The Samba-Bugzilla – Attachment 3985 Details for
Bug 6177
winbind user and group enumeration on domain member broken after PDC upgrade to 3.2.8
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
winbind debug level 10 log on the domain member
log.wb-RK_KLBG (text/plain), 393.65 KB, created by
Alexander 'Leo' Bergolth
on 2009-03-10 06:10:02 UTC
(
hide
)
Description:
winbind debug level 10 log on the domain member
Filename:
MIME Type:
Creator:
Alexander 'Leo' Bergolth
Created:
2009-03-10 06:10:02 UTC
Size:
393.65 KB
patch
obsolete
>[2009/03/10 11:49:57, 10] lib/events.c:timed_event_destructor(65) > Destroying timed event 80fb6ab0 "check_domain_online_handler" >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:set_domain_online_request(467) > set_domain_online_request: called for domain RK_KLBG >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:set_domain_online_request(493) > set_domain_online_request: domain RK_KLBG was globally offline. >[2009/03/10 11:49:57, 10] lib/events.c:event_add_timed(130) > Added timed event "check_domain_online_handler": 80fa45a0 >[2009/03/10 11:49:57, 10] lib/events.c:get_timed_events_timeout(304) > timed_events_timeout: 4/999809 >[2009/03/10 11:49:57, 4] winbindd/winbindd_dual.c:fork_domain_child(1323) > child daemon request 47 >[2009/03/10 11:49:57, 10] winbindd/winbindd_dual.c:child_process_request(453) > child_process_request: request fn INIT_CONNECTION >[2009/03/10 11:49:57, 8] winbindd/winbindd_cm.c:connection_ok(1564) > connection_ok: Connection to for domain RK_KLBG has NULL cli! >[2009/03/10 11:49:57, 10] lib/gencache.c:gencache_get(194) > Cache entry with key = SAFJOIN/DOMAIN/RK_KLBG couldn't be found >[2009/03/10 11:49:57, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/RK_KLBG, value = SAMBA, timeout = Tue Mar 10 12:01:53 2009 >[2009/03/10 11:49:57, 5] libsmb/namequery.c:saf_fetch(200) > saf_fetch: Returning "SAMBA" for "RK_KLBG" domain >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:cm_open_connection(1399) > cm_open_connection: saf_servername is 'SAMBA' for domain RK_KLBG >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:cm_open_connection(1431) > cm_open_connection: dcname is 'SAMBA' for domain RK_KLBG >[2009/03/10 11:49:57, 10] lib/gencache.c:gencache_get(194) > Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found >[2009/03/10 11:49:57, 5] libads/dns.c:sitename_fetch(814) > sitename_fetch: No stored sitename for >[2009/03/10 11:49:57, 10] libsmb/namequery.c:internal_resolve_name(1505) > internal_resolve_name: looking up SAMBA#20 (sitename (null)) >[2009/03/10 11:49:57, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/SAMBA#20, value = 192.168.60.3:0, timeout = Tue Mar 10 11:57:52 2009 >[2009/03/10 11:49:57, 5] libsmb/namecache.c:namecache_fetch(233) > name SAMBA#20 found. >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:cm_prepare_connection(754) > cm_prepare_connection: connecting to DC SAMBA for domain RK_KLBG >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,194) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,194) wrote 194 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 127 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10191 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=45312 (0xB100) > smb_vwv[ 8]= 55 (0x37) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=50232 (0xC438) > smb_vwv[13]=28147 (0x6DF3) > smb_vwv[14]=51617 (0xC9A1) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10191 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=45312 (0xB100) > smb_vwv[ 8]= 55 (0x37) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=50232 (0xC438) > smb_vwv[13]=28147 (0x6DF3) > smb_vwv[14]=51617 (0xC9A1) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2009/03/10 11:49:57, 5] winbindd/winbindd_cm.c:cm_prepare_connection(860) > connecting to SAMBA from MONSTER with username [RK_KLBG]\[MONSTER$] >[2009/03/10 11:49:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) > Doing spnego session setup (blob length=58) >[2009/03/10 11:49:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 3 6 1 4 1 311 2 2 10 >[2009/03/10 11:49:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) > got principal=NONE >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 376 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=376 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10191 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 257 (0x101) > smb_bcc=333 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 15 82 89 60 D1 46 3A 1C 97 D0 28 62 00 ......`. F:...(b. > [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 ........ ...>...R > [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... > [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. > [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 > [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r > [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e > [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g > [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m > [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r > [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o > [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b > [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... > [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [110] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 38 .b.a. .3 ...2...8 > [120] 00 2D 00 30 00 2E 00 32 00 36 00 6C 00 65 00 6F .-.0...2 .6.l.e.o > [130] 00 2E 00 66 00 63 00 31 00 30 00 00 00 52 00 4B ...f.c.1 .0...R.K > [140] 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 ._.K.L.B .G... >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=376 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10191 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 257 (0x101) > smb_bcc=333 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 15 82 89 60 D1 46 3A 1C 97 D0 28 62 00 ......`. F:...(b. > [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 ........ ...