1 mid = 2 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 1 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 1: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 3A 99 FE EF 13 B7 AE F2 :....... >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=197 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=4113 > smb_uid=30721 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 197 (0xC5) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 26 (0x1A) > smb_bcc=154 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H > [010] 82 F7 12 01 02 02 A2 02 04 00 3D 57 00 69 00 6E ........ ..=W.i.n > [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n > [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >[2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_init_creds(429) > cli_init_creds: user LORDVADER$ domain AHUS >[2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [AHUS], server = [bredde.ahus.no], expire = [1228836558] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS; value = bredde.ahus.no and timeout = Tue Dec 9 16:29:18 2008 > (900 seconds ahead) >[2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [AHUS.NO], server = [bredde.ahus.no], expire = [1228836558] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = bredde.ahus.no and timeout = Tue Dec 9 16:29:18 2008 > (900 seconds ahead) >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 2 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] F3 43 77 42 C4 CF 27 BA .CwB..'. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 3 mid = 3 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,96) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,96) wrote 96 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 56 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=3 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 49 50 43 00 00 00 00 IPC.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 3 mid = 3 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 3 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 3: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 41 4F 65 27 D2 DB 62 23 AOe'..b# >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2859) > set_global_winbindd_state_online: online requested. >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2862) > set_global_winbindd_state_online: rejecting. >[2008/12/09 16:14:18, 10] winbindd/winbindd_cm.c:set_domain_online(385) > set_domain_online: called for domain AHUS >[2008/12/09 16:14:18, 10] lib/events.c:timed_event_destructor(65) > Destroying timed event 84cf3c8 "check_domain_online_handler" >[2008/12/09 16:14:18, 10] winbindd/winbindd_cm.c:set_dc_type_and_flags(1917) > set_dc_type_and_flags: setting up flags for primary domain >[2008/12/09 16:14:18, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1765) > set_dc_type_and_flags_connect: domain AHUS >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 4 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 6A 2B B6 D8 19 71 18 C7 j+...q.. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 5 mid = 4 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,104) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,104) wrote 104 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1792 (0x700) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 5 mid = 4 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 5 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 5: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] DE DC A9 A5 76 F5 3D 14 ....v.=. >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[c007]: \lsarpc auth_type 0, auth_level 0 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... > [010] 00 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 3919286a >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : b10c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11d0 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9b a8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 00 c0 4f d9 2e f5 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49159 (0xC007) > smb_bcc=87 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 6 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] DC EF B1 1D 74 3C 1F 9D ....t<.. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 7 mid = 5 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,158) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,158) wrote 158 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 124 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 B7 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 AC 1C 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 5 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 7 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 7: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] F2 70 64 A7 C5 05 37 5F .pd...7_ >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 B7 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 AC 1C 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 5 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 returned 68 bytes. >[2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 bind request returned ok. >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261b7 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine bredde.ahus.no and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 001a >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000002 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49159 (0xC007) > smb_bcc=41 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 8 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 39 2A B1 6B 3B 98 93 FF 9*.k;... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 9 mid = 6 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,112) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,112) wrote 112 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 208 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=208 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 152 (0x98) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 152 (0x98) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=153 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 1A 05 00 02 03 10 00 00 00 98 00 00 00 02 00 00 ........ ........ > [010] 00 80 00 00 00 00 00 00 00 00 00 02 00 01 00 45 ........ .......E > [020] 5C 04 00 00 00 01 00 00 01 04 00 02 00 08 00 02 \....... ........ > [030] 00 0C 00 02 00 2D F9 6D D3 8A 62 5E 43 BE DE 27 .....-.m ..b^C..' > [040] CB 29 AA CD A1 05 00 00 00 00 00 00 00 05 00 00 .)...... ........ > [050] 00 41 00 48 00 55 00 53 00 00 00 C3 4F 08 00 00 .A.H.U.S ....O... > [060] 00 00 00 00 00 08 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s > [070] 00 2E 00 6E 00 6F 00 00 00 08 00 00 00 00 00 00 ...n.o.. ........ > [080] 00 08 00 00 00 61 00 68 00 75 00 73 00 2E 00 6E .....a.h .u.s...n > [090] 00 6F 00 00 00 00 00 00 00 .o...... . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 6 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 9 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 9: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 7F 15 5E 8A 1A C5 7F 1E ..^..... >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=208 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 152 (0x98) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 152 (0x98) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=153 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 1A 05 00 02 03 10 00 00 00 98 00 00 00 02 00 00 ........ ........ > [010] 00 80 00 00 00 00 00 00 00 00 00 02 00 01 00 45 ........ .......E > [020] 5C 04 00 00 00 01 00 00 01 04 00 02 00 08 00 02 \....... ........ > [030] 00 0C 00 02 00 2D F9 6D D3 8A 62 5E 43 BE DE 27 .....-.m ..b^C..' > [040] CB 29 AA CD A1 05 00 00 00 00 00 00 00 05 00 00 .)...... ........ > [050] 00 41 00 48 00 55 00 53 00 00 00 C3 4F 08 00 00 .A.H.U.S ....O... > [060] 00 00 00 00 00 08 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s > [070] 00 2E 00 6E 00 6F 00 00 00 08 00 00 00 00 00 00 ...n.o.. ........ > [080] 00 08 00 00 00 61 00 68 00 75 00 73 00 2E 00 6E .....a.h .u.s...n > [090] 00 6F 00 00 00 00 00 00 00 .o...... . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 6 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0098 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000080 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 152, data_len 128, ss_len 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 152 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 returned 256 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_BACKUP_DC (4) > flags : 0x01000001 (16777217) > 1: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'AHUS' > dns_domain : * > dns_domain : 'ahus.no' > forest : * > forest : 'ahus.no' > domain_guid : d36df92d-628a-435e-bede-27cb29aacda1 > result : WERR_OK >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 10 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 77 09 12 8C 09 0A 83 F3 w....... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 11 mid = 7 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,45) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,45) wrote 45 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=7 > smt_wct=0 > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 7 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 11 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 11: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 45 2D 61 A3 28 C7 D2 FD E-a.(... >[2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \lsarpc to machine bredde.ahus.no >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 12 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 65 56 28 DA 40 45 CD 2A eV(.@E.* >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 13 mid = 8 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,104) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,104) wrote 104 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=8 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2048 (0x800) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 8 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 13 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 13: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 50 12 43 26 B9 9E F5 70 P.C&...p >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[c008]: \lsarpc auth_type 0, auth_level 0 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49160 (0xC008) > smb_bcc=87 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 14 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] B0 E5 14 DA 73 0B 2A A2 ....s.*. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 15 mid = 9 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,158) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,158) wrote 158 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 124 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... > [010] 00 B8 10 B8 10 B8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 9 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 15 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 15: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 07 04 CA BD 28 CD 9F 3A ....(..: >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... > [010] 00 B8 10 B8 10 B8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 returned 68 bytes. >[2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 bind request returned ok. >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261b8 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine bredde.ahus.no and bound anonymously. >[2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000038 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002c >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49160 (0xC008) > smb_bcc=95 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 38 .......P .......8 > [020] 00 00 00 00 00 2C 00 00 00 02 00 01 00 00 00 00 .....,.. ........ > [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ > [050] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 16 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] B0 B3 F4 70 9F 4C 04 3E ...p.L.> >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 17 mid = 10 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,166) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,166) wrote 166 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 104 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 9E F8 AB ........ ........ > [020] 04 8D 5C 79 4F B9 D1 60 09 76 B6 B0 C2 00 00 00 ..\yO..` .v...... > [030] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 17 mid = 10 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 17 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 17: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] DF 35 A8 00 0F F3 1A 5F .5....._ >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 9E F8 AB ........ ........ > [020] 04 8D 5C 79 4F B9 D1 60 09 76 B6 B0 C2 00 00 00 ..\yO..` .v...... > [030] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 17 mid = 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 returned 48 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 04abf89e-5c8d-4f79-b9d1-600976b6b0c2 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 04abf89e-5c8d-4f79-b9d1-600976b6b0c2 > level : LSA_POLICY_INFO_DNS (12) >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002e >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49160 (0xC008) > smb_bcc=61 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 9E F8 AB 04 8D ........ ........ > [030] 5C 79 4F B9 D1 60 09 76 B6 B0 C2 0C 00 \yO..`.v ..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 18 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 4F 54 44 67 D5 DC 85 D9 OTDg.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 19 mid = 11 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,132) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,132) wrote 132 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 240 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 184 (0xB8) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=185 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 2E 05 00 02 03 10 00 00 00 B8 00 00 00 05 00 00 ........ ........ > [010] 00 A0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ > [020] 00 08 00 0A 00 04 00 02 00 0E 00 10 00 08 00 02 ........ ........ > [030] 00 0E 00 10 00 0C 00 02 00 2D F9 6D D3 8A 62 5E ........ .-.m..b^ > [040] 43 BE DE 27 CB 29 AA CD A1 10 00 02 00 05 00 00 C..'.).. ........ > [050] 00 00 00 00 00 04 00 00 00 41 00 48 00 55 00 53 ........ .A.H.U.S > [060] 00 08 00 00 00 00 00 00 00 07 00 00 00 61 00 68 ........ .....a.h > [070] 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 08 00 00 .u.s...n .o...... > [080] 00 00 00 00 00 07 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s > [090] 00 2E 00 6E 00 6F 00 00 00 04 00 00 00 01 04 00 ...n.o.. ........ > [0A0] 00 00 00 00 05 15 00 00 00 A6 5F B8 2F A0 A6 2D ........ .._./..- > [0B0] 48 17 EF 24 40 00 00 00 00 H..$@... . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 11 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 19 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 19: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 13 2A 74 6E 42 D8 9E 7B .*tnB..{ >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 184 (0xB8) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=185 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 2E 05 00 02 03 10 00 00 00 B8 00 00 00 05 00 00 ........ ........ > [010] 00 A0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ > [020] 00 08 00 0A 00 04 00 02 00 0E 00 10 00 08 00 02 ........ ........ > [030] 00 0E 00 10 00 0C 00 02 00 2D F9 6D D3 8A 62 5E ........ .-.m..b^ > [040] 43 BE DE 27 CB 29 AA CD A1 10 00 02 00 05 00 00 C..'.).. ........ > [050] 00 00 00 00 00 04 00 00 00 41 00 48 00 55 00 53 ........ .A.H.U.S > [060] 00 08 00 00 00 00 00 00 00 07 00 00 00 61 00 68 ........ .....a.h > [070] 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 08 00 00 .u.s...n .o...... > [080] 00 00 00 00 00 07 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s > [090] 00 2E 00 6E 00 6F 00 00 00 04 00 00 00 01 04 00 ...n.o.. ........ > [0A0] 00 00 00 00 05 15 00 00 00 A6 5F B8 2F A0 A6 2D ........ .._./..- > [0B0] 48 17 EF 24 40 00 00 00 00 H..$@... . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 11 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 000000a0 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 184, data_len 160, ss_len 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 184 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 returned 320 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x0008 (8) > size : 0x000a (10) > string : * > string : 'AHUS' > dns_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'ahus.no' > dns_forest: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'ahus.no' > domain_guid : d36df92d-628a-435e-bede-27cb29aacda1 > sid : * > sid : S-1-5-21-800612262-1210951328-1076162327 > result : NT_STATUS_OK >[2008/12/09 16:14:18, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1895) > set_dc_type_and_flags_connect: domain AHUS is in native mode. >[2008/12/09 16:14:18, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1898) > set_dc_type_and_flags_connect: domain AHUS is running active directory. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 20 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 91 F6 4A 2A 73 F3 80 73 ..J*s..s >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 21 mid = 12 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,45) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,45) wrote 45 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=12 > smt_wct=0 > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 21 mid = 12 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 21 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 21: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] A2 35 14 23 96 C9 21 A2 .5.#..!. >[2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \lsarpc to machine bredde.