>...R > [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... > [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. > [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 > [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r > [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e > [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g > [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m > [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r > [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o > [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b > [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... > [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [110] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 38 .b.a. .3 ...2...8 > [120] 00 2D 00 30 00 2E 00 32 00 36 00 6C 00 65 00 6F .-.0...2 .6.l.e.o > [130] 00 2E 00 66 00 63 00 31 00 30 00 00 00 52 00 4B ...f.c.1 .0...R.K > [140] 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 ._.K.L.B .G... >[2009/03/10 11:49:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:49:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:49:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:49:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:49:57, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:49:57, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:49:57, 5] lib/util.c:dump_data(2230) > [000] DA D5 25 36 05 3E 69 75 ..%6.>iu >[2009/03/10 11:49:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:49:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,270) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,270) wrote 270 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10191 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=85 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 > [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 > [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B > [050] 00 47 00 00 00 .G... >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10191 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=85 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 > [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 > [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B > [050] 00 47 00 00 00 .G... >[2009/03/10 11:49:57, 10] libsmb/clientgen.c:cli_init_creds(415) > cli_init_creds: user MONSTER$ domain RK_KLBG >[2009/03/10 11:49:57, 10] libsmb/namequery.c:saf_store(86) > saf_store: domain = [RK_KLBG], server = [SAMBA], expire = [1236683097] >[2009/03/10 11:49:57, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/RK_KLBG; value = SAMBA and timeout = Tue Mar 10 12:04:57 2009 > (900 seconds ahead) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,78) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,78) wrote 78 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 56 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 49 50 43 00 00 00 00 IPC.... >[2009/03/10 11:49:57, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2864) > set_global_winbindd_state_online: online requested. >[2009/03/10 11:49:57, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2867) > set_global_winbindd_state_online: rejecting. >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:set_domain_online(390) > set_domain_online: called for domain RK_KLBG >[2009/03/10 11:49:57, 10] lib/events.c:timed_event_destructor(65) > Destroying timed event 80fa45a0 "check_domain_online_handler" >[2009/03/10 11:49:57, 10] winbindd/winbindd_cm.c:set_dc_type_and_flags(1918) > set_dc_type_and_flags: setting up flags for primary domain >[2009/03/10 11:49:57, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1766) > set_dc_type_and_flags_connect: domain RK_KLBG >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,104) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,104) wrote 104 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=25600 (0x6400) > smb_vwv[ 3]= 370 (0x172) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[7264]: \lsarpc auth_type 0, auth_level 0 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... > [010] 00 00 00 00 .... >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:49:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 3919286a >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : b10c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11d0 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9b a8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 00 c0 4f d9 2e f5 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:49:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7264 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29284 (0x7264) > smb_bcc=87 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,158) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,158) wrote 158 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 124 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7264 returned 68 bytes. >[2009/03/10 11:49:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x7264 bind request returned ok. >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000d >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsarpc. >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000027 smb_io_rpc_results >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:49:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine SAMBA and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 001a >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000002 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7264 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29284 (0x7264) > smb_bcc=41 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,112) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,112) wrote 112 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 156 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 100 (0x64) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=101 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... > [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ > [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF .......E ..K.J... > [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. > [060] 00 00 00 00 00 ..... >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 100 (0x64) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=101 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... > [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ > [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF .......E ..K.J... > [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. > [060] 00 00 00 00 00 ..... >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0064 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000004c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 100, data_len 76, ss_len 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 100 at offset 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7264 returned 152 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000000 (16777216) > 0: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'RK_KLBG' > dns_domain : NULL > forest : NULL > domain_guid : ae45f612-4b89-4acc-9584-efd6b3b8d3b2 > result : WERR_OK >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=8 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:49:57, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,104) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,104) wrote 104 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=9 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=25856 (0x6500) > smb_vwv[ 3]= 370 (0x172) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[7265]: \lsarpc auth_type 0, auth_level 0 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:49:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:49:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29285 (0x7265) > smb_bcc=87 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,158) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,158) wrote 158 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 124 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 returned 68 bytes. >[2009/03/10 11:49:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x7265 bind request returned ok. >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000d >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsarpc. >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000027 smb_io_rpc_results >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:49:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:49:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine SAMBA and bound anonymously. >[2009/03/10 11:49:57, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/03/10 11:49:57, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000038 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002c >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29285 (0x7265) > smb_bcc=95 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 38 .......P .......8 > [020] 00 00 00 00 00 2C 00 00 00 02 00 01 00 00 00 00 .....,.. ........ > [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ > [050] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 D6 45 B1 37 00 00 00 00 00 ......I. E.7..... > [030] 00 . >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 D6 45 B1 37 00 00 00 00 00 ......I. E.7..... > [030] 00 . >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 returned 48 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-b649-d645b1370000 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-b649-d645b1370000 > level : LSA_POLICY_INFO_DNS (12) >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002e >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29285 (0x7265) > smb_bcc=61 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 B6 49 D6 45 B1 37 00 00 0C 00 ....I.E. 7.... >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,132) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,132) wrote 132 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 88 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 23 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0020 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_hdr_fault fault >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) > 0018 status : DCERPC_FAULT_OP_RNG_ERROR >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 001c reserved: 00000000 >[2009/03/10 11:49:57, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(624) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine SAMBA pipe \lsarpc fnum 0x7265! >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 32 at offset 0 >[2009/03/10 11:49:57, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/03/10 11:49:57, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29285 (0x7265) > smb_bcc=83 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,154) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,154) wrote 154 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 D6 45 B1 37 00 00 00 00 00 ......I. E.7..... > [030] 00 . >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 D6 45 B1 37 00 00 00 00 00 ......I. E.7..... > [030] 00 . >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-b649-d645b1370000 > result : NT_STATUS_OK > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-b649-d645b1370000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2009/03/10 11:49:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29285 (0x7265) > smb_bcc=61 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 B6 49 D6 45 B1 37 00 00 05 00 ....I.E. 7.... >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,132) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,132) wrote 132 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 160 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ > [020] 00 0E 00 10 00 04 00 02 00 08 00 02 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K > [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ > [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`...... > [060] 42 6A AF 99 87 00 00 00 00 Bj...... . >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2009/03/10 