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 47 >[2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn INIT_CONNECTION >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 19 >[2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LIST_TRUSTDOM >[2008/12/09 16:14:18, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) > [ 4112]: list trusted domains >[2008/12/09 16:14:18, 5] winbindd/winbindd_cache.c:get_cache(178) > get_cache: Setting ADS methods for domain AHUS >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(405) > fetch_cache_seqnum: invalid data size key [SEQNUM/AHUS] >[2008/12/09 16:14:18, 3] winbindd/winbindd_ads.c:sequence_number(1120) > ads: fetch sequence_number for AHUS >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:ads_cached_connection(45) > ads_cached_connection >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:14:18, 4] libsmb/namequery_dc.c:ads_dc_name(73) > ads_dc_name: domain=AHUS >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:14:18, 6] libads/ldap.c:ads_find_dc(318) > ads_find_dc: looking for realm 'ahus.no' >[2008/12/09 16:14:18, 8] libsmb/namequery.c:get_sorted_dc_list(2093) > get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 >[2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:14:18, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000001bc (444) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 0: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 > forest : 'ahus.no' > dns_domain : 'ahus.no' > pdc_dns_name : 'bredde.ahus.no' > domain : 'AHUS' > pdc_name : 'BREDDE' > user_name : '' > server_site : 'SIAADM' > client_site : 'SIAADM' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647989 seconds ahead) >[2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647989 seconds ahead) >[2008/12/09 16:14:18, 3] libads/ldap.c:ads_connect(430) > Successfully contacted LDAP server 10.132.16.21 >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:14:18, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/12/09 16:14:18, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(871) > create_local_private_krb5_conf_for_domain: fname = /var/lock/samba/smb_krb5/krb5.conf.AHUS, realm = ahus.no, domain = AHUS >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 >[2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 >[2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename (null)) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:14:18, 10] libads/kerberos.c:get_kdc_ip_string(820) > get_kdc_ip_string: Returning kdc = 10.132.16.21 > >[2008/12/09 16:14:18, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(946) > create_local_private_krb5_conf_for_domain: wrote file /var/lock/samba/smb_krb5/krb5.conf.AHUS with realm AHUS.NO KDC list = kdc = 10.132.16.21 > >[2008/12/09 16:14:18, 4] libsmb/namequery_dc.c:ads_dc_name(143) > ads_dc_name: using server='BREDDE.AHUS.NO' IP=10.132.16.21 >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:14:18, 6] libads/ldap.c:ads_find_dc(318) > ads_find_dc: looking for realm 'ahus.no' >[2008/12/09 16:14:18, 8] libsmb/namequery.c:get_sorted_dc_list(2093) > get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 >[2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 >[2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:14:18, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000001bc (444) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 0: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 > forest : 'ahus.no' > dns_domain : 'ahus.no' > pdc_dns_name : 'bredde.ahus.no' > domain : 'AHUS' > pdc_name : 'BREDDE' > user_name : '' > server_site : 'SIAADM' > client_site : 'SIAADM' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647989 seconds ahead) >[2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647989 seconds ahead) >[2008/12/09 16:14:18, 3] libads/ldap.c:ads_connect(430) > Successfully contacted LDAP server 10.132.16.21 >[2008/12/09 16:14:18, 10] libads/ldap.c:ldap_open_with_timeout(62) > Opening connection to LDAP server 'bredde.ahus.no:389', timeout 15 seconds >[2008/12/09 16:14:18, 10] libads/ldap.c:ldap_open_with_timeout(76) > Connected to LDAP server 'bredde.ahus.no:389' >[2008/12/09 16:14:18, 3] libads/ldap.c:ads_connect(480) > Connected to LDAP server bredde.ahus.no >[2008/12/09 16:14:18, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [AHUS], server = [10.132.16.21], expire = [1228836558] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS; value = 10.132.16.21 and timeout = Tue Dec 9 16:29:18 2008 > (900 seconds ahead) >[2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [ahus.no], server = [10.132.16.21], expire = [1228836558] >[2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = 10.132.16.21 and timeout = Tue Dec 9 16:29:18 2008 > (900 seconds ahead) >[2008/12/09 16:14:18, 4] libads/ldap.c:ads_current_time(2607) > time offset is 75 seconds >[2008/12/09 16:14:18, 4] libads/sasl.c:ads_sasl_bind(1112) > Found SASL mechanism GSS-SPNEGO >[2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >[2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >[2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >[2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >[2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(789) > ads_sasl_spnego_bind: got server principal name = bredde$@AHUS.NO >[2008/12/09 16:14:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(671) > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) >[2008/12/09 16:14:18, 10] libads/sasl.c:ads_sasl_spnego_bind(810) > ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit >[2008/12/09 16:14:18, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) > kerberos_kinit_password: as LORDVADER$@AHUS.NO using [MEMORY:winbind_ccache] as ccache and config [/var/lock/samba/smb_krb5/krb5.conf.AHUS] >[2008/12/09 16:14:18, 4] libsmb/clikrb5.c:ads_krb5_mk_req(688) > ads_krb5_mk_req: Advancing clock by 75 seconds to cope with clock skew >[2008/12/09 16:14:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Wed, 10 Dec 2008 02:15:33 CET >[2008/12/09 16:14:18, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) > ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:winbind_ccache) is valid until: (Wed, 10 Dec 2008 02:15:33 CET - 1228871733) >[2008/12/09 16:14:18, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) > Got KRB5 session key of length 16 >[2008/12/09 16:14:18, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) > Search for (objectclass=*) in <> gave 1 replies >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:store_cache_seqnum(456) > store_cache_seqnum: success [AHUS][42827549 @ 1228835658] >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:trusted_domains(2106) > trusted_domains: [Cached] - doing backend query for info for domain AHUS >[2008/12/09 16:14:18, 3] winbindd/winbindd_ads.c:trusted_domains(1171) > ads: trusted_domains >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 22 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 0B 57 7C 56 5F 5D 2C B7 .W|V_],. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 23 mid = 13 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,108) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,108) wrote 108 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=13 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2304 (0x900) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 23 mid = 13 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 23 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 23: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 83 A7 56 F4 B8 89 5C 07 ..V...\. >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[c009]: \NETLOGON auth_type 0, auth_level 0 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345678 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 cf fb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=87 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 24 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 15 94 CF 77 A9 22 CC AA ...w.".. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 25 mid = 14 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,158) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,158) wrote 158 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 124 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... > [010] 00 B8 10 B8 10 BB 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 25 mid = 14 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 25 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 25: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 26 16 BE A8 C9 01 77 C8 &.....w. >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... > [010] 00 B8 10 B8 10 BB 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 25 mid = 14 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 returned 68 bytes. >[2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 bind request returned ok. >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261bb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine bredde.ahus.no and bound anonymously. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > in: struct netr_ServerReqChallenge > server_name : * > server_name : '\\bredde.ahus.no' > computer_name : 'LORDVADER' > credentials : * > credentials: struct netr_Credential > data : f05bad06c04ce65a >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0074 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000005c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0004 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=198 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 116 (0x74) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=131 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 74 00 00 00 07 00 00 00 5C .......t .......\ > [020] 00 00 00 00 00 04 00 00 00 02 00 11 00 00 00 00 ........ ........ > [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e > [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s > [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0A 00 00 00 00 ...n.o.. ........ > [060] 00 00 00 0A 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V > [070] 00 41 00 44 00 45 00 52 00 00 00 F0 5B AD 06 C0 .A.D.E.R ....[... > [080] 4C E6 5A L.Z >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 26 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 23 05 2C 31 9A DA 03 6B #.,1...k >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 27 mid = 15 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,202) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,202) wrote 202 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 92 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 t....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 14 56 F3 EB 60 13 D1 ........ ..V..`.. > [020] 8E 00 00 00 00 ..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 27 mid = 15 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 27 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 27: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] EB 79 FF 77 50 90 B2 F7 .y.wP... >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 t....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 14 56 F3 EB 60 13 D1 ........ ..V..`.. > [020] 8E 00 00 00 00 ..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 27 mid = 15 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0024 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 returned 24 bytes. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > out: struct netr_ServerReqChallenge > return_credentials : * > return_credentials: struct netr_Credential > data : 1456f3eb6013d18e > result : NT_STATUS_OK >[2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(294) > creds_client_init: neg_flags : 600fffff >[2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(295) > creds_client_init: client chal : F05BAD06C04CE65A >[2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(296) > creds_client_init: server chal : 1456F3EB6013D18E >[2008/12/09 16:14:18, 5] libsmb/credentials.c:creds_init_128(70) > creds_init_128 >[2008/12/09 16:14:18, 5] libsmb/credentials.c:creds_init_128(71) > clnt_chal_in: F05BAD06C04CE65A >[2008/12/09 16:14:18, 5] libsmb/credentials.c:creds_init_128(72) > srv_chal_in : 1456F3EB6013D18E >[2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(314) > creds_client_init: clnt : D681085D3E829572 >[2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(315) > creds_client_init: server : 3E02772FD7FDBCA7 >[2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(316) > creds_client_init: seed : D681085D3E829572 > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > in: struct netr_ServerAuthenticate2 > server_name : * > server_name : '\\bredde.ahus.no' > account_name : 'LORDVADER$' > secure_channel_type : SEC_CHAN_WKSTA (2) > computer_name : 'LORDVADER' > credentials : * > credentials: struct netr_Credential > data : d681085d3e829572 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 009c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000084 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000f >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=238 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 156 (0x9C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 156 (0x9C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=171 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 9C 00 00 00 08 00 00 00 84 ........ ........ > [020] 00 00 00 00 00 0F 00 00 00 02 00 11 00 00 00 00 ........ ........ > [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e > [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s > [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0B 00 00 00 00 ...n.o.. ........ > [060] 00 00 00 0B 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V > [070] 00 41 00 44 00 45 00 52 00 24 00 00 00 02 00 0A .A.D.E.R .$...... > [080] 00 00 00 00 00 00 00 0A 00 00 00 4C 00 4F 00 52 ........ ...L.O.R > [090] 00 44 00 56 00 41 00 44 00 45 00 52 00 00 00 D6 .D.V.A.D .E.R.... > [0A0] 81 08 5D 3E 82 95 72 FF FF 0F 60 ..]>..r. ..` >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 28 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 0B 6B 5E 38 86 69 9C 42 .k^8.i.B >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 29 mid = 16 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,242) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,242) wrote 242 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 96 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 3E 02 77 2F D7 FD BC ........ .>.w/... > [020] A7 FF FF 0F 60 00 00 00 00 ....`... . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 29 mid = 16 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 29 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 29: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] B0 A0 4C 28 81 0D ED 10 ..L(.... >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 3E 02 77 2F D7 FD BC ........ .>.w/... > [020] A7 FF FF 0F 60 00 00 00 00 ....`... . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 29 mid = 16 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0028 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 returned 32 bytes. > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > out: struct netr_ServerAuthenticate2 > return_credentials : * > return_credentials: struct netr_Credential > data : 3e02772fd7fdbca7 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL > result : NT_STATUS_OK >[2008/12/09 16:14:18, 10] libsmb/credentials.c:netlogon_creds_client_check(338) > netlogon_creds_client_check: credentials check OK. >[2008/12/09 16:14:18, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(221) > rpccli_netlogon_setup_creds: server bredde.ahus.no credential chain established. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 30 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 12 20 DA BF 0A 54 E4 D9 . ...T.. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 31 mid = 17 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,108) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,108) wrote 108 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=17 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 31 mid = 17 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 31 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 31: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 9F 75 CA 1E 33 00 95 F6 .u..3... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[c00a]: \NETLOGON auth_type 2, auth_level 6 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 type1: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 type2: 00000003 >[2008/12/09 16:14:18, 6] lib/util.c:dump_data(2223) > [000] 41 48 55 53 AHUS >[2008/12/09 16:14:18, 6] lib/util.c:dump_data(2223) > [000] 4C 4F 52 44 56 41 44 45 52 LORDVADE R >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0067 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345678 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 cf fb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 44 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=185 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 103 (0x67) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49162 (0xC00A) > smb_bcc=118 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 67 00 17 00 09 00 00 00 B8 .......g ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 41 48 55 53 00 4C 4F 52 44 .......A HUS.LORD > [070] 56 41 44 45 52 00 VADER. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 32 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] A2 A8 B2 1A 1A C0 18 E6 ........ >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 33 mid = 18 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,189) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,189) wrote 189 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... > [010] 00 B8 10 B8 10 BC 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 64 A0 03 ......d. . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 33 mid = 18 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 33 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 33: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 86 DA 9B C9 67 EB A8 65 ....g..e >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... > [010] 00 B8 10 B8 10 BC 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 64 A0 03 ......d. . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 33 mid = 18 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0058 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a returned 88 bytes. >[2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a bind request returned ok. >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0058 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261bc >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2554) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine bredde.ahus.no for domain AHUS and bound using schannel. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 34 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] FD 1F 9C 65 8C C4 21 96 ...e..!. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 35 mid = 19 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,45) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,45) wrote 45 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=19 > smt_wct=0 > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 35 mid = 19 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 35 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 35: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 45 90 E3 33 FF 98 93 A2 E..3.... >[2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine bredde.ahus.no > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'bredde.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0078 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0020 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0028 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000050 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0050 auth_type : 44 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0051 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0052 auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0053 auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0054 auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_encode(1666) > SCHANNEL: schannel_encode seq_num=0 data_len=56 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000058 smb_io_rpc_auth_schannel_chk >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0058 sig : 77 00 7a 00 ff ff 00 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0060 seq_num: a8 a1 fe 6c b7 34 de ac >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0068 packet_digest: fd 24 9c 1b 6c 97 cd 51 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0070 confounder: e0 24 56 90 35 37 11 16 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=202 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 120 (0x78) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49162 (0xC00A) > smb_bcc=135 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 00 20 00 0A 00 00 00 34 .......x . .....4 > [020] 00 00 00 00 00 28 00 75 D9 3E 61 9E 7E E7 00 C6 .....