11:49:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ > [020] 00 0E 00 10 00 04 00 02 00 08 00 02 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K > [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ > [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`...... > [060] 42 6A AF 99 87 00 00 00 00 Bj...... . >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0068 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000050 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 104 at offset 0 >[2009/03/10 11:49:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7265 returned 160 bytes. > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'RK_KLBG' > sid : * > sid : S-1-5-21-181998944-1107627502-2274996074 > result : NT_STATUS_OK >[2009/03/10 11:49:57, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1896) > set_dc_type_and_flags_connect: domain RK_KLBG is NOT in native mode. >[2009/03/10 11:49:57, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1899) > set_dc_type_and_flags_connect: domain RK_KLBG is NOT running active directory. >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:49:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:49:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:57, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=15 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:49:57, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA >[2009/03/10 11:49:57, 10] winbindd/winbindd_cache.c:cache_store_response(2428) > Storing response for pid 10191, len 3496 >[2009/03/10 11:49:58, 4] winbindd/winbindd_dual.c:fork_domain_child(1323) > child daemon request 19 >[2009/03/10 11:49:58, 10] winbindd/winbindd_dual.c:child_process_request(453) > child_process_request: request fn LIST_TRUSTDOM >[2009/03/10 11:49:58, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) > [10190]: list trusted domains >[2009/03/10 11:49:58, 5] winbindd/winbindd_cache.c:get_cache(182) > get_cache: Setting MS-RPC methods for domain RK_KLBG >[2009/03/10 11:49:58, 10] winbindd/winbindd_cache.c:trusted_domains(2111) > trusted_domains: [Cached] - doing backend query for info for domain RK_KLBG >[2009/03/10 11:49:58, 3] winbindd/winbindd_rpc.c:trusted_domains(1022) > rpc: trusted_domains >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,104) >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,104) wrote 104 >[2009/03/10 11:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=16 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=26112 (0x6600) > smb_vwv[ 3]= 370 (0x172) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[7266]: \lsarpc auth_type 3, auth_level 6 >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(981) > create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1004) > create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: >[2009/03/10 11:49:58, 5] lib/util.c:dump_data(2230) > [000] 60 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E `N..+... ...D0B.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 0...+... ..7....0 > [020] 04 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 ..NTLMSS P.....5. > [030] 08 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 .`.... . ......'. > [040] 00 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 ..RK_KLB GMONSTER >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00a0 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0050 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:49:58, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:49:58, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=242 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 160 (0xA0) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29286 (0x7266) > smb_bcc=175 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 A0 00 50 00 08 00 00 00 B8 ........ .P...... > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` > [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... ..D0B..0 > [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7....0. > [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. > [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. > [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,246) >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,246) wrote 246 >[2009/03/10 11:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 389 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 08 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 50 1B 62 96 60 B2 24 70 00 00 00 00 5..`P.b. `.$p.... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 08 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 50 1B 62 96 60 B2 24 70 00 00 00 00 5..`P.b. `.$p.... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 333 at offset 0 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 returned 333 bytes. >[2009/03/10 11:49:58, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x7266 bind request returned ok. >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000d >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsarpc. >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000027 smb_io_rpc_results >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:49:58, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 auth_pad_len : 08 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 auth_context_id: 00000001 >[2009/03/10 11:49:58, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:49:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:49:58, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:49:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:49:58, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:49:58, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:49:58, 5] lib/util.c:dump_data(2230) > [000] 30 65 F7 66 D5 1D CE 7C 0e.f...| >[2009/03/10 11:49:58, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:49:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0e >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0108 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:49:58, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:49:58, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:49:58, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=346 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 264 (0x108) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 264 (0x108) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29286 (0x7266) > smb_bcc=279 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0E 03 10 00 00 00 08 01 B8 00 08 00 00 00 B8 ........ ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ > [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 ..0..... ...NTLMS > [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... > [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... > [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ > [0A0] 00 10 00 9C 00 00 00 35 82 08 60 A3 8C 0E 68 B7 .......5 ..`...h. > [0B0] EF 48 8A 00 00 00 00 00 00 00 00 00 00 00 00 00 .H...... ........ > [0C0] 00 00 00 3C 0A 1B 62 4E F4 59 C6 12 59 90 CA F9 ...<..bN .Y..Y... > [0D0] 02 E3 EC 9D 6F 53 91 4D 6C 45 39 52 00 4B 00 5F ....oS.M lE9R.K._ > [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S > [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S > [100] 00 54 00 45 00 52 00 D9 D0 F4 15 96 B4 83 5B B1 .T.E.R.. ......[. > [110] 7A B5 F8 CD B5 10 F3 z...... >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,350) >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,350) wrote 350 >[2009/03/10 11:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 143 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 87 at offset 0 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 returned 87 bytes. >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 08 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2023) > rpc_finish_spnego_ntlmssp_bind: alter context request to remote machine SAMBA pipe \lsarpc fnum 0x7266. >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2374) > cli_rpc_pipe_open_ntlmssp_internal: opened pipe \lsarpc to machine SAMBA and bound NTLMSSP as user RK_KLBG\MONSTER$. >[2009/03/10 11:49:58, 10] winbindd/winbindd_cm.c:cm_connect_lsa(2177) > cm_connect_lsa: connected to LSA pipe for domain RK_KLBG using NTLMSSP authenticated pipe: user RK_KLBG\MONSTER$ >[2009/03/10 11:49:58, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/03/10 11:49:58, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0060 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 04 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:49:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29286 (0x7266) > smb_bcc=111 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 10 00 09 00 00 00 2C .......` ......., > [020] 00 00 00 00 00 06 00 32 D9 4C 6E 47 FB 1B 80 A7 .......2 .LnG.... > [030] F8 66 B1 92 75 27 E3 ED 55 7F 59 75 C4 C0 7E 4D .f..u'.. U.Yu..~M > [040] 2A 48 B7 11 9F E4 EF 48 3E 55 D7 49 EB A5 DC 70 *H.....H >U.I...p > [050] 68 6B 41 68 0A AF 81 09 06 04 00 01 00 00 00 01 hkAh.... ........ > [060] 00 00 00 30 68 41 16 B2 86 6B C2 00 00 00 00 ...0hA.. .k..... >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,182) >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,182) wrote 182 >[2009/03/10 11:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 54 49 5E 43 73 60 93 ........ .TI^Cs`. > [020] 79 4C D1 63 B0 5C 44 86 58 B7 FB DC 61 E1 79 90 yL.c.\D. X...a.y. > [030] BD 09 06 00 00 01 00 00 00 01 00 00 00 B4 0F 54 ........ .......T > [040] 8B D5 FE 7C 16 00 00 00 00 ...|.... . >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 54 49 5E 43 73 60 93 ........ .TI^Cs`. > [020] 79 4C D1 63 B0 5C 44 86 58 B7 FB DC 61 E1 79 90 yL.c.\D. X...a.y. > [030] BD 09 06 00 00 01 00 00 00 01 00 00 00 B4 0F 54 ........ .......T > [040] 8B D5 FE 7C 16 00 00 00 00 ...|.... . >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:49:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:49:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-b649-d645b1370000 > result : NT_STATUS_OK > lsa_EnumTrustDom: struct lsa_EnumTrustDom > in: struct lsa_EnumTrustDom > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-b649-d645b1370000 > resume_handle : * > resume_handle : 0x00000000 (0) > max_size : 0xffffffff (4294967295) >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000001c >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000d >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 04 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:49:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:49:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29286 (0x7266) > smb_bcc=95 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 10 00 0A 00 00 00 1C .......P ........ > [020] 00 00 00 00 00 0D 00 FB 62 87 47 51 53 1C A4 FB ........ b.GQS... > [030] 93 EC 5D CE 59 43 80 FC 87 69 63 79 74 8B A9 2F ..].YC.. .icyt../ > [040] 52 D8 F0 9F 00 8C 36 09 06 04 00 01 00 00 00 01 R.....6. ........ > [050] 00 00 00 DC CF E5 32 37 99 E1 C8 01 00 00 00 ......27 ....... >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:49:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... > [010] 00 14 00 00 00 00 00 00 00 33 7E 32 5D A1 DE 2F ........ .3~2]../ > [020] 78 31 90 00 98 60 9D 18 C5 97 75 22 BD 28 1E BA x1...`.. ..u".(.. > [030] 91 09 06 04 00 01 00 00 00 01 00 00 00 69 EC 7C ........ .....i.| > [040] 31 89 85 34 3C 01 00 00 00 1..4<... . >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:49:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10191 > smb_uid=100 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:49:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... > [010] 00 14 00 00 00 00 00 00 00 33 7E 32 5D A1 DE 2F ........ .3~2]../ > [020] 78 31 90 00 98 60 9D 18 C5 97 75 22 BD 28 1E BA x1...`.. ..u".(.. > [030] 91 09 06 04 00 01 00 00 00 01 00 00 00 69 EC 7C ........ .....i.