(.u .>a.~... > [030] EA 14 18 3B 25 21 9D 2B 51 B3 6B DB 87 E4 DB D0 ...;%!.+ Q.k..... > [040] 4C 03 99 1D E5 A0 30 6C 75 3F 53 22 E4 D0 CD 2C L.....0l u?S"..., > [050] AC 61 39 40 13 19 14 BD 58 32 11 6B B1 4B F6 44 .a9@.... X2.k.K.D > [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 A8 .......w .z...... > [070] A1 FE 6C B7 34 DE AC FD 24 9C 1B 6C 97 CD 51 E0 ..l.4... $..l..Q. > [080] 24 56 90 35 37 11 16 $V.57.. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 36 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 4C 44 57 78 3F 49 BD 4F LDWx?I.O >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 37 mid = 20 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,206) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,206) wrote 206 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 664 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=664 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 608 (0x260) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 608 (0x260) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=609 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0A 00 00 x....... .`. .... > [010] 00 1C 02 00 00 00 00 00 00 FE B4 36 73 B8 BB C9 ........ ...6s... > [020] 83 9A A0 86 FD EE B8 C1 4C 71 9B 6F 82 FA 81 ED ........ Lq.o.... > [030] 4C C2 53 E6 DB 57 6D DD C3 87 37 65 8B CB 1C 60 L.S..Wm. ..7e...` > [040] 2F 86 0D B7 6C 62 2F 78 33 05 66 3E 6C 0C 3A 4C /...lb/x 3.f>l.:L > [050] 3E 2E D7 D2 E4 74 BE 01 86 DD 0F 4A 5A A5 49 36 >....t.. ...JZ.I6 > [060] 64 38 F2 85 48 6F EC C9 20 DC 11 20 2C 63 EB F7 d8..Ho.. .. ,c.. > [070] 5E EF 4B AF 1B 83 1D 14 3C 34 4B 19 94 E5 44 15 ^.K..... <4K...D. > [080] 28 1A 4D 37 24 E7 42 DD 67 46 30 1D 29 FC B6 6F (.M7$.B. gF0.)..o > [090] 00 F8 95 B9 00 8C 7B D8 4C 79 23 76 87 82 A3 75 ......{. Ly#v...u > [0A0] 35 B5 51 08 4A 5E 10 EE 49 26 24 D0 A9 9F 2D E9 5.Q.J^.. I&$...-. > [0B0] C5 27 61 E3 D8 A8 01 98 20 78 6E 47 FA D8 A4 10 .'a..... xnG.... > [0C0] DE AB 39 CB 5A EA 79 7C CB 2A F6 0F D9 CE 56 A6 ..9.Z.y| .*....V. > [0D0] 25 89 DB 4A F3 D6 AE 58 1B 9C 4F 60 31 AC 70 95 %..J...X ..O`1.p. > [0E0] F1 5A B3 83 67 A6 C6 CB 2F 59 D8 6F F1 FF 63 1C .Z..g... /Y.o..c. > [0F0] 63 F6 60 34 30 A5 1F 33 F4 84 1C 4C A4 19 59 C5 c.`40..3 ...L..Y. > [100] AC 56 30 BA D0 FC 0A 9D 44 9F 68 EF CC F3 17 87 .V0..... D.h..... > [110] 6D D6 6A 49 8D 0A F1 07 1B A7 65 C6 FC CF 0F 25 m.jI.... ..e....% > [120] 0A 3C 2E 1B 15 5A 92 5C 06 4B E5 BD 7D 11 25 09 .<...Z.\ .K..}.%. > [130] B5 E2 B9 B3 07 DE D7 70 17 26 1A 1D 40 EA 67 AD .......p .&..@.g. > [140] A9 E7 EC 6B 92 42 BD 40 4C 9B 58 7E 2F F9 55 F8 ...k.B.@ L.X~/.U. > [150] CD E6 6B 79 2B A2 1C 58 DD C1 74 B3 39 8B 23 E8 ..ky+..X ..t.9.#. > [160] 33 C8 B7 1B 24 A7 E0 16 89 9A BF 19 ED 68 AA 39 3...$... .....h.9 > [170] 7C 5F 8D B6 54 25 50 A6 67 62 10 47 19 77 C8 B4 |_..T%P. gb.G.w.. > [180] AE A9 92 64 6F F5 79 EE 37 71 13 CC FC E5 7D 2D ...do.y. 7q....}- > [190] 9B 80 92 7C D7 B3 7A E1 C0 54 50 05 B5 46 42 33 ...|..z. .TP..FB3 > [1A0] BF C7 D5 59 5B B6 8B E8 44 AD 1B 03 28 8E E9 71 ...Y[... D...(..q > [1B0] FF 04 7B E1 77 D5 BB 6F 1E 73 4D 49 EA 44 C2 12 ..{.w..o .sMI.D.. > [1C0] BE F3 9E F4 DF 94 28 E8 C2 9C 30 3B E0 9B 72 87 ......(. ..0;..r. > [1D0] 7A EA 74 61 49 BD AD E8 8E 9D 97 04 0B EA F9 77 z.taI... .......w > [1E0] 42 73 8A 78 9B 34 03 06 1B 78 2E F1 6B 1C F5 BE Bs.x.4.. .x..k... > [1F0] 45 38 F3 ED B7 BD 92 A4 1C C2 A1 BE 40 59 3C BC E8...... ....@Y<. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 37 mid = 20 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 37 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 37: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] F6 F5 30 CC 6E 4B 32 FD ..0.nK2. >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=664 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 608 (0x260) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 608 (0x260) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=609 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0A 00 00 x....... .`. .... > [010] 00 1C 02 00 00 00 00 00 00 FE B4 36 73 B8 BB C9 ........ ...6s... > [020] 83 9A A0 86 FD EE B8 C1 4C 71 9B 6F 82 FA 81 ED ........ Lq.o.... > [030] 4C C2 53 E6 DB 57 6D DD C3 87 37 65 8B CB 1C 60 L.S..Wm. ..7e...` > [040] 2F 86 0D B7 6C 62 2F 78 33 05 66 3E 6C 0C 3A 4C /...lb/x 3.f>l.:L > [050] 3E 2E D7 D2 E4 74 BE 01 86 DD 0F 4A 5A A5 49 36 >....t.. ...JZ.I6 > [060] 64 38 F2 85 48 6F EC C9 20 DC 11 20 2C 63 EB F7 d8..Ho.. .. ,c.. > [070] 5E EF 4B AF 1B 83 1D 14 3C 34 4B 19 94 E5 44 15 ^.K..... <4K...D. > [080] 28 1A 4D 37 24 E7 42 DD 67 46 30 1D 29 FC B6 6F (.M7$.B. gF0.)..o > [090] 00 F8 95 B9 00 8C 7B D8 4C 79 23 76 87 82 A3 75 ......{. Ly#v...u > [0A0] 35 B5 51 08 4A 5E 10 EE 49 26 24 D0 A9 9F 2D E9 5.Q.J^.. I&$...-. > [0B0] C5 27 61 E3 D8 A8 01 98 20 78 6E 47 FA D8 A4 10 .'a..... xnG.... > [0C0] DE AB 39 CB 5A EA 79 7C CB 2A F6 0F D9 CE 56 A6 ..9.Z.y| .*....V. > [0D0] 25 89 DB 4A F3 D6 AE 58 1B 9C 4F 60 31 AC 70 95 %..J...X ..O`1.p. > [0E0] F1 5A B3 83 67 A6 C6 CB 2F 59 D8 6F F1 FF 63 1C .Z..g... /Y.o..c. > [0F0] 63 F6 60 34 30 A5 1F 33 F4 84 1C 4C A4 19 59 C5 c.`40..3 ...L..Y. > [100] AC 56 30 BA D0 FC 0A 9D 44 9F 68 EF CC F3 17 87 .V0..... D.h..... > [110] 6D D6 6A 49 8D 0A F1 07 1B A7 65 C6 FC CF 0F 25 m.jI.... ..e....% > [120] 0A 3C 2E 1B 15 5A 92 5C 06 4B E5 BD 7D 11 25 09 .<...Z.\ .K..}.%. > [130] B5 E2 B9 B3 07 DE D7 70 17 26 1A 1D 40 EA 67 AD .......p .&..@.g. > [140] A9 E7 EC 6B 92 42 BD 40 4C 9B 58 7E 2F F9 55 F8 ...k.B.@ L.X~/.U. > [150] CD E6 6B 79 2B A2 1C 58 DD C1 74 B3 39 8B 23 E8 ..ky+..X ..t.9.#. > [160] 33 C8 B7 1B 24 A7 E0 16 89 9A BF 19 ED 68 AA 39 3...$... .....h.9 > [170] 7C 5F 8D B6 54 25 50 A6 67 62 10 47 19 77 C8 B4 |_..T%P. gb.G.w.. > [180] AE A9 92 64 6F F5 79 EE 37 71 13 CC FC E5 7D 2D ...do.y. 7q....}- > [190] 9B 80 92 7C D7 B3 7A E1 C0 54 50 05 B5 46 42 33 ...|..z. .TP..FB3 > [1A0] BF C7 D5 59 5B B6 8B E8 44 AD 1B 03 28 8E E9 71 ...Y[... D...(..q > [1B0] FF 04 7B E1 77 D5 BB 6F 1E 73 4D 49 EA 44 C2 12 ..{.w..o .sMI.D.. > [1C0] BE F3 9E F4 DF 94 28 E8 C2 9C 30 3B E0 9B 72 87 ......(. ..0;..r. > [1D0] 7A EA 74 61 49 BD AD E8 8E 9D 97 04 0B EA F9 77 z.taI... .......w > [1E0] 42 73 8A 78 9B 34 03 06 1B 78 2E F1 6B 1C F5 BE Bs.x.4.. .x..k... > [1F0] 45 38 F3 ED B7 BD 92 A4 1C C2 A1 BE 40 59 3C BC E8...... ....@Y<. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 37 mid = 20 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0260 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0020 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000021c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000238 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0238 auth_type : 44 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0239 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 023a auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 023b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 023c auth_context_id: 00000001 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000240 smb_io_rpc_auth_schannel_chk >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0240 sig : 77 00 7a 00 ff ff 00 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0248 seq_num: e4 6a 12 db 49 87 1a 92 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0250 packet_digest: 24 95 c4 e8 64 0a ef a9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0258 confounder: 14 2b 1e 12 f3 6f cb a9 >[2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_decode(1743) > SCHANNEL: schannel_decode seq_num=1 data_len=544 >[2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_decode(1763) > SCHANNEL: schannel_decode seq_num=1 data_len=544 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 608, data_len 540, ss_len 4 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 608 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a returned 1080 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000004 (4) > array : * > array: ARRAY(4) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'SIAADM' > dns_name : * > dns_name : 'adm.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000003 (3) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-29509730-458046710-584457872 > guid : 86e1733e-c58a-4e40-a623-e342ffcb5aeb > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'SIAPAS' > dns_name : * > dns_name : 'pas.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000003 (3) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-12156805-1400573469-1836196843 > guid : af7f7233-e3ee-4db3-9a26-1fa9b7a2db87 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'AD' > dns_name : * > dns_name : 'ad.ahus.no' > trust_flags : 0x00000022 (34) > 0: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000004 (4) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 1: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-1100344877-3013322779-101495848 > guid : 00000000-0000-0000-0000-000000000000 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'AHUS' > dns_name : * > dns_name : 'ahus.no' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-800612262-1210951328-1076162327 > guid : d36df92d-628a-435e-bede-27cb29aacda1 > result : WERR_OK >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain adm.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain SIAADM (adm.ahus.no), SID S-1-5-21-29509730-458046710-584457872, flags = 0x23, attributes = 0x20, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 4 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (AHUS.NO) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain pas.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain SIAPAS (pas.ahus.no), SID S-1-5-21-12156805-1400573469-1836196843, flags = 0x23, attributes = 0x20, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 5 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (AHUS.NO) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ad.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain AD (ad.ahus.no), SID S-1-5-21-1100344877-3013322779-101495848, flags = 0x22, attributes = 0x4, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (AHUS.NO) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain AHUS (ahus.no), SID S-1-5-21-800612262-1210951328-1076162327, flags = 0x1d, attributes = 0x0, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for AHUS >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3721 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2437) > Storing extra data: len=225 >[2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 20 >[2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPSID >[2008/12/09 16:14:18, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) > [ 4112]: lookupsid S-1-1-0 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:sid_to_name(1523) > sid_to_name: [Cached] - doing backend query for name for domain AHUS >[2008/12/09 16:14:18, 3] winbindd/winbindd_rpc.c:msrpc_sid_to_name(337) > sid_to_name [rpc] S-1-1-0 for domain AHUS >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 38 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 1B 0F 8D 49 97 02 4E 00 ...I..N. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 39 mid = 21 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,104) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,104) wrote 104 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=21 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2816 (0xB00) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 39 mid = 21 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 39 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 39: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 37 6D 52 8F F4 32 11 3E 7mR..2.> >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[c00b]: \lsarpc auth_type 3, auth_level 6 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(981) > create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1004) > create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: >[2008/12/09 16:14:18, 5] lib/util.c:dump_data(2223) > [000] 60 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E `M..+... ...C0A.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 0...+... ..7..../ > [020] 04 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 .-NTLMSS P.....5. > [030] 08 60 04 00 04 00 20 00 00 00 09 00 09 00 24 00 .`.... . ......$. > [040] 00 00 41 48 55 53 4C 4F 52 44 56 41 44 45 52 ..AHUSLO RDVADER >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 009f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 004f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=241 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=22 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 159 (0x9F) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 159 (0x9F) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=174 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 9F 00 4F 00 0B 00 00 00 B8 ........ .O...... > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` > [060] 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E 30 M..+.... ..C0A..0 > [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 04 ...+.... .7..../. > [080] 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 -NTLMSSP .....5.. > [090] 60 04 00 04 00 20 00 00 00 09 00 09 00 24 00 00 `.... .. .....$.. > [0A0] 00 41 48 55 53 4C 4F 52 44 56 41 44 45 52 .AHUSLOR DVADER >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 40 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 0D 3F EB B2 1F B4 72 FB .?....r. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 41 mid = 22 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,245) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,245) wrote 245 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 327 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=327 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=22 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 271 (0x10F) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 271 (0x10F) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=272 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 9F 05 00 0C 03 10 00 00 00 0F 01 C3 00 0B 00 00 ........ ........ > [010] 00 B8 10 B8 10 BD 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 D1 11 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 81 C0 `....... ........ > [050] 30 81 BD A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 A7 04 81 A4 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 08 00 08 00 38 00 00 00 SSP..... ....8... > [080] 35 82 89 62 C4 A7 79 B4 5A 7B CA 0E 00 00 00 00 5..b..y. Z{...... > [090] 00 00 00 00 64 00 64 00 40 00 00 00 05 02 CE 0E ....d.d. @....... > [0A0] 00 00 00 0F 41 00 48 00 55 00 53 00 02 00 08 00 ....A.H. U.S..... > [0B0] 41 00 48 00 55 00 53 00 01 00 0C 00 42 00 52 00 A.H.U.S. ....B.R. > [0C0] 45 00 44 00 44 00 45 00 04 00 0E 00 61 00 68 00 E.D.D.E. ....a.h. > [0D0] 75 00 73 00 2E 00 6E 00 6F 00 03 00 1C 00 62 00 u.s...n. o.....b. > [0E0] 72 00 65 00 64 00 64 00 65 00 2E 00 61 00 68 00 r.e.d.d. e...a.h. > [0F0] 75 00 73 00 2E 00 6E 00 6F 00 05 00 0E 00 61 00 u.s...n. o.....a. > [100] 68 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 h.u.s... n.o..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 41 mid = 22 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 41 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 41: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 41 E1 35 70 46 17 FA 41 A.5pF..A >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=327 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=22 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 271 (0x10F) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 271 (0x10F) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=272 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 9F 05 00 0C 03 10 00 00 00 0F 01 C3 00 0B 00 00 ........ ........ > [010] 00 B8 10 B8 10 BD 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 D1 11 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 81 C0 `....... ........ > [050] 30 81 BD A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 A7 04 81 A4 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 08 00 08 00 38 00 00 00 SSP..... ....8... > [080] 35 82 89 62 C4 A7 79 B4 5A 7B CA 0E 00 00 00 00 5..b..y. Z{...... > [090] 00 00 00 00 64 00 64 00 40 00 00 00 05 02 CE 0E ....d.d. @....... > [0A0] 00 00 00 0F 41 00 48 00 55 00 53 00 02 00 08 00 ....A.H. U.S..... > [0B0] 41 00 48 00 55 00 53 00 01 00 0C 00 42 00 52 00 A.H.U.S. ....B.R. > [0C0] 45 00 44 00 44 00 45 00 04 00 0E 00 61 00 68 00 E.D.D.E. ....a.h. > [0D0] 75 00 73 00 2E 00 6E 00 6F 00 03 00 1C 00 62 00 u.s...n. o.....b. > [0E0] 72 00 65 00 64 00 64 00 65 00 2E 00 61 00 68 00 r.e.d.d. e...a.h. > [0F0] 75 00 73 00 2E 00 6E 00 6F 00 05 00 0E 00 61 00 u.s...n. o.....a. > [100] 68 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 h.u.s... n.o..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 41 mid = 22 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 010f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00c3 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 271 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 271 bytes. >[2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b bind request returned ok. >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 010f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00c3 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261bd >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 auth_pad_len : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 auth_context_id: 00000001 >[2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2008/12/09 16:14:18, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2008/12/09 16:14:18, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2008/12/09 16:14:18, 5] lib/util.c:dump_data(2223) > [000] 39 A3 E5 75 F3 6D 08 BF 9..u.m.. >[2008/12/09 16:14:18, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0e >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 010a >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00ba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=348 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=23 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 266 (0x10A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 266 (0x10A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=281 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0E 03 10 00 00 00 0A 01 BA 00 0B 00 00 00 B8 ........ ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ > [060] 81 B7 30 81 B4 A2 81 B1 04 81 AE 4E 54 4C 4D 53 ..0..... ...NTLMS > [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... > [080] 00 18 00 58 00 00 00 08 00 08 00 70 00 00 00 14 ...X.... ...p.... > [090] 00 14 00 78 00 00 00 12 00 12 00 8C 00 00 00 10 ...x.... ........ > [0A0] 00 10 00 9E 00 00 00 35 82 08 60 71 96 B2 06 EA .......5 ..`q.... > [0B0] 0B 9F AF 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 A2 26 17 F4 A0 8B D9 91 E7 38 F8 23 A2 ....