| > [040] 31 89 85 34 3C 01 00 00 00 1..4<... . >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 04 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:49:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:49:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:49:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 20, ss_len 4 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:49:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7266 returned 40 bytes. > lsa_EnumTrustDom: struct lsa_EnumTrustDom > out: struct lsa_EnumTrustDom > resume_handle : * > resume_handle : 0xffffffff (4294967295) > domains : * > domains: struct lsa_DomainList > count : 0x00000000 (0) > domains : * > domains: ARRAY(0) > result : NT_STATUS_NO_MORE_ENTRIES >[2009/03/10 11:49:58, 10] winbindd/winbindd_cache.c:cache_store_response(2428) > Storing response for pid 10191, len 3496 >[2009/03/10 11:50:32, 5] lib/gencache.c:gencache_shutdown(93) > Closing cache file >[2009/03/10 11:50:57, 10] lib/events.c:timed_event_destructor(65) > Destroying timed event 81637ab0 "check_domain_online_handler" >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:set_domain_online_request(467) > set_domain_online_request: called for domain RK_KLBG >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:set_domain_online_request(493) > set_domain_online_request: domain RK_KLBG was globally offline. >[2009/03/10 11:50:57, 10] lib/events.c:event_add_timed(130) > Added timed event "check_domain_online_handler": 816255a0 >[2009/03/10 11:50:57, 10] lib/events.c:get_timed_events_timeout(304) > timed_events_timeout: 4/999805 >[2009/03/10 11:50:57, 4] winbindd/winbindd_dual.c:fork_domain_child(1323) > child daemon request 47 >[2009/03/10 11:50:57, 10] winbindd/winbindd_dual.c:child_process_request(453) > child_process_request: request fn INIT_CONNECTION >[2009/03/10 11:50:57, 8] winbindd/winbindd_cm.c:connection_ok(1564) > connection_ok: Connection to for domain RK_KLBG has NULL cli! >[2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(194) > Cache entry with key = SAFJOIN/DOMAIN/RK_KLBG couldn't be found >[2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/RK_KLBG, value = SAMBA, timeout = Tue Mar 10 12:04:58 2009 >[2009/03/10 11:50:57, 5] libsmb/namequery.c:saf_fetch(200) > saf_fetch: Returning "SAMBA" for "RK_KLBG" domain >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:cm_open_connection(1399) > cm_open_connection: saf_servername is 'SAMBA' for domain RK_KLBG >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:cm_open_connection(1431) > cm_open_connection: dcname is 'SAMBA' for domain RK_KLBG >[2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(194) > Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found >[2009/03/10 11:50:57, 5] libads/dns.c:sitename_fetch(814) > sitename_fetch: No stored sitename for >[2009/03/10 11:50:57, 10] libsmb/namequery.c:internal_resolve_name(1505) > internal_resolve_name: looking up SAMBA#20 (sitename (null)) >[2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/SAMBA#20, value = 192.168.60.3:0, timeout = Tue Mar 10 11:57:52 2009 >[2009/03/10 11:50:57, 5] libsmb/namecache.c:namecache_fetch(233) > name SAMBA#20 found. >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:cm_prepare_connection(754) > cm_prepare_connection: connecting to DC SAMBA for domain RK_KLBG >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,194) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,194) wrote 194 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 127 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=56576 (0xDD00) > smb_vwv[ 8]= 55 (0x37) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=34686 (0x877E) > smb_vwv[13]=28183 (0x6E17) > smb_vwv[14]=51617 (0xC9A1) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=56576 (0xDD00) > smb_vwv[ 8]= 55 (0x37) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=34686 (0x877E) > smb_vwv[13]=28183 (0x6E17) > smb_vwv[14]=51617 (0xC9A1) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2009/03/10 11:50:57, 5] winbindd/winbindd_cm.c:cm_prepare_connection(860) > connecting to SAMBA from MONSTER with username [RK_KLBG]\[MONSTER$] >[2009/03/10 11:50:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) > Doing spnego session setup (blob length=58) >[2009/03/10 11:50:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 3 6 1 4 1 311 2 2 10 >[2009/03/10 11:50:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) > got principal=NONE >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 376 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=376 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 257 (0x101) > smb_bcc=333 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 15 82 89 60 C8 64 4B E0 B8 FB 90 7B 00 ......`. dK....{. > [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 ........ ...>...R > [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... > [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. > [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 > [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r > [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e > [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g > [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m > [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r > [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o > [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b > [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... > [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [110] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 38 .b.a. .3 ...2...8 > [120] 00 2D 00 30 00 2E 00 32 00 36 00 6C 00 65 00 6F .-.0...2 .6.l.e.o > [130] 00 2E 00 66 00 63 00 31 00 30 00 00 00 52 00 4B ...f.c.1 .0...R.K > [140] 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 ._.K.L.B .G... >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=376 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 257 (0x101) > smb_bcc=333 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 15 82 89 60 C8 64 4B E0 B8 FB 90 7B 00 ......`. dK....{. > [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 ........ ...>...R > [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... > [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. > [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 > [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r > [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e > [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g > [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m > [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r > [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o > [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b > [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... > [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [110] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 38 .b.a. .3 ...2...8 > [120] 00 2D 00 30 00 2E 00 32 00 36 00 6C 00 65 00 6F .-.0...2 .6.l.e.o > [130] 00 2E 00 66 00 63 00 31 00 30 00 00 00 52 00 4B ...f.c.1 .0...R.K > [140] 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 ._.K.L.B .G... >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:50:57, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:50:57, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:50:57, 5] lib/util.c:dump_data(2230) > [000] 55 85 F5 0A B9 38 9B 33 U....8.3 >[2009/03/10 11:50:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,270) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,270) wrote 270 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=85 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 > [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 > [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B > [050] 00 47 00 00 00 .G... >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=85 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 > [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 > [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B > [050] 00 47 00 00 00 .G... >[2009/03/10 11:50:57, 10] libsmb/clientgen.c:cli_init_creds(415) > cli_init_creds: user MONSTER$ domain RK_KLBG >[2009/03/10 11:50:57, 10] libsmb/namequery.c:saf_store(86) > saf_store: domain = [RK_KLBG], server = [SAMBA], expire = [1236683157] >[2009/03/10 11:50:57, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/RK_KLBG; value = SAMBA and timeout = Tue Mar 10 12:05:57 2009 > (900 seconds ahead) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,78) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,78) wrote 78 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 56 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 49 50 43 00 00 00 00 IPC.... >[2009/03/10 11:50:57, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2864) > set_global_winbindd_state_online: online requested. >[2009/03/10 11:50:57, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2867) > set_global_winbindd_state_online: rejecting. >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:set_domain_online(390) > set_domain_online: called for domain RK_KLBG >[2009/03/10 11:50:57, 10] lib/events.c:timed_event_destructor(65) > Destroying timed event 816255a0 "check_domain_online_handler" >[2009/03/10 11:50:57, 10] winbindd/winbindd_cm.c:set_dc_type_and_flags(1918) > set_dc_type_and_flags: setting up flags for primary domain >[2009/03/10 11:50:57, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1766) > set_dc_type_and_flags_connect: domain RK_KLBG >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,104) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,104) wrote 104 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=52224 (0xCC00) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[71cc]: \lsarpc auth_type 0, auth_level 0 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... > [010] 00 00 00 00 .... >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 3919286a >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : b10c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : 11d0 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : 9b a8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 00 c0 4f d9 2e f5 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cc >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29132 (0x71CC) > smb_bcc=87 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,158) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,158) wrote 158 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 124 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cc returned 68 bytes. >[2009/03/10 11:50:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x71cc bind request returned ok. >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000d >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsarpc. >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000027 smb_io_rpc_results >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine SAMBA and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 001a >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000002 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cc >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29132 (0x71CC) > smb_bcc=41 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,112) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,112) wrote 112 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 156 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 100 (0x64) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=101 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... > [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ > [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF .......E ..K.J... > [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. > [060] 00 00 00 00 00 ..... >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 100 (0x64) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=101 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... > [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ > [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF .......E ..K.J... > [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. > [060] 00 00 00 00 00 ..... >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0064 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000004c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 