&... ....8.#. > [0D0] E8 4F 13 91 07 62 64 29 FE 91 6B 41 00 48 00 55 .O...bd) ..kA.H.U > [0E0] 00 53 00 4C 00 4F 00 52 00 44 00 56 00 41 00 44 .S.L.O.R .D.V.A.D > [0F0] 00 45 00 52 00 24 00 4C 00 4F 00 52 00 44 00 56 .E.R.$.L .O.R.D.V > [100] 00 41 00 44 00 45 00 52 00 07 31 F3 98 F8 F0 15 .A.D.E.R ..1..... > [110] 96 FE E3 19 04 19 C1 05 36 ........ 6 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 42 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 6A A6 C6 65 24 FE DC 2E j..e$... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 43 mid = 23 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,352) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,352) wrote 352 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 129 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=129 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 73 (0x49) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 73 (0x49) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=74 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 0A 05 00 0F 03 10 00 00 00 49 00 09 00 0B 00 00 ........ .I...... > [010] 00 B8 10 B8 10 BD 61 22 00 00 00 5C 50 01 00 00 ......a" ...\P... > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 00 00 01 00 00 .+.H`... ........ > [040] 00 A1 07 30 05 A0 03 0A 01 00 ...0.... .. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 43 mid = 23 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 43 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 43: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 22 CC F9 06 40 23 8B 36 "...@#.6 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=129 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 73 (0x49) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 73 (0x49) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=74 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 0A 05 00 0F 03 10 00 00 00 49 00 09 00 0B 00 00 ........ .I...... > [010] 00 B8 10 B8 10 BD 61 22 00 00 00 5C 50 01 00 00 ......a" ...\P... > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 00 00 01 00 00 .+.H`... ........ > [040] 00 A1 07 30 05 A0 03 0A 01 00 ...0.... .. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 43 mid = 23 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0049 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0009 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 73 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 73 bytes. >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0049 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0009 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2023) > rpc_finish_spnego_ntlmssp_bind: alter context request to remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b. >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2374) > cli_rpc_pipe_open_ntlmssp_internal: opened pipe \lsarpc to machine bredde.ahus.no and bound NTLMSSP as user AHUS\LORDVADER$. >[2008/12/09 16:14:18, 10] winbindd/winbindd_cm.c:cm_connect_lsa(2176) > cm_connect_lsa: connected to LSA pipe for domain AHUS using NTLMSSP authenticated pipe: user AHUS\LORDVADER$ >[2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0060 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=111 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 10 00 0C 00 00 00 2C .......` ......., > [020] 00 00 00 00 00 06 00 46 64 B4 8F 8A 58 2A 74 6A .......F d...X*tj > [030] CB 88 A4 87 9E A9 0F 17 FB E5 B3 67 15 71 71 7E ........ ...g.qq~ > [040] 51 CB 73 62 E7 01 E3 AC C1 37 89 B0 C2 EA 48 9B Q.sb.... .7....H. > [050] ED D1 2A 52 69 A1 89 09 06 04 00 01 00 00 00 01 ..*Ri... ........ > [060] 00 00 00 FC 2F 86 43 21 FC DC 12 00 00 00 00 ..../.C! ....... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 44 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 2A 78 3E 5C E4 F1 C3 3F *x>\...? >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 45 mid = 24 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,182) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,182) wrote 182 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 136 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 80 (0x50) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=81 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 60 05 00 02 03 10 00 00 00 50 00 10 00 0C 00 00 `....... .P...... > [010] 00 18 00 00 00 00 00 00 00 B2 65 0C 70 3A B7 3B ........ ..e.p:.; > [020] C7 39 76 BE 6B 1D B0 C9 E2 0F 0D E8 17 9B 5B 8D .9v.k... ......[. > [030] C1 DD B3 F5 F1 1C 28 98 80 09 06 08 00 01 00 00 ......(. ........ > [040] 00 01 00 00 00 03 12 A2 16 A1 B0 30 13 00 00 00 ........ ...0.... > [050] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 45 mid = 24 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 45 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 45: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] DC F9 54 A0 C8 1F D6 69 ..T....i >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 80 (0x50) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=81 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 60 05 00 02 03 10 00 00 00 50 00 10 00 0C 00 00 `....... .P...... > [010] 00 18 00 00 00 00 00 00 00 B2 65 0C 70 3A B7 3B ........ ..e.p:.; > [020] C7 39 76 BE 6B 1D B0 C9 E2 0F 0D E8 17 9B 5B 8D .9v.k... ......[. > [030] C1 DD B3 F5 F1 1C 28 98 80 09 06 08 00 01 00 00 ......(. ........ > [040] 00 01 00 00 00 03 12 A2 16 A1 B0 30 13 00 00 00 ........ ...0.... > [050] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 45 mid = 24 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 08 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 80, data_len 24, ss_len 8 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 80 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d469b8bc-bca5-4814-927a-7095f9372563 > result : NT_STATUS_OK >[2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids(305) > rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1. > lsa_LookupSids: struct lsa_LookupSids > in: struct lsa_LookupSids > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d469b8bc-bca5-4814-927a-7095f9372563 > sids : * > sids: struct lsa_SidArray > num_sids : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_SidPtr > sid : * > sid : S-1-1-0 > names : * > names: struct lsa_TransNameArray > count : 0x00000000 (0) > names : NULL > level : 0x0001 (1) > count : * > count : 0x00000000 (0) >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0078 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000060 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0060 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0061 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0062 auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0063 auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0064 auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=202 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 120 (0x78) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=135 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 00 10 00 0D 00 00 00 44 .......x .......D > [020] 00 00 00 00 00 0F 00 5C 51 03 82 24 5F A0 6C AA .......\ Q..$_.l. > [030] D5 E9 C1 32 91 64 23 D7 20 2F 75 85 B0 54 FD 58 ...2.d#. /u..T.X > [040] 87 B5 2A 39 45 82 F0 68 D1 23 04 8C 88 0C D3 79 ..*9E..h .#.....y > [050] 3F 46 F7 92 D3 DE F8 4D F9 DA D5 DF 0B D8 87 FE ?F.....M ........ > [060] DE 25 58 81 53 97 4F 17 E8 77 58 58 F4 B2 25 09 .%X.S.O. .wXX..%. > [070] 06 04 00 01 00 00 00 01 00 00 00 EE 64 24 8E 25 ........ ....d$.% > [080] 7A 35 BB 01 00 00 00 z5..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 46 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 18 D4 73 6A 3A F6 03 9D ..sj:... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 47 mid = 25 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,206) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,206) wrote 206 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 232 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 176 (0xB0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 176 (0xB0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=177 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 B0 00 10 00 0D 00 00 x....... ........ > [010] 00 78 00 00 00 00 00 00 00 A3 CE 51 DA 40 70 9D .x...... ...Q.@p. > [020] 2C 41 C7 4D 41 3A 07 BD 7D 6F 94 BE C9 CA 94 C8 ,A.MA:.. }o...... > [030] 69 08 81 65 1A CA 34 CF B7 19 F1 27 A3 B0 02 74 i..e..4. ...'...t > [040] D7 57 5D 11 22 97 BF 2C 2D 35 2B 10 6F A2 76 16 .W].".., -5+.o.v. > [050] A2 84 38 E8 27 E9 1A 0B C6 8B DC A0 DF 88 A5 06 ..8.'... ........ > [060] F4 E5 8C 97 7F 96 39 31 9F 70 48 8E 31 7F 6B 77 ......91 .pH.1.kw > [070] 55 6C 32 1C B4 08 DE 3D 04 21 B1 38 B6 74 50 8F Ul2....= .!.8.tP. > [080] 7B 57 E2 84 01 DB AE 46 9A 8B 8E F2 6A 9C 25 15 {W.....F ....j.%. > [090] A8 FE 2A DA 3E 2C 21 8F C5 09 06 08 00 01 00 00 ..*.>,!. ........ > [0A0] 00 01 00 00 00 22 AA 3A 40 A9 93 03 72 01 00 00 .....".: @...r... > [0B0] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 47 mid = 25 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 47 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 47: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 3B F3 AC 34 ED B9 A6 89 ;..4.... >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 176 (0xB0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 176 (0xB0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=177 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 B0 00 10 00 0D 00 00 x....... ........ > [010] 00 78 00 00 00 00 00 00 00 A3 CE 51 DA 40 70 9D .x...... ...Q.@p. > [020] 2C 41 C7 4D 41 3A 07 BD 7D 6F 94 BE C9 CA 94 C8 ,A.MA:.. }o...... > [030] 69 08 81 65 1A CA 34 CF B7 19 F1 27 A3 B0 02 74 i..e..4. ...'...t > [040] D7 57 5D 11 22 97 BF 2C 2D 35 2B 10 6F A2 76 16 .W].".., -5+.o.v. > [050] A2 84 38 E8 27 E9 1A 0B C6 8B DC A0 DF 88 A5 06 ..8.'... ........ > [060] F4 E5 8C 97 7F 96 39 31 9F 70 48 8E 31 7F 6B 77 ......91 .pH.1.kw > [070] 55 6C 32 1C B4 08 DE 3D 04 21 B1 38 B6 74 50 8F Ul2....= .!.8.tP. > [080] 7B 57 E2 84 01 DB AE 46 9A 8B 8E F2 6A 9C 25 15 {W.....F ....j.%. > [090] A8 FE 2A DA 3E 2C 21 8F C5 09 06 08 00 01 00 00 ..*.>,!. ........ > [0A0] 00 01 00 00 00 22 AA 3A 40 A9 93 03 72 01 00 00 .....".: @...r... > [0B0] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 47 mid = 25 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00b0 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000078 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000098 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0098 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0099 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009a auth_pad_len : 08 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 009c auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 176, data_len 120, ss_len 8 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 176 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 240 bytes. > lsa_LookupSids: struct lsa_LookupSids > out: struct lsa_LookupSids > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0002 (2) > string : * > string : '' > sid : * > sid : S-1-1 > max_size : 0x00000020 (32) > names : * > names: struct lsa_TransNameArray > count : 0x00000001 (1) > names : * > names: ARRAY(1) > names: struct lsa_TranslatedName > sid_type : SID_NAME_WKN_GRP (5) > name: struct lsa_String > length : 0x0010 (16) > size : 0x0012 (18) > string : * > string : 'Everyone' > sid_index : 0x00000000 (0) > count : * > count : 0x00000001 (1) > result : NT_STATUS_OK >[2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids_noalloc(171) > LSA_LOOKUPSIDS returned 'NT_STATUS_OK', mapped count = 1' >[2008/12/09 16:14:18, 5] winbindd/winbindd_rpc.c:msrpc_sid_to_name(361) > Mapped sid to []\[Everyone] >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) > wcache_save_sid_to_name: S-1-1-0 -> Everyone (NT_STATUS_OK) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 19 >[2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LIST_TRUSTDOM >[2008/12/09 16:14:18, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) > [ 4112]: list trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:trusted_domains(2106) > trusted_domains: [Cached] - doing backend query for info for domain AHUS >[2008/12/09 16:14:18, 3] winbindd/winbindd_ads.c:trusted_domains(1171) > ads: trusted_domains > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'bredde.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0078 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0020 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0028 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000050 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0050 auth_type : 44 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0051 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0052 auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0053 auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0054 auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) > add_schannel_auth_footer: SCHANNEL seq_num=2 >[2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_encode(1666) > SCHANNEL: schannel_encode seq_num=2 data_len=56 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000058 smb_io_rpc_auth_schannel_chk >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0058 sig : 77 00 7a 00 ff ff 00 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0060 seq_num: b1 ec 66 d2 d0 c1 08 a7 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0068 packet_digest: d9 d3 df 51 2e f1 ae 72 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0070 confounder: 8d 54 03 a9 fd eb f9 88 >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=202 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=26 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 120 (0x78) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49162 (0xC00A) > smb_bcc=135 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 00 20 00 0E 00 00 00 34 .......x . .....4 > [020] 00 00 00 00 00 28 00 F9 97 62 67 51 87 25 D0 B3 .....(.. .bgQ.%.. > [030] 98 DD F5 C5 D8 50 D4 72 EC A0 09 27 88 72 72 92 .....P.r ...'.rr. > [040] 2D 04 0A B5 79 83 AC 5D 53 C3 9C F1 C3 3E 48 65 -...y..] S....>He > [050] 6A B4 FE D7 A0 5F 09 08 81 48 DB 3D 4F 1B 08 44 j...._.. .H.=O..D > [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 B1 .......w .z...... > [070] EC 66 D2 D0 C1 08 A7 D9 D3 DF 51 2E F1 AE 72 8D .f...... ..Q...r. > [080] 54 03 A9 FD EB F9 88 T...... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 48 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 04 2D A7 3B D3 B8 36 A8 .-.;..6. >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 49 mid = 26 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,206) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,206) wrote 206 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 664 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=664 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=26 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 608 (0x260) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 608 (0x260) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=609 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0E 00 00 x....... .`. .... > [010] 00 1C 02 00 00 00 00 00 00 5C E8 FE AF DC B9 CB ........ .\...... > [020] 4E 64 31 43 05 E3 32 76 E7 34 FE 3C EC 04 84 BF Nd1C..2v .4.<.... > [030] 35 88 E3 2A 3F 1A 62 DE 71 CF 53 92 68 17 52 92 5..*?.b. q.S.h.R. > [040] AF 51 12 1B DD 90 BB D4 EC 72 BE F2 15 3B D0 EC .Q...... .r...;.. > [050] DE 90 1D 19 14 76 06 29 BB 07 62 64 7B AB 75 6D .....v.) ..bd{.um > [060] 27 54 74 12 DA 8E 9B 88 D9 DC 76 DC 30 F9 7E 1E 'Tt..... ..v.0.~. > [070] 05 3D 94 EE 7F 3C 2A 1D 13 33 55 D5 48 12 C0 A4 .=...<*. .3U.H... > [080] 4E 7B BA 6D 24 DD F5 DA 3B 26 61 99 98 64 EE 7E N{.m$... ;&a..d.~ > [090] E5 1B BB F7 EA FC 8B D0 7D 92 22 FD 75 F4 81 7E ........ }.".u..~ > [0A0] 09 C0 50 5D 59 F0 98 9B F4 63 E6 3C 10 E1 3F E7 ..P]Y... .c.<..?. > [0B0] 78 A2 D7 18 AC 46 14 35 14 98 A0 82 25 EC 02 05 x....F.5 ....%... > [0C0] 02 B4 F8 30 54 EE EC 0D 96 6E 4C 9B 9D EB 58 18 ...0T... .nL...X. > [0D0] DB FA D2 40 34 F1 C8 C3 F7 6D 1B 01 63 A7 0D 97 ...@4... .m..c... > [0E0] 07 63 57 83 0C BE EB 5B D2 1E 3D F5 9D 43 C7 F6 .cW....[ ..=..C.. > [0F0] DB 74 01 FE 1E 48 E8 25 80 B1 14 25 A2 32 B2 E6 .t...H.% ...%.2.. > [100] 12 33 45 0C 5D 94 FC C6 75 36 5B 29 FA DE 77 17 .3E.]... u6[)..w. > [110] 60 63 B0 3D 56 D9 8A 8E EC 63 E9 7C 76 F5 CA 63 `c.=V... .c.|v..c > [120] 56 1A EC 42 32 2F B8 D2 69 A9 96 C8 A8 8D 32 24 V..B2/.. i.....2$ > [130] 8C 4C 31 AD F2 16 17 BC B2 02 B5 C4 C2 61 93 95 .L1..... .....a.. > [140] 40 57 14 8D 11 6C 09 17 CC 33 C8 94 D7 E0 FC 30 @W...l.. .3.....0 > [150] 2C F9 FF 14 F1 7B 5C C9 21 35 8C 40 D3 EE 90 E7 ,....{\. !5.@.... > [160] 8D E8 A8 B2 2A 83 95 4B 0A 87 02 9F A6 43 CD 68 ....*..K .....C.h > [170] B3 0C 2C 38 4D 12 10 51 47 05 E7 82 3F 04 7B D0 ..,8M..Q G...?.{. > [180] 7F 15 98 F9 93 98 63 25 8A D0 F6 73 27 3A 89 F2 ......c% ...s':.. > [190] 25 C2 53 A5 7D AD 8C 9E 93 49 D0 A0 F7 DD 0E F1 %.S.}... .I...... > [1A0] 42 45 D0 9C 3F 97 67 16 3C 4E BF 58 96 9A 1D BD BE..?.g. <N.X.... > [1B0] 52 37 67 BD 24 4F 56 AB 86 0A 65 E8 AB A7 1D E0 R7g.$OV. ..e..... > [1C0] 26 31 48 AE 99 49 A3 1E 77 F5 5F B4 78 D9 62 E4 &1H..I.. w._.x.b. > [1D0] 29 06 E2 B3 50 E3 CF A7 45 D7 E8 D0 F6 FB A1 61 )...P... E......a > [1E0] 9F 2E 88 27 B1 FC B6 AB 3C 54 61 1C 59 21 46 82 ...'.... <Ta.Y!F. > [1F0] AF 65 EE 21 5F E1 9E DE B9 5A 3D 1E 98 1B 89 FA .e.!_... .Z=..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 49 mid = 26 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 49 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 49: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] DA 8F 73 72 17 1E F2 00 ..sr.... >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=664 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=26 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 608 (0x260) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 608 (0x260) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=609 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0E 00 00 x....... .`. .... > [010] 00 1C 02 00 00 00 00 00 00 5C E8 FE AF DC B9 CB ........ .\...... > [020] 4E 64 31 43 05 E3 32 76 E7 34 FE 3C EC 04 84 BF Nd1C..2v .4.<.... > [030] 35 88 E3 2A 3F 1A 62 DE 71 CF 53 92 68 17 52 92 5..*?.b. q.S.h.R. > [040] AF 51 12 1B DD 90 BB D4 EC 72 BE F2 15 3B D0 EC .Q...... .r...;.. > [050] DE 90 1D 19 14 76 06 29 BB 07 62 64 7B AB 75 6D .....v.) ..bd{.um > [060] 27 54 74 12 DA 8E 9B 88 D9 DC 76 DC 30 F9 7E 1E 'Tt..... ..v.0.~. > [070] 05 3D 94 EE 7F 3C 2A 1D 13 33 55 D5 48 12 C0 A4 .=...<*. .3U.H... > [080] 4E 7B BA 6D 24 DD F5 DA 3B 26 61 99 98 64 EE 7E N{.m$... ;&a..d.~ > [090] E5 1B BB F7 EA FC 8B D0 7D 92 22 FD 75 F4 81 7E ........ }.".u..~ > [0A0] 09 C0 50 5D 59 F0 98 9B F4 63 E6 3C 10 E1 3F E7 ..P]Y... .c.<..?. > [0B0] 78 A2 D7 18 AC 46 14 35 14 98 A0 82 25 EC 02 05 x....F.5 ....%... > [0C0] 02 B4 F8 30 54 EE EC 0D 96 6E 4C 9B 9D EB 58 18 ...0T... .nL...X. > [0D0] DB FA D2 40 34 F1 C8 C3 F7 6D 1B 01 63 A7 0D 97 ...@4... .m..c... > [0E0] 07 63 57 83 0C BE EB 5B D2 1E 3D F5 9D 43 C7 F6 .cW....[ ..=..C.. > [0F0] DB 74 01 FE 1E 48 E8 25 80 B1 14 25 A2 32 B2 E6 .t...H.% ...%.2.. > [100] 12 33 45 0C 5D 94 FC C6 75 36 5B 29 FA DE 77 17 .3E.]... u6[)..w. > [110] 60 63 B0 3D 56 D9 8A 8E EC 63 E9 7C 76 F5 CA 63 `c.=V... .c.|v..c > [120] 56 1A EC 42 32 2F B8 D2 69 A9 96 C8 A8 8D 32 24 V..B2/.. i.....2$ > [130] 8C 4C 31 AD F2 16 17 BC B2 02 B5 C4 C2 61 93 95 .L1..... .....a.. > [140] 40 57 14 8D 11 6C 09 17 CC 33 C8 94 D7 E0 FC 30 @W...l.. .3.....0 > [150] 2C F9 FF 14 F1 7B 5C C9 21 35 8C 40 D3 EE 90 E7 ,....{\. !5.@.... > [160] 8D E8 A8 B2 2A 83 95 4B 0A 87 02 9F A6 43 CD 68 ....*..K .....C.h > [170] B3 0C 2C 38 4D 12 10 51 47 05 E7 82 3F 04 7B D0 ..,8M..Q G...?.{. > [180] 7F 15 98 F9 93 98 63 25 8A D0 F6 73 27 3A 89 F2 ......c% ...s':.. > [190] 25 C2 53 A5 7D AD 8C 9E 93 49 D0 A0 F7 DD 0E F1 %.S.}... .I...... > [1A0] 42 45 D0 9C 3F 97 67 16 3C 4E BF 58 96 9A 1D BD BE..?.g. <N.X.... > [1B0] 52 37 67 BD 24 4F 56 AB 86 0A 65 E8 AB A7 1D E0 R7g.$OV. ..e..... > [1C0] 26 31 48 AE 99 49 A3 1E 77 F5 5F B4 78 D9 62 E4 &1H..I.. w._.x.b. > [1D0] 29 06 E2 B3 50 E3 CF A7 45 D7 E8 D0 F6 FB A1 61 )...P... E......a > [1E0] 9F 2E 88 27 B1 FC B6 AB 3C 54 61 1C 59 21 46 82 ...'.... <Ta.Y!F. > [1F0] AF 65 EE 21 5F E1 9E DE B9 5A 3D 1E 98 1B 89 FA .e.!_... .Z=..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 49 mid = 26 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0260 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0020 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000021c >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000238 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0238 auth_type : 44 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0239 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 023a auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 023b auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 023c auth_context_id: 00000001 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000240 smb_io_rpc_auth_schannel_chk >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0240 sig : 77 00 7a 00 ff ff 00 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0248 seq_num: 47 0e 2b 97 2a 1d e5 76 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0250 packet_digest: 2b 23 93 f8 96 3d da 17 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0258 confounder: ae c0 5b 6d 18 01 d2 e7 >[2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_decode(1743) > SCHANNEL: schannel_decode seq_num=3 data_len=544 >[2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_decode(1763) > SCHANNEL: schannel_decode seq_num=3 data_len=544 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 608, data_len 540, ss_len 4 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 608 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a returned 1080 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000004 (4) > array : * > array: ARRAY(4) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'SIAADM' > dns_name : * > dns_name : 'adm.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000003 (3) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-29509730-458046710-584457872 > guid : 86e1733e-c58a-4e40-a623-e342ffcb5aeb > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'SIAPAS' > dns_name : * > dns_name : 'pas.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000003 (3) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-12156805-1400573469-1836196843 > guid : af7f7233-e3ee-4db3-9a26-1fa9b7a2db87 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'AD' > dns_name : * > dns_name : 'ad.ahus.no' > trust_flags : 0x00000022 (34) > 0: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000004 (4) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 1: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-1100344877-3013322779-101495848 > guid : 00000000-0000-0000-0000-000000000000 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'AHUS' > dns_name : * > dns_name : 'ahus.no' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-800612262-1210951328-1076162327 > guid : d36df92d-628a-435e-bede-27cb29aacda1 > result : WERR_OK >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain adm.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain SIAADM (adm.ahus.no), SID S-1-5-21-29509730-458046710-584457872, flags = 0x23, attributes = 0x20, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for SIAADM >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain pas.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain SIAPAS (pas.ahus.no), SID S-1-5-21-12156805-1400573469-1836196843, flags = 0x23, attributes = 0x20, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for SIAPAS >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ad.ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain AD (ad.ahus.no), SID S-1-5-21-1100344877-3013322779-101495848, flags = 0x22, attributes = 0x4, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for AD >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ahus.no >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain AHUS (ahus.no), SID S-1-5-21-800612262-1210951328-1076162327, flags = 0x1d, attributes = 0x0, type = 0x2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for AHUS >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3721 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2437) > Storing extra data: len=225 >[2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 20 >[2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPSID >[2008/12/09 16:14:18, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) > [ 4112]: lookupsid S-1-5-2 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:sid_to_name(1523) > sid_to_name: [Cached] - doing backend query for name for domain AHUS >[2008/12/09 16:14:18, 3] winbindd/winbindd_rpc.c:msrpc_sid_to_name(337) > sid_to_name [rpc] S-1-5-2 for domain AHUS >[2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids(305) > rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1. > lsa_LookupSids: struct lsa_LookupSids > in: struct lsa_LookupSids > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d469b8bc-bca5-4814-927a-7095f9372563 > sids : * > sids: struct lsa_SidArray > num_sids : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_SidPtr > sid : * > sid : S-1-5-2 > names : * > names: struct lsa_TransNameArray > count : 0x00000000 (0) > names : NULL > level : 0x0001 (1) > count : * > count : 0x00000000 (0) >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0078 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000044 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000060 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0060 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0061 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0062 auth_pad_len : 04 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0063 auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0064 auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=202 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=27 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 120 (0x78) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=135 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 00 10 00 0F 00 00 00 44 .......x .......D > [020] 00 00 00 00 00 0F 00 99 68 35 8F 2A 53 18 5D 9A ........ h5.*S.]. > [030] B7 D1 5B 15 DE BE 58 35 D4 E8 CA F0 E3 B6 46 1B ..[...X5 ......F. > [040] 96 34 E9 14 B3 B3 85 25 C9 21 0C A5 2C 5B 02 4F .4.....% .!..,[.O > [050] 57 6C 05 94 39 BC 26 57 BF 6C 56 C1 05 5A 4B 01 Wl..9.&W .lV..ZK. > [060] 32 0C 70 DE BF 8D 0B 08 E3 62 91 27 AA 24 B0 09 2.p..... .b.'.$.. > [070] 06 04 00 01 00 00 00 01 00 00 00 71 90 32 5F D9 ........ ...q.2_. > [080] 93 25 C4 02 00 00 00 .%..... >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 50 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 67 AE 32 AD A1 2D 0B 3E g.2..-.> >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 51 mid = 27 >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,206) >[2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,206) wrote 206 >[2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 248 >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=248 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=27 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 192 (0xC0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=193 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 C0 00 10 00 0F 00 00 x....... ........ > [010] 00 90 00 00 00 00 00 00 00 CA 67 68 EF A4 24 2A ........ ..gh..$* > [020] FE EB 4F 4F 84 54 10 59 B7 F7 B4 F3 2D 44 2E 4A ..OO.T.Y ....-D.J > [030] A0 52 D4 4A F5 C1 91 7A E9 BF 64 87 C1 53 9D 37 .R.J...z ..d..S.7 > [040] 6D 01 3B 6A C7 1F A1 17 B1 86 47 43 F2 86 BE 5F m.;j.... ..GC..._ > [050] 99 FB 55 E1 A4 08 0D FA 9A 61 07 F9 8B 27 A4 17 ..U..... .a...'.. > [060] 28 56 6B EA E3 20 97 4C 4C D2 4B 86 31 13 5B B9 (Vk.. .L L.K.1.[. > [070] 61 EA 47 02 1C F0 E3 3F DC F4 F5 4B 14 F6 FA C9 a.G....? ...K.... > [080] 07 6D 7E AC B2 90 27 5C 20 60 A1 D7 56 C3 57 74 .m~...'\ `..V.Wt > [090] A6 67 3C FA F9 06 92 35 23 60 C9 F2 2D C3 34 81 .g<....5 #`..-.4. > [0A0] 36 A8 C8 0A A3 B2 CC 5B 96 09 06 00 00 01 00 00 6......[ ........ > [0B0] 00 01 00 00 00 29 5E E6 20 38 F3 83 78 02 00 00 .....)^. 8..x... > [0C0] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 51 mid = 27 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 51 >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 51: got good SMB signature of >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 3D 73 CD 0A CA 65 1C 4C =s...e.L >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) >[2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) > size=248 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=27 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 192 (0xC0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=193 >[2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 C0 00 10 00 0F 00 00 x....... ........ > [010] 00 90 00 00 00 00 00 00 00 CA 67 68 EF A4 24 2A ........ ..gh..$* > [020] FE EB 4F 4F 84 54 10 59 B7 F7 B4 F3 2D 44 2E 4A ..OO.T.Y ....-D.J > [030] A0 52 D4 4A F5 C1 91 7A E9 BF 64 87 C1 53 9D 37 .R.J...z ..d..S.7 > [040] 6D 01 3B 6A C7 1F A1 17 B1 86 47 43 F2 86 BE 5F m.;j.... ..GC..._ > [050] 99 FB 55 E1 A4 08 0D FA 9A 61 07 F9 8B 27 A4 17 ..U..... .a...'.. > [060] 28 56 6B EA E3 20 97 4C 4C D2 4B 86 31 13 5B B9 (Vk.. .L L.K.1.[. > [070] 61 EA 47 02 1C F0 E3 3F DC F4 F5 4B 14 F6 FA C9 a.G....? ...K.... > [080] 07 6D 7E AC B2 90 27 5C 20 60 A1 D7 56 C3 57 74 .m~...'\ `..V.Wt > [090] A6 67 3C FA F9 06 92 35 23 60 C9 F2 2D C3 34 81 .g<....5 #`..-.4. > [0A0] 36 A8 C8 0A A3 B2 CC 5B 96 09 06 00 00 01 00 00 6......[ ........ > [0B0] 00 01 00 00 00 29 5E E6 20 38 F3 83 78 02 00 00 .....)^. 8..x... > [0C0] 00 . >[2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 51 mid = 27 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00c0 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000f >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000090 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) > 0000a8 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a8 auth_type : 09 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00a9 auth_level : 06 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00aa auth_pad_len : 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 00ab auth_reserved: 00 >[2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 00ac auth_context_id: 00000001 >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 192, data_len 144, ss_len 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 192 at offset 0 >[2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 288 bytes. > lsa_LookupSids: struct lsa_LookupSids > out: struct lsa_LookupSids > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0018 (24) > size : 0x001a (26) > string : * > string : 'NT AUTHORITY' > sid : * > sid : S-1-5 > max_size : 0x00000020 (32) > names : * > names: struct lsa_TransNameArray > count : 0x00000001 (1) > names : * > names: ARRAY(1) > names: struct lsa_TranslatedName > sid_type : SID_NAME_WKN_GRP (5) > name: struct lsa_String > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'NETWORK' > sid_index : 0x00000000 (0) > count : * > count : 0x00000001 (1) > result : NT_STATUS_OK >[2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids_noalloc(171) > LSA_LOOKUPSIDS returned 'NT_STATUS_OK', mapped count = 1' >[2008/12/09 16:14:18, 5] winbindd/winbindd_rpc.c:msrpc_sid_to_name(361) > Mapped sid to [NT AUTHORITY]\[NETWORK] >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) > wcache_save_sid_to_name: S-1-5-2 -> NETWORK (NT_STATUS_OK) >[2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:15:01, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 21 >[2008/12/09 16:15:01, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPNAME >[2008/12/09 16:15:01, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) > [ 4112]: lookupname AHUS+root >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:name_to_sid(1449) > name_to_sid: [Cached] - doing backend query for name for domain AHUS >[2008/12/09 16:15:01, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(295) > rpc: name_to_sid name=AHUS\root >[2008/12/09 16:15:01, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(299) > name_to_sid [rpc] AHUS\root for domain AHUS > lsa_LookupNames: struct lsa_LookupNames > in: struct lsa_LookupNames > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d469b8bc-bca5-4814-927a-7095f9372563 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x0012 (18) > size : 0x0012 (18) > string : * > string : 'AHUS\root' > sids : * > sids: struct lsa_TransSidArray > count : 0x00000000 (0) > sids : NULL > level : LSA_LOOKUP_NAMES_ALL (1) > count : * > count : 0x00000000 (0) >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0088 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000010 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000054 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000e >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000070 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0070 auth_type : 09 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0071 auth_level : 06 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0072 auth_pad_len : 04 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0073 auth_reserved: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0074 auth_context_id: 00000001 >[2008/12/09 16:15:01, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2008/12/09 16:15:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:15:01, 5] lib/util.c:show_msg(642) >[2008/12/09 16:15:01, 5] lib/util.c:show_msg(652) > size=218 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=28 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 136 (0x88) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 136 (0x88) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=151 >[2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 88 00 10 00 10 00 00 00 54 ........ .......T > [020] 00 00 00 00 00 0E 00 54 9B 57 E2 7B C4 D7 5F 40 .......T .W.{.._@ > [030] 5E E8 73 16 DE 9C 2A 5F 1E BB C3 C9 9C 1C B9 66 ^.s...*_ .......f > [040] C5 53 7E B6 ED C6 B0 7A F6 BC AE 8C A3 3E 3F 70 .S~....z .....>?p > [050] 19 83 AA 1E F8 E3 43 70 D4 2C 5E D2 AA E7 DD A3 ......Cp .,^..... > [060] 56 7E C9 43 A8 83 07 08 CA F2 F1 00 4B D3 75 CF V~.C.... ....K.u. > [070] 9A 6B 1F 23 93 12 6E BF 29 75 68 73 34 9E 90 09 .k.#..n. )uhs4... > [080] 06 04 00 01 00 00 00 01 00 00 00 B4 00 3C 5D 20 ........ .....<] > [090] 49 43 65 03 00 00 00 ICe.... >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 52 >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) > [000] C6 29 CE D5 3E F5 37 34 .)..>.74 >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 53 mid = 28 >[2008/12/09 16:15:01, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,222) >[2008/12/09 16:15:01, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,222) wrote 222 >[2008/12/09 16:15:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 216 >[2008/12/09 16:15:01, 5] lib/util.c:show_msg(642) >[2008/12/09 16:15:01, 5] lib/util.c:show_msg(652) > size=216 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=28 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 160 (0xA0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=161 >[2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) > [000] 88 05 00 02 03 10 00 00 00 A0 00 10 00 10 00 00 ........ ........ > [010] 00 70 00 00 00 00 00 00 00 60 42 CE FE E2 AD 7E .p...... .`B....~ > [020] 80 C7 BA D9 5B 64 E5 8B 7B 8C 4D 81 57 01 0D 33 ....[d.. {.M.W..3 > [030] 0B CF 9B 49 82 22 E8 2C 08 BF 87 0C 0E AB AD 4F ...I."., .......O > [040] 0C E2 A1 42 80 01 B6 BF 92 6F BF FC 8E CB 53 1B ...B.... .o....S. > [050] D4 FF 30 EB 63 53 11 65 DC 16 01 A8 35 77 82 E3 ..0.cS.e ....5w.. > [060] 7A 25 1C 35 4D 1E E8 28 AA EC 42 A9 30 68 AF 9F z%.5M..( ..B.0h.. > [070] 5A D9 5C B0 85 40 D6 19 D1 5B 35 4F E4 28 CD A0 Z.\..@.. .[5O.(.. > [080] 4D 53 DE 86 A9 0D 22 67 E6 09 06 00 00 01 00 00 MS...."g ........ > [090] 00 01 00 00 00 AD 58 0D 7F C7 5F 33 11 03 00 00 ......X. .._3.... > [0A0] 00 . >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 53 mid = 28 >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 53 >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 53: got good SMB signature of >[2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) > [000] E8 57 B1 B6 38 AA C2 41 .W..8..A >[2008/12/09 16:15:01, 5] lib/util.c:show_msg(642) >[2008/12/09 16:15:01, 5] lib/util.c:show_msg(652) > size=216 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=28 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 160 (0xA0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=161 >[2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) > [000] 88 05 00 02 03 10 00 00 00 A0 00 10 00 10 00 00 ........ ........ > [010] 00 70 00 00 00 00 00 00 00 60 42 CE FE E2 AD 7E .p...... .`B....~ > [020] 80 C7 BA D9 5B 64 E5 8B 7B 8C 4D 81 57 01 0D 33 ....[d.. {.M.W..3 > [030] 0B CF 9B 49 82 22 E8 2C 08 BF 87 0C 0E AB AD 4F ...I."., .......O > [040] 0C E2 A1 42 80 01 B6 BF 92 6F BF FC 8E CB 53 1B ...B.... .o....S. > [050] D4 FF 30 EB 63 53 11 65 DC 16 01 A8 35 77 82 E3 ..0.cS.e ....5w.. > [060] 7A 25 1C 35 4D 1E E8 28 AA EC 42 A9 30 68 AF 9F z%.5M..( ..B.0h.. > [070] 5A D9 5C B0 85 40 D6 19 D1 5B 35 4F E4 28 CD A0 Z.\..@.. .[5O.(.. > [080] 4D 53 DE 86 A9 0D 22 67 E6 09 06 00 00 01 00 00 MS...."g ........ > [090] 00 01 00 00 00 AD 58 0D 7F C7 5F 33 11 03 00 00 ......X. .._3.... > [0A0] 00 . >[2008/12/09 16:15:01, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 53 mid = 28 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00a0 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000010 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000070 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000088 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0088 auth_type : 09 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0089 auth_level : 06 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008a auth_pad_len : 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 008b auth_reserved: 00 >[2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 008c auth_context_id: 00000001 >[2008/12/09 16:15:01, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2008/12/09 16:15:01, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2008/12/09 16:15:01, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 160, data_len 112, ss_len 0 >[2008/12/09 16:15:01, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 160 at offset 0 >[2008/12/09 16:15:01, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 224 bytes. > lsa_LookupNames: struct lsa_LookupNames > out: struct lsa_LookupNames > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0008 (8) > size : 0x000a (10) > string : * > string : 'AHUS' > sid : * > sid : S-1-5-21-800612262-1210951328-1076162327 > max_size : 0x00000020 (32) > sids : * > sids: struct lsa_TransSidArray > count : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_TranslatedSid > sid_type : SID_NAME_UNKNOWN (8) > rid : 0x00000000 (0) > sid_index : 0x00000000 (0) > count : * > count : 0x00000000 (0) > result : NT_STATUS_NONE_MAPPED >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:wcache_save_name_to_sid(870) > wcache_save_name_to_sid: AHUS\ROOT -> S-0-0 (NT_STATUS_NONE_MAPPED) >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) > wcache_save_sid_to_name: S-0-0 -> root (NT_STATUS_NONE_MAPPED) >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:15:01, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 21 >[2008/12/09 16:15:01, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPNAME >[2008/12/09 16:15:01, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) > [ 4112]: lookupname AHUS+root >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:centry_expired(578) > centry_expired: Key NS/AHUS/ROOT for domain AHUS is good. >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:wcache_fetch(662) > wcache_fetch: returning entry NS/AHUS/ROOT for domain AHUS >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:name_to_sid(1429) > name_to_sid: [Cached] - cached name for domain AHUS status: NT_STATUS_NONE_MAPPED >[2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:15:56, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 21 >[2008/12/09 16:15:56, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPNAME >[2008/12/09 16:15:56, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) > [ 4112]: lookupname SIAADM+Domain Users >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:name_to_sid(1449) > name_to_sid: [Cached] - doing backend query for name for domain AHUS >[2008/12/09 16:15:56, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(295) > rpc: name_to_sid name=SIAADM\Domain Users >[2008/12/09 16:15:56, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(299) > name_to_sid [rpc] SIAADM\Domain Users for domain SIAADM > lsa_LookupNames: struct lsa_LookupNames > in: struct lsa_LookupNames > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d469b8bc-bca5-4814-927a-7095f9372563 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x0026 (38) > size : 0x0026 (38) > string : * > string : 'SIAADM\Domain Users' > sids : * > sids: struct lsa_TransSidArray > count : 0x00000000 (0) > sids : NULL > level : LSA_LOOKUP_NAMES_ALL (1) > count : * > count : 0x00000000 (0) >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0098 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000011 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000068 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000e >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000080 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0080 auth_type : 09 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0081 auth_level : 06 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0082 auth_pad_len : 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0083 auth_reserved: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0084 auth_context_id: 00000001 >[2008/12/09 16:15:56, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2008/12/09 16:15:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b >[2008/12/09 16:15:56, 5] lib/util.c:show_msg(642) >[2008/12/09 16:15:56, 5] lib/util.c:show_msg(652) > size=234 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=29 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 152 (0x98) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 152 (0x98) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49163 (0xC00B) > smb_bcc=167 >[2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 98 00 10 00 11 00 00 00 68 ........ .......h > [020] 00 00 00 00 00 0E 00 0F A7 1E 24 8C 65 B8 2A 2B ........ ..$.e.*+ > [030] 0C 04 24 EE 41 3C F3 36 4E 76 14 9B 89 51 B0 B3 ..$.A<.6 Nv...Q.. > [040] C7 F0 80 45 B4 11 5F 7A 1A A1 D5 74 12 74 28 FB ...E.._z ...t.t(. > [050] 5B 83 64 A9 5A 6A 57 E7 B7 1E 5F AA 3C 2D 7F 6A [.d.ZjW. .._.<-.j > [060] 7C 39 18 42 43 F7 94 0B 2A 0B 88 74 4C 76 52 05 |9.BC... *..tLvR. > [070] E2 4C 9D DE 04 E2 DD C3 37 64 0B 0B 1E 2F 48 37 .L...... 7d.../H7 > [080] A4 C2 0C F3 38 70 AC 88 F3 A3 79 38 5C AE D3 09 ....8p.. ..y8\... > [090] 06 00 00 01 00 00 00 01 00 00 00 83 B1 14 1B C5 ........ ........ > [0A0] 7E 75 83 04 00 00 00 ~u..... >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 54 >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) > [000] 89 7C 13 28 D7 5A F1 FD .|.(.Z.. >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 55 mid = 29 >[2008/12/09 16:15:56, 6] libsmb/clientgen.c:write_socket(236) > write_socket(18,238) >[2008/12/09 16:15:56, 6] libsmb/clientgen.c:write_socket(239) > write_socket(18,238) wrote 238 >[2008/12/09 16:15:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 232 >[2008/12/09 16:15:56, 5] lib/util.c:show_msg(642) >[2008/12/09 16:15:56, 5] lib/util.c:show_msg(652) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=29 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 176 (0xB0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 176 (0xB0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=177 >[2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) > [000] 98 05 00 02 03 10 00 00 00 B0 00 10 00 11 00 00 ........ ........ > [010] 00 74 00 00 00 00 00 00 00 6C 99 B3 0C 91 FD E4 .t...... .l...... > [020] 61 55 6C 44 60 BF 5C D3 05 31 06 A6 3F 77 38 83 aUlD`.\. .1..?w8. > [030] B4 96 BF 52 B0 76 14 69 57 69 C2 01 46 89 59 E0 ...R.v.i Wi..F.Y. > [040] 9D B6 37 08 51 4E B6 EE EE 25 96 4C 92 BC 17 A0 ..7.QN.. .%.L.... > [050] 5A 5D 79 09 DD 19 36 11 4F A8 3E EE 47 A3 C2 B4 Z]y...6. O.>.G... > [060] 42 84 BA 3A 81 7A F6 75 D6 78 0B 11 B3 24 72 5C B..:.z.u .x...$r\ > [070] 81 80 6E 5A FB 50 3A 1F 2B 6C 32 6D 8D AF C0 F4 ..nZ.P:. +l2m.... > [080] 02 4C 04 FE AC 65 EB F2 0E 24 1C 30 DD F5 32 11 .L...e.. .$.0..2. > [090] F9 BF 7F 93 81 E6 2B 14 AE 09 06 0C 00 01 00 00 ......+. ........ > [0A0] 00 01 00 00 00 A4 A9 A4 37 4E 7A 28 74 04 00 00 ........ 7Nz(t... > [0B0] 00 . >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 55 mid = 29 >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 55 >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 55: got good SMB signature of >[2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) > [000] 3E EA A4 BB 42 99 66 43 >...B.fC >[2008/12/09 16:15:56, 5] lib/util.c:show_msg(642) >[2008/12/09 16:15:56, 5] lib/util.c:show_msg(652) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=16387 > smb_pid=4113 > smb_uid=30721 > smb_mid=29 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 176 (0xB0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 176 (0xB0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=177 >[2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) > [000] 98 05 00 02 03 10 00 00 00 B0 00 10 00 11 00 00 ........ ........ > [010] 00 74 00 00 00 00 00 00 00 6C 99 B3 0C 91 FD E4 .t...... .l...... > [020] 61 55 6C 44 60 BF 5C D3 05 31 06 A6 3F 77 38 83 aUlD`.\. .1..?w8. > [030] B4 96 BF 52 B0 76 14 69 57 69 C2 01 46 89 59 E0 ...R.v.i Wi..F.Y. > [040] 9D B6 37 08 51 4E B6 EE EE 25 96 4C 92 BC 17 A0 ..7.QN.. .%.L.... > [050] 5A 5D 79 09 DD 19 36 11 4F A8 3E EE 47 A3 C2 B4 Z]y...6. O.>.G... > [060] 42 84 BA 3A 81 7A F6 75 D6 78 0B 11 B3 24 72 5C B..:.z.u .x...$r\ > [070] 81 80 6E 5A FB 50 3A 1F 2B 6C 32 6D 8D AF C0 F4 ..nZ.P:. +l2m.... > [080] 02 4C 04 FE AC 65 EB F2 0E 24 1C 30 DD F5 32 11 .L...e.. .$.0..2. > [090] F9 BF 7F 93 81 E6 2B 14 AE 09 06 0C 00 01 00 00 ......+. ........ > [0A0] 00 01 00 00 00 A4 A9 A4 37 4E 7A 28 74 04 00 00 ........ 7Nz(t... > [0B0] 00 . >[2008/12/09 16:15:56, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 55 mid = 29 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00b0 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000011 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000074 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000098 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0098 auth_type : 09 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0099 auth_level : 06 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009a auth_pad_len : 0c >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 009b auth_reserved: 00 >[2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 009c auth_context_id: 00000001 >[2008/12/09 16:15:56, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2008/12/09 16:15:56, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2008/12/09 16:15:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 176, data_len 116, ss_len 12 >[2008/12/09 16:15:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 176 at offset 0 >[2008/12/09 16:15:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 232 bytes. > lsa_LookupNames: struct lsa_LookupNames > out: struct lsa_LookupNames > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x000c (12) > size : 0x000e (14) > string : * > string : 'SIAADM' > sid : * > sid : S-1-5-21-29509730-458046710-584457872 > max_size : 0x00000020 (32) > sids : * > sids: struct lsa_TransSidArray > count : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_TranslatedSid > sid_type : SID_NAME_DOM_GRP (2) > rid : 0x00000201 (513) > sid_index : 0x00000000 (0) > count : * > count : 0x00000001 (1) > result : NT_STATUS_OK >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:wcache_save_name_to_sid(870) > wcache_save_name_to_sid: SIAADM\DOMAIN USERS -> S-1-5-21-29509730-458046710-584457872-513 (NT_STATUS_OK) >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) > wcache_save_sid_to_name: S-1-5-21-29509730-458046710-584457872-513 -> domain users (NT_STATUS_OK) >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:15:56, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 20 >[2008/12/09 16:15:56, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPSID >[2008/12/09 16:15:56, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) > [ 4112]: lookupsid S-1-5-21-29509730-458046710-584457872-513 >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:centry_expired(578) > centry_expired: Key SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS is good. >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:wcache_fetch(662) > wcache_fetch: returning entry SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:sid_to_name(1502) > sid_to_name: [Cached] - cached name for domain AHUS status: NT_STATUS_OK >[2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:18:14, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 21 >[2008/12/09 16:18:14, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPNAME >[2008/12/09 16:18:14, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) > [ 4112]: lookupname SIAADM+Domain Users >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:centry_expired(578) > centry_expired: Key NS/SIAADM/DOMAIN USERS for domain AHUS is good. >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:wcache_fetch(662) > wcache_fetch: returning entry NS/SIAADM/DOMAIN USERS for domain AHUS >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:name_to_sid(1429) > name_to_sid: [Cached] - cached name for domain AHUS status: NT_STATUS_OK >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:18:14, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 20 >[2008/12/09 16:18:14, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LOOKUPSID >[2008/12/09 16:18:14, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) > [ 4112]: lookupsid S-1-5-21-29509730-458046710-584457872-513 >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) > refresh_sequence_number: AHUS time ok >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827549 >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:centry_expired(578) > centry_expired: Key SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS is good. >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:wcache_fetch(662) > wcache_fetch: returning entry SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:sid_to_name(1502) > sid_to_name: [Cached] - cached name for domain AHUS status: NT_STATUS_OK >[2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4113, len 3496 >[2008/12/09 16:19:17, 5] lib/gencache.c:gencache_shutdown(93) > Closing cache file >[2008/12/09 16:19:47, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) > child daemon request 19 >[2008/12/09 16:19:47, 10] winbindd/winbindd_dual.c:child_process_request(433) > child_process_request: request fn LIST_TRUSTDOM >[2008/12/09 16:19:47, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) > [ 4112]: list trusted domains >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(420) > fetch_cache_seqnum: timeout [AHUS][42827549 @ 1228835658] >[2008/12/09 16:19:47, 3] winbindd/winbindd_ads.c:sequence_number(1120) > ads: fetch sequence_number for AHUS >[2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:ads_cached_connection(45) > ads_cached_connection >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:19:47, 4] libsmb/namequery_dc.c:ads_dc_name(73) > ads_dc_name: domain=AHUS >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:19:47, 6] libads/ldap.c:ads_find_dc(318) > ads_find_dc: looking for realm 'ahus.no' >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_sorted_dc_list(2093) > get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:19:47, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000001bc (444) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 0: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 > forest : 'ahus.no' > dns_domain : 'ahus.no' > pdc_dns_name : 'bredde.ahus.no' > domain : 'AHUS' > pdc_name : 'BREDDE' > user_name : '' > server_site : 'SIAADM' > client_site : 'SIAADM' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647660 seconds ahead) >[2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647660 seconds ahead) >[2008/12/09 16:19:47, 3] libads/ldap.c:ads_connect(430) > Successfully contacted LDAP server 10.132.16.21 >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:19:47, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/12/09 16:19:47, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(871) > create_local_private_krb5_conf_for_domain: fname = /var/lock/samba/smb_krb5/krb5.conf.AHUS, realm = ahus.no, domain = AHUS >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename (null)) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:19:47, 10] libads/kerberos.c:get_kdc_ip_string(820) > get_kdc_ip_string: Returning kdc = 10.132.16.21 > >[2008/12/09 16:19:47, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(946) > create_local_private_krb5_conf_for_domain: wrote file /var/lock/samba/smb_krb5/krb5.conf.AHUS with realm AHUS.NO KDC list = kdc = 10.132.16.21 > >[2008/12/09 16:19:47, 4] libsmb/namequery_dc.c:ads_dc_name(143) > ads_dc_name: using server='BREDDE.AHUS.NO' IP=10.132.16.21 >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for ahus.no: "SIAADM" >[2008/12/09 16:19:47, 6] libads/ldap.c:ads_find_dc(318) > ads_find_dc: looking for realm 'ahus.no' >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_sorted_dc_list(2093) > get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain >[2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "bredde.ahus.no, *" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:19:47, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000001bc (444) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 0: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 > forest : 'ahus.no' > dns_domain : 'ahus.no' > pdc_dns_name : 'bredde.ahus.no' > domain : 'AHUS' > pdc_name : 'BREDDE' > user_name : '' > server_site : 'SIAADM' > client_site : 'SIAADM' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647660 seconds ahead) >[2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647660 seconds ahead) >[2008/12/09 16:19:47, 3] libads/ldap.c:ads_connect(430) > Successfully contacted LDAP server 10.132.16.21 >[2008/12/09 16:19:47, 10] libads/ldap.c:ldap_open_with_timeout(62) > Opening connection to LDAP server 'bredde.ahus.no:389', timeout 15 seconds >[2008/12/09 16:19:47, 10] libads/ldap.c:ldap_open_with_timeout(76) > Connected to LDAP server 'bredde.ahus.no:389' >[2008/12/09 16:19:47, 3] libads/ldap.c:ads_connect(480) > Connected to LDAP server bredde.ahus.no >[2008/12/09 16:19:47, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [AHUS], server = [10.132.16.21], expire = [1228836887] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS; value = 10.132.16.21 and timeout = Tue Dec 9 16:34:47 2008 > (900 seconds ahead) >[2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [ahus.no], server = [10.132.16.21], expire = [1228836887] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = 10.132.16.21 and timeout = Tue Dec 9 16:34:47 2008 > (900 seconds ahead) >[2008/12/09 16:19:47, 4] libads/ldap.c:ads_current_time(2607) > time offset is 76 seconds >[2008/12/09 16:19:47, 4] libads/sasl.c:ads_sasl_bind(1112) > Found SASL mechanism GSS-SPNEGO >[2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >[2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >[2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >[2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >[2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(789) > ads_sasl_spnego_bind: got server principal name = bredde$@AHUS.NO >[2008/12/09 16:19:47, 4] libsmb/clikrb5.c:ads_krb5_mk_req(688) > ads_krb5_mk_req: Advancing clock by 76 seconds to cope with clock skew >[2008/12/09 16:19:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Wed, 10 Dec 2008 02:15:56 CET >[2008/12/09 16:19:47, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) > ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:winbind_ccache) is valid until: (Wed, 10 Dec 2008 02:15:56 CET - 1228871756) >[2008/12/09 16:19:47, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) > Got KRB5 session key of length 16 >[2008/12/09 16:19:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) > Search for (objectclass=*) in <> gave 1 replies >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:store_cache_seqnum(456) > store_cache_seqnum: success [AHUS][42827590 @ 1228835987] >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) > refresh_sequence_number: AHUS seq number is now 42827590 >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:trusted_domains(2106) > trusted_domains: [Cached] - doing backend query for info for domain AHUS >[2008/12/09 16:19:47, 3] winbindd/winbindd_ads.c:trusted_domains(1171) > ads: trusted_domains >[2008/12/09 16:19:47, 3] winbindd/winbindd_cm.c:connection_ok(1576) > connection_ok: Connection to bredde.ahus.no for domain AHUS has died or was never started (fd == -1) >[2008/12/09 16:19:47, 1] libsmb/clientgen.c:cli_rpc_pipe_close(559) > cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xc008 to machine bredde.ahus.no. Error was SUCCESS - 0 >[2008/12/09 16:19:47, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine bredde.ahus.no >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS, value = 10.132.16.21, timeout = Tue Dec 9 16:34:47 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "10.132.16.21" for "AHUS" domain >[2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:cm_open_connection(1398) > cm_open_connection: saf_servername is '10.132.16.21' for domain AHUS >[2008/12/09 16:19:47, 5] libads/ldap.c:ads_try_connect(188) > ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) > r : union nbt_cldap_netlogon(case 6) > logon5: struct nbt_cldap_netlogon_5 > type : NETLOGON_RESPONSE_FROM_PDC2 (23) > sbz : 0x0000 (0) > server_type : 0x000001bc (444) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 0: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 > forest : 'ahus.no' > dns_domain : 'ahus.no' > pdc_dns_name : 'bredde.ahus.no' > domain : 'AHUS' > pdc_name : 'BREDDE' > user_name : '' > server_site : 'SIAADM' > client_site : 'SIAADM' > nt_version : 0x00000005 (5) > 1: NETLOGON_VERSION_1 > 0: NETLOGON_VERSION_5 > 1: NETLOGON_VERSION_5EX > 0: NETLOGON_VERSION_5EX_WITH_IP > 0: NETLOGON_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_VERSION_AVOID_NT4_EMUL > 0: NETLOGON_VERSION_PDC > 0: NETLOGON_VERSION_IP > 0: NETLOGON_VERSION_LOCAL > 0: NETLOGON_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647660 seconds ahead) >[2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 > (918647660 seconds ahead) >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_store(143) > namecache_store: storing 1 address for bredde.ahus.no#20: 10.132.16.21 >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = NBT/BREDDE.AHUS.NO#20; value = 10.132.16.21:0 and timeout = Tue Dec 9 16:30:47 2008 > (660 seconds ahead) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:dcip_to_name(1077) > dcip_to_name: flags = 0x1bc >[2008/12/09 16:19:47, 10] libads/ldap.c:ads_closest_dc(155) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:19:47, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(871) > create_local_private_krb5_conf_for_domain: fname = /var/lock/samba/smb_krb5/krb5.conf.AHUS, realm = ahus.no, domain = AHUS >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = 10.132.16.21, timeout = Tue Dec 9 16:34:47 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "10.132.16.21" for "ahus.no" domain >[2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "10.132.16.21, *" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = 10.132.16.21, timeout = Tue Dec 9 16:34:47 2008 >[2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) > saf_fetch: Returning "10.132.16.21" for "ahus.no" domain >[2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) > get_dc_list: preferred server list: "10.132.16.21, *" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up ahus.no#1c (sitename (null)) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name ahus.no#1C found. >[2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) > Adding 1 DC's from auto lookup >[2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) > get_dc_list: returning 1 ip addresses in an ordered list >[2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) > get_dc_list: 10.132.16.21:389 >[2008/12/09 16:19:47, 10] libads/kerberos.c:get_kdc_ip_string(820) > get_kdc_ip_string: Returning kdc = 10.132.16.21 > >[2008/12/09 16:19:47, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(946) > create_local_private_krb5_conf_for_domain: wrote file /var/lock/samba/smb_krb5/krb5.conf.AHUS with realm AHUS.NO KDC list = kdc = 10.132.16.21 > >[2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [AHUS], server = [bredde.ahus.no], expire = [1228836887] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 > (900 seconds ahead) >[2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [ahus.no], server = [bredde.ahus.no], expire = [1228836887] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 > (900 seconds ahead) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:cm_open_connection(1430) > cm_open_connection: dcname is 'bredde.ahus.no' for domain AHUS >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 >[2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" >[2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:30:47 2008 >[2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) > name bredde.ahus.no#20 found. >[2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:cm_prepare_connection(753) > cm_prepare_connection: connecting to DC bredde.ahus.no for domain AHUS >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,194) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,194) wrote 194 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 172 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=172 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=4428 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=47232 (0xB880) > smb_vwv[12]=37941 (0x9435) > smb_vwv[13]= 4543 (0x11BF) > smb_vwv[14]=51546 (0xC95A) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=103 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. > [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ > [060] 41 48 55 53 2E 4E 4F AHUS.NO >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=172 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=4428 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=47232 (0xB880) > smb_vwv[12]=37941 (0x9435) > smb_vwv[13]= 4543 (0x11BF) > smb_vwv[14]=51546 (0xC95A) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=103 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. > [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ > [060] 41 48 55 53 2E 4E 4F AHUS.NO >[2008/12/09 16:19:47, 5] winbindd/winbindd_cm.c:cm_prepare_connection(831) > connecting to bredde.ahus.no from LORDVADER with kerberos principal [LORDVADER$@AHUS.NO] and realm [ahus.no] >[2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) > Doing spnego session setup (blob length=103) >[2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 48018 1 2 2 >[2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 113554 1 2 2 >[2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 2 840 113554 1 2 2 3 >[2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) > got OID=1 3 6 1 4 1 311 2 2 10 >[2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) > got principal=bredde$@AHUS.NO >[2008/12/09 16:19:47, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) > kerberos_kinit_password: as LORDVADER$@AHUS.NO using [MEMORY:cliconnect] as ccache and config [/var/lock/samba/smb_krb5/krb5.conf.AHUS] >[2008/12/09 16:19:47, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) > Doing kerberos session setup >[2008/12/09 16:19:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Wed, 10 Dec 2008 02:14:18 CET >[2008/12/09 16:19:47, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) > ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:cliconnect) is valid until: (Wed, 10 Dec 2008 02:14:18 CET - 1228871658) >[2008/12/09 16:19:47, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) > Got KRB5 session key of length 16 >[2008/12/09 16:19:47, 5] libsmb/smb_signing.c:set_smb_signing_real_common(140) > Mandatory SMB signing enabled! >[2008/12/09 16:19:47, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) > SMB signing enabled! >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) > cli_simple_set_signing: user_session_key >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] C0 65 EB 35 EF 82 53 52 D4 37 55 72 26 28 62 11 .e.5..SR .7Ur&(b. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) > cli_simple_set_signing: NULL response_data >[2008/12/09 16:19:47, 10] libsmb/cliconnect.c:cli_session_setup_blob(578) > cli_session_setup_blob: Remaining (0) sending (1139) current (1139) >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 0 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 5E 6D A2 83 9D 1D 98 1F ^m...... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 1 mid = 2 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,1224) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,1224) wrote 1224 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 197 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=197 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=4428 > smb_uid=4096 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 197 (0xC5) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 26 (0x1A) > smb_bcc=154 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H > [010] 82 F7 12 01 02 02 A2 02 04 00 89 57 00 69 00 6E ........ ...W.i.n > [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n > [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 1 mid = 2 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 1 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 1: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] FA B5 99 B3 42 8F 01 8D ....B... >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=197 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=4428 > smb_uid=4096 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 197 (0xC5) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 26 (0x1A) > smb_bcc=154 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H > [010] 82 F7 12 01 02 02 A2 02 04 00 89 57 00 69 00 6E ........ ...W.i.n > [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n > [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r > [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 > [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >[2008/12/09 16:19:47, 10] libsmb/clientgen.c:cli_init_creds(429) > cli_init_creds: user LORDVADER$ domain AHUS >[2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [AHUS], server = [bredde.ahus.no], expire = [1228836887] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 > (900 seconds ahead) >[2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) > saf_store: domain = [ahus.no], server = [bredde.ahus.no], expire = [1228836887] >[2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 > (900 seconds ahead) >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 2 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] C8 8F 05 B7 50 2E C0 60 ....P..` >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 3 mid = 3 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,96) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,96) wrote 96 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 56 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=3 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 49 50 43 00 00 00 00 IPC.... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 3 mid = 3 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 3 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 3: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] B3 95 BC 14 B8 B2 DE 5A .......Z >[2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:set_domain_online(385) > set_domain_online: called for domain AHUS >[2008/12/09 16:19:47, 10] lib/messages_local.c:messaging_tdb_store(215) > messaging_tdb_store: > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : 0x00000403 (1027) > dest: struct server_id > id : 0x00001012 (4114) > src: struct server_id > id : 0x0000114c (4428) > buf : DATA_BLOB length=5 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 41 48 55 53 00 AHUS. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 4 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 2D 69 6C 80 78 58 DA C2 -il.xX.. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 5 mid = 4 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,108) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,108) wrote 108 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 5 mid = 4 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 5 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 5: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] D2 4D B1 0D 73 E1 4E 78 .M..s.Nx >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[400a]: \NETLOGON auth_type 0, auth_level 0 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000015 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345678 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 cf fb >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16394 (0x400A) > smb_bcc=87 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 15 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 6 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 12 67 2E 59 87 5A 7B E6 .g.Y.Z{. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 7 mid = 5 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,158) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,158) wrote 158 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 124 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 H....... .D...... > [010] 00 B8 10 B8 10 D8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 26 1A 01 00 00 00 00 00 00 \lsass.& ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 5 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 7 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 7: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 0E 06 D1 21 1F E6 58 FE ...!..X. >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 H....... .D...... > [010] 00 B8 10 B8 10 D8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 26 1A 01 00 00 00 00 00 00 \lsass.& ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 5 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000015 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a returned 68 bytes. >[2008/12/09 16:19:47, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a bind request returned ok. >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000015 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261d8 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine bredde.ahus.no and bound anonymously. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > in: struct netr_ServerReqChallenge > server_name : * > server_name : '\\bredde.ahus.no' > computer_name : 'LORDVADER' > credentials : * > credentials: struct netr_Credential > data : 2e992acd7af27d85 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0074 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000016 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000005c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0004 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=198 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 116 (0x74) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16394 (0x400A) > smb_bcc=131 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 74 00 00 00 16 00 00 00 5C .......t .......\ > [020] 00 00 00 00 00 04 00 00 00 02 00 11 00 00 00 00 ........ ........ > [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e > [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s > [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0A 00 00 00 00 ...n.o.. ........ > [060] 00 00 00 0A 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V > [070] 00 41 00 44 00 45 00 52 00 00 00 2E 99 2A CD 7A .A.D.E.R .....*.z > [080] F2 7D 85 .}. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 8 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] D4 8D DD B4 39 26 50 BD ....9&P. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 9 mid = 6 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,202) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,202) wrote 202 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 92 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 t....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 B9 66 4F 53 DA BC CF ........ ..fOS... > [020] 8E 00 00 00 00 ..... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 6 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 9 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 9: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 0D E2 F8 3B A7 FC 3A E6 ...;..:. >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 t....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 B9 66 4F 53 DA BC CF ........ ..fOS... > [020] 8E 00 00 00 00 ..... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 6 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0024 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000016 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000000c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a returned 24 bytes. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > out: struct netr_ServerReqChallenge > return_credentials : * > return_credentials: struct netr_Credential > data : b9664f53dabccf8e > result : NT_STATUS_OK >[2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(294) > creds_client_init: neg_flags : 600fffff >[2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(295) > creds_client_init: client chal : 2E992ACD7AF27D85 >[2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(296) > creds_client_init: server chal : B9664F53DABCCF8E >[2008/12/09 16:19:47, 5] libsmb/credentials.c:creds_init_128(70) > creds_init_128 >[2008/12/09 16:19:47, 5] libsmb/credentials.c:creds_init_128(71) > clnt_chal_in: 2E992ACD7AF27D85 >[2008/12/09 16:19:47, 5] libsmb/credentials.c:creds_init_128(72) > srv_chal_in : B9664F53DABCCF8E >[2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(314) > creds_client_init: clnt : F3E6C61169FFABC5 >[2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(315) > creds_client_init: server : 4C695E0FE825DEE1 >[2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(316) > creds_client_init: seed : F3E6C61169FFABC5 > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > in: struct netr_ServerAuthenticate2 > server_name : * > server_name : '\\bredde.ahus.no' > account_name : 'LORDVADER$' > secure_channel_type : SEC_CHAN_WKSTA (2) > computer_name : 'LORDVADER' > credentials : * > credentials: struct netr_Credential > data : f3e6c61169ffabc5 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 009c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000017 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000084 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000f >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=238 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 156 (0x9C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 156 (0x9C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16394 (0x400A) > smb_bcc=171 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 9C 00 00 00 17 00 00 00 84 ........ ........ > [020] 00 00 00 00 00 0F 00 00 00 02 00 11 00 00 00 00 ........ ........ > [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e > [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s > [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0B 00 00 00 00 ...n.o.. ........ > [060] 00 00 00 0B 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V > [070] 00 41 00 44 00 45 00 52 00 24 00 00 00 02 00 0A .A.D.E.R .$...... > [080] 00 00 00 00 00 00 00 0A 00 00 00 4C 00 4F 00 52 ........ ...L.O.R > [090] 00 44 00 56 00 41 00 44 00 45 00 52 00 00 00 F3 .D.V.A.D .E.R.... > [0A0] E6 C6 11 69 FF AB C5 FF FF 0F 60 ...i.... ..` >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 10 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 53 5B 1D F8 2F 56 90 AA S[../V.. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 11 mid = 7 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,242) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,242) wrote 242 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 96 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 4C 69 5E 0F E8 25 DE ........ .Li^..%. > [020] E1 FF FF 0F 60 00 00 00 00 ....`... . >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 7 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 11 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 11: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 71 6B 1E 2C E7 A7 3A 33 qk.,..:3 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 4C 69 5E 0F E8 25 DE ........ .Li^..%. > [020] E1 FF FF 0F 60 00 00 00 00 ....`... . >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 7 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0028 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000017 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000010 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a returned 32 bytes. > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > out: struct netr_ServerAuthenticate2 > return_credentials : * > return_credentials: struct netr_Credential > data : 4c695e0fe825dee1 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL > result : NT_STATUS_OK >[2008/12/09 16:19:47, 10] libsmb/credentials.c:netlogon_creds_client_check(338) > netlogon_creds_client_check: credentials check OK. >[2008/12/09 16:19:47, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(221) > rpccli_netlogon_setup_creds: server bredde.ahus.no credential chain established. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 12 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 0A 96 7A E8 3B 44 0D 14 ..z.;D.. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 13 mid = 8 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,108) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,108) wrote 108 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 103 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=8 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2816 (0xB00) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 8 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 13 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 13: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 06 08 B6 8F FB 44 03 E7 .....D.. >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[400b]: \NETLOGON auth_type 2, auth_level 6 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 type1: 00000000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 type2: 00000003 >[2008/12/09 16:19:47, 6] lib/util.c:dump_data(2223) > [000] 41 48 55 53 AHUS >[2008/12/09 16:19:47, 6] lib/util.c:dump_data(2223) > [000] 4C 4F 52 44 56 41 44 45 52 LORDVADE R >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0067 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000018 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345678 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 cf fb >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 44 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=185 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 103 (0x67) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16395 (0x400B) > smb_bcc=118 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 67 00 17 00 18 00 00 00 B8 .......g ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 41 48 55 53 00 4C 4F 52 44 .......A HUS.LORD > [070] 56 41 44 45 52 00 VADER. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 14 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] A2 EB 76 0D 79 22 F6 1A ..v.y".. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 15 mid = 9 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,189) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,189) wrote 189 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 144 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 g....... .X...... > [010] 00 B8 10 B8 10 D9 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 D1 5D 01 00 00 00 00 00 00 \lsass.. ]....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 76 F4 17 ......v. . >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 9 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 15 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 15: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 80 8F 40 96 1B 14 A4 45 ..@....E >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 g....... .X...... > [010] 00 B8 10 B8 10 D9 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE > [020] 5C 6C 73 61 73 73 00 D1 5D 01 00 00 00 00 00 00 \lsass.. ]....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 76 F4 17 ......v. . >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 9 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0058 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 000c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000018 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b returned 88 bytes. >[2008/12/09 16:19:47, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b bind request returned ok. >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0058 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 000c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000018 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 002261d9 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsass. >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2554) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine bredde.ahus.no for domain AHUS and bound using schannel. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 16 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 24 99 B7 B3 C9 FA 5E A0 $.....^. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 17 mid = 10 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,45) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,45) wrote 45 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 35 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 17 mid = 10 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 17 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 17: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] E6 A9 C2 70 EB B7 8E B2 ...p.... >[2008/12/09 16:19:47, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine bredde.ahus.no > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'bredde.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0078 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0020 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000019 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0028 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000050 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0050 auth_type : 44 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0051 auth_level : 06 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0052 auth_pad_len : 04 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0053 auth_reserved: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0054 auth_context_id: 00000001 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2008/12/09 16:19:47, 10] rpc_parse/parse_prs.c:schannel_encode(1666) > SCHANNEL: schannel_encode seq_num=0 data_len=56 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000058 smb_io_rpc_auth_schannel_chk >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0058 sig : 77 00 7a 00 ff ff 00 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0060 seq_num: 07 23 a8 e6 3c 0e 2c 70 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0068 packet_digest: d4 e6 7d fe f3 d9 3a 53 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0070 confounder: 58 ea b3 cb 0a 1b 2e e5 >[2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=202 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 120 (0x78) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16395 (0x400B) > smb_bcc=135 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 78 00 20 00 19 00 00 00 34 .......x . .....4 > [020] 00 00 00 00 00 28 00 70 34 95 7E 95 FB D4 24 E0 .....(.p 4.~...$. > [030] D2 9F 96 AC E4 AE F8 65 E1 F6 6E 15 00 EC DF A9 .......e ..n..... > [040] 29 FF EE AC BB E7 B7 6D B7 A8 CB F3 F1 41 05 53 )......m .....A.S > [050] FE 45 07 FC 9F 0B 02 E5 82 B0 07 E1 7A 5F 15 44 .E...... ....z_.D > [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 07 .......w .z...... > [070] 23 A8 E6 3C 0E 2C 70 D4 E6 7D FE F3 D9 3A 53 58 #..<.,p. .}...:SX > [080] EA B3 CB 0A 1B 2E E5 ....... >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 18 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 3B B2 4D 63 70 C2 F8 2A ;.Mcp..* >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 19 mid = 11 >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) > write_socket(26,206) >[2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) > write_socket(26,206) wrote 206 >[2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) > got smb length of 664 >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=664 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 608 (0x260) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 608 (0x260) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=609 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 19 00 00 x....... .`. .... > [010] 00 1C 02 00 00 00 00 00 00 B1 47 61 5A 1D D4 F2 ........ ..GaZ... > [020] A6 A7 92 78 94 EB 0F 45 13 EA 25 08 37 C8 D4 47 ...x...E ..%.7..G > [030] A5 75 01 B8 67 77 5A 64 27 72 1E 89 86 C6 C6 86 .u..gwZd 'r...... > [040] B6 03 94 B9 62 A6 56 CE 41 09 4B E1 DF 40 0B 6F ....b.V. A.K..@.o > [050] 19 A6 80 19 C2 1B 4E E1 86 38 8D 2C 57 69 72 3A ......N. .8.,Wir: > [060] 80 45 24 96 ED C4 CA 61 A2 8C E8 A4 AB 16 42 6B .E$....a ......Bk > [070] 5D 07 C4 93 DE 29 82 0F 52 8D 1F 1C 70 1F 62 0D ]....).. R...p.b. > [080] FA 2A 61 7C 87 75 92 27 EA F2 26 43 F4 64 A2 A6 .*a|.u.' ..&C.d.. > [090] 76 97 E8 C6 E9 3D E3 7F 34 05 8A 35 6D 61 59 1A v....=.. 4..5maY. > [0A0] 3E 58 EB 87 B4 60 ED FE E1 0A D4 32 2E A0 5E 8C >X...`.. ...2..^. > [0B0] 4B 33 95 65 E8 7B 66 43 2C C0 96 4F FE F2 F9 52 K3.e.{fC ,..O...R > [0C0] 8F F0 4F 88 77 51 BA 4C B6 34 83 29 96 A0 03 C4 ..O.wQ.L .4.).... > [0D0] 79 1E A5 DE C0 0E 9D 73 14 6F D8 84 CD B0 F1 C4 y......s .o...... > [0E0] 5E 07 87 D9 24 E6 D0 C5 95 E7 16 1E 6F 74 0B 4C ^...$... ....ot.L > [0F0] DE 61 6C 81 C9 F4 59 06 55 5E 0D F6 47 39 29 DC .al...Y. U^..G9). > [100] A1 34 AB 97 DE 06 F1 49 CE F8 3B CE 72 37 DD 19 .4.....I ..;.r7.. > [110] 59 A8 12 19 EC 2A A5 B3 78 B6 66 82 9B 8B C1 C5 Y....*.. x.f..... > [120] 2C 6F 33 67 AE 92 6D 94 3E 52 3F 18 6F DB 0C F3 ,o3g..m. >R?.o... > [130] 19 B1 C6 11 16 B2 9E 45 6D 0F A9 CA 23 6B 81 1E .......E m...#k.. > [140] E8 94 CD EE 4A D3 B0 1D 21 AA 80 D4 89 58 83 8F ....J... !....X.. > [150] 0C 38 D6 78 32 A3 CB 33 5C 7A A0 FC 4F C5 F4 D3 .8.x2..3 \z..O... > [160] 7E E9 3C 2E 37 88 6E 1B 0C 37 75 8C B7 37 89 ED ~.<.7.n. .7u..7.. > [170] 76 31 C6 D8 17 B4 56 2F 83 7C 30 68 96 69 08 2B v1....V/ .|0h.i.+ > [180] C4 7C 12 68 5E BF 50 50 2F FB D8 B0 FA C5 21 82 .|.h^.PP /.....!. > [190] 50 46 B2 86 CA 9F 54 75 74 EB 7E 50 C1 43 78 38 PF....Tu t.~P.Cx8 > [1A0] C4 06 CF 5F CF 54 72 54 20 F5 B9 22 9F A7 EC 01 ..._.TrT ..".... > [1B0] 03 9D 30 31 6C A1 97 B4 23 8F F4 AC 47 DB E7 1C ..01l... #...G... > [1C0] 4A CF EC 70 5E F7 B6 83 E0 5D 74 7F 2D B5 4D 0D J..p^... .]t.-.M. > [1D0] 05 A1 E4 D3 68 27 BE 91 BF 2E 58 95 06 F9 D2 8C ....h'.. ..X..... > [1E0] 35 32 BA 06 FF 47 21 BF 5C 8F 30 47 E6 65 A1 9E 52...G!. \.0G.e.. > [1F0] 0F 22 3D 71 CD 52 98 A3 AA 34 32 4C BB 78 FE BE ."=q.R.. .42L.x.. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 11 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 19 >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 19: got good SMB signature of >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 15 D6 A2 FE 76 F6 30 D4 ....v.0. >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) >[2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) > size=664 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2052 > smb_pid=4428 > smb_uid=4096 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 608 (0x260) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 608 (0x260) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=609 >[2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) > [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 19 00 00 x....... .`. .... > [010] 00 1C 02 00 00 00 00 00 00 B1 47 61 5A 1D D4 F2 ........ ..GaZ... > [020] A6 A7 92 78 94 EB 0F 45 13 EA 25 08 37 C8 D4 47 ...x...E ..%.7..G > [030] A5 75 01 B8 67 77 5A 64 27 72 1E 89 86 C6 C6 86 .u..gwZd 'r...... > [040] B6 03 94 B9 62 A6 56 CE 41 09 4B E1 DF 40 0B 6F ....b.V. A.K..@.o > [050] 19 A6 80 19 C2 1B 4E E1 86 38 8D 2C 57 69 72 3A ......N. .8.,Wir: > [060] 80 45 24 96 ED C4 CA 61 A2 8C E8 A4 AB 16 42 6B .E$....a ......Bk > [070] 5D 07 C4 93 DE 29 82 0F 52 8D 1F 1C 70 1F 62 0D ]....).. R...p.b. > [080] FA 2A 61 7C 87 75 92 27 EA F2 26 43 F4 64 A2 A6 .*a|.u.' ..&C.d.. > [090] 76 97 E8 C6 E9 3D E3 7F 34 05 8A 35 6D 61 59 1A v....=.. 4..5maY. > [0A0] 3E 58 EB 87 B4 60 ED FE E1 0A D4 32 2E A0 5E 8C >X...`.. ...2..^. > [0B0] 4B 33 95 65 E8 7B 66 43 2C C0 96 4F FE F2 F9 52 K3.e.{fC ,..O...R > [0C0] 8F F0 4F 88 77 51 BA 4C B6 34 83 29 96 A0 03 C4 ..O.wQ.L .4.).... > [0D0] 79 1E A5 DE C0 0E 9D 73 14 6F D8 84 CD B0 F1 C4 y......s .o...... > [0E0] 5E 07 87 D9 24 E6 D0 C5 95 E7 16 1E 6F 74 0B 4C ^...$... ....ot.L > [0F0] DE 61 6C 81 C9 F4 59 06 55 5E 0D F6 47 39 29 DC .al...Y. U^..G9). > [100] A1 34 AB 97 DE 06 F1 49 CE F8 3B CE 72 37 DD 19 .4.....I ..;.r7.. > [110] 59 A8 12 19 EC 2A A5 B3 78 B6 66 82 9B 8B C1 C5 Y....*.. x.f..... > [120] 2C 6F 33 67 AE 92 6D 94 3E 52 3F 18 6F DB 0C F3 ,o3g..m. >R?.o... > [130] 19 B1 C6 11 16 B2 9E 45 6D 0F A9 CA 23 6B 81 1E .......E m...#k.. > [140] E8 94 CD EE 4A D3 B0 1D 21 AA 80 D4 89 58 83 8F ....J... !....X.. > [150] 0C 38 D6 78 32 A3 CB 33 5C 7A A0 FC 4F C5 F4 D3 .8.x2..3 \z..O... > [160] 7E E9 3C 2E 37 88 6E 1B 0C 37 75 8C B7 37 89 ED ~.<.7.n. .7u..7.. > [170] 76 31 C6 D8 17 B4 56 2F 83 7C 30 68 96 69 08 2B v1....V/ .|0h.i.+ > [180] C4 7C 12 68 5E BF 50 50 2F FB D8 B0 FA C5 21 82 .|.h^.PP /.....!. > [190] 50 46 B2 86 CA 9F 54 75 74 EB 7E 50 C1 43 78 38 PF....Tu t.~P.Cx8 > [1A0] C4 06 CF 5F CF 54 72 54 20 F5 B9 22 9F A7 EC 01 ..._.TrT ..".... > [1B0] 03 9D 30 31 6C A1 97 B4 23 8F F4 AC 47 DB E7 1C ..01l... #...G... > [1C0] 4A CF EC 70 5E F7 B6 83 E0 5D 74 7F 2D B5 4D 0D J..p^... .]t.-.M. > [1D0] 05 A1 E4 D3 68 27 BE 91 BF 2E 58 95 06 F9 D2 8C ....h'.. ..X..... > [1E0] 35 32 BA 06 FF 47 21 BF 5C 8F 30 47 E6 65 A1 9E 52...G!. \.0G.e.. > [1F0] 0F 22 3D 71 CD 52 98 A3 AA 34 32 4C BB 78 FE BE ."=q.R.. .42L.x.. >[2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 11 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0260 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0020 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000019 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000021c >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000238 smb_io_rpc_hdr_auth hdr_auth >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0238 auth_type : 44 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0239 auth_level : 06 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 023a auth_pad_len : 04 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 023b auth_reserved: 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 023c auth_context_id: 00000001 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000240 smb_io_rpc_auth_schannel_chk >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0240 sig : 77 00 7a 00 ff ff 00 00 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0248 seq_num: 6a 00 65 59 49 19 d1 b5 >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0250 packet_digest: 00 4b 14 22 59 6b 6e 1a >[2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0258 confounder: 57 cb d2 42 1a d8 ad cc >[2008/12/09 16:19:47, 10] rpc_parse/parse_prs.c:schannel_decode(1743) > SCHANNEL: schannel_decode seq_num=1 data_len=544 >[2008/12/09 16:19:47, 10] rpc_parse/parse_prs.c:schannel_decode(1763) > SCHANNEL: schannel_decode seq_num=1 data_len=544 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 608, data_len 540, ss_len 4 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 608 at offset 0 >[2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b returned 1080 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000004 (4) > array : * > array: ARRAY(4) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'SIAADM' > dns_name : * > dns_name : 'adm.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000003 (3) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-29509730-458046710-584457872 > guid : 86e1733e-c58a-4e40-a623-e342ffcb5aeb > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'SIAPAS' > dns_name : * > dns_name : 'pas.ahus.no' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000003 (3) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-12156805-1400573469-1836196843 > guid : af7f7233-e3ee-4db3-9a26-1fa9b7a2db87 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'AD' > dns_name : * > dns_name : 'ad.ahus.no' > trust_flags : 0x00000022 (34) > 0: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000004 (4) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 1: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-1100344877-3013322779-101495848 > guid : 00000000-0000-0000-0000-000000000000 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'AHUS' > dns_name : * > dns_name : 'ahus.no' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-800612262-1210951328-1076162327 > guid : d36df92d-628a-435e-bede-27cb29aacda1 > result : WERR_OK >[2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain adm.ahus.no >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain SIAADM (adm.ahus.no), SID S-1-5-21-29509730-458046710-584457872, flags = 0x23, attributes = 0x20, type = 0x2 >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for SIAADM >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain pas.ahus.no >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain SIAPAS (pas.ahus.no), SID S-1-5-21-12156805-1400573469-1836196843, flags = 0x23, attributes = 0x20, type = 0x2 >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for SIAPAS >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ad.ahus.no >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain AD (ad.ahus.no), SID S-1-5-21-1100344877-3013322779-101495848, flags = 0x22, attributes = 0x4, type = 0x2 >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for AD >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) > trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ahus.no >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) > wcache_tdc_add_domain: Adding domain AHUS (ahus.no), SID S-1-5-21-800612262-1210951328-1076162327, flags = 0x1d, attributes = 0x0, type = 0x2 >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) > add_wbdomain_to_tdc_array: Found existing record for AHUS >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) > pack_tdc_domains: Packing 6 trusted domains >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain BUILTIN () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain LORDVADER () >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AHUS (ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) > pack_tdc_domains: Packing domain AD (ad.ahus.no) >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:cache_store_response(2423) > Storing response for pid 4428, len 3721 >[2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:cache_store_response(2437) > Storing extra data: len=225
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3797">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5955
: 3797 |
3798
|
3799
|
3800
|
3801
|
3802
|
3804