100, data_len 76, ss_len 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 100 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cc returned 152 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000000 (16777216) > 0: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'RK_KLBG' > dns_domain : NULL > forest : NULL > domain_guid : ae45f612-4b89-4acc-9584-efd6b3b8d3b2 > result : WERR_OK >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=8 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:50:57, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,104) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,104) wrote 104 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=9 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=52480 (0xCD00) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[71cd]: \lsarpc auth_type 0, auth_level 0 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29133 (0x71CD) > smb_bcc=87 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,158) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,158) wrote 158 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 124 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd returned 68 bytes. >[2009/03/10 11:50:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x71cd bind request returned ok. >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000d >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsarpc. >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000027 smb_io_rpc_results >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine SAMBA and bound anonymously. >[2009/03/10 11:50:57, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/03/10 11:50:57, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000038 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002c >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29133 (0x71CD) > smb_bcc=95 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 38 .......P .......8 > [020] 00 00 00 00 00 2C 00 00 00 02 00 01 00 00 00 00 .....,.. ........ > [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ > [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ > [050] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 11 46 DD 37 00 00 00 00 00 ......I. F.7..... > [030] 00 . >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 11 46 DD 37 00 00 00 00 00 ......I. F.7..... > [030] 00 . >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd returned 48 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-b649-1146dd370000 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-b649-1146dd370000 > level : LSA_POLICY_INFO_DNS (12) >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002e >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29133 (0x71CD) > smb_bcc=61 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 B6 49 11 46 DD 37 00 00 0C 00 ....I.F. 7.... >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,132) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,132) wrote 132 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 88 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 23 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0020 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_hdr_fault fault >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) > 0018 status : DCERPC_FAULT_OP_RNG_ERROR >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 001c reserved: 00000000 >[2009/03/10 11:50:57, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(624) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine SAMBA pipe \lsarpc fnum 0x71cd! >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 32 at offset 0 >[2009/03/10 11:50:57, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/03/10 11:50:57, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29133 (0x71CD) > smb_bcc=83 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,154) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,154) wrote 154 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 11 46 DD 37 00 00 00 00 00 ......I. F.7..... > [030] 00 . >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 B6 49 11 46 DD 37 00 00 00 00 00 ......I. F.7..... > [030] 00 . >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-b649-1146dd370000 > result : NT_STATUS_OK > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-b649-1146dd370000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29133 (0x71CD) > smb_bcc=61 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 B6 49 11 46 DD 37 00 00 05 00 ....I.F. 7.... >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,132) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,132) wrote 132 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 160 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ > [020] 00 0E 00 10 00 04 00 02 00 08 00 02 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K > [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ > [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`...... > [060] 42 6A AF 99 87 00 00 00 00 Bj...... . >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ > [020] 00 0E 00 10 00 04 00 02 00 08 00 02 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K > [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ > [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`...... > [060] 42 6A AF 99 87 00 00 00 00 Bj...... . >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0068 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000050 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 104 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71cd returned 160 bytes. > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'RK_KLBG' > sid : * > sid : S-1-5-21-181998944-1107627502-2274996074 > result : NT_STATUS_OK >[2009/03/10 11:50:57, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1896) > set_dc_type_and_flags_connect: domain RK_KLBG is NOT in native mode. >[2009/03/10 11:50:57, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1899) > set_dc_type_and_flags_connect: domain RK_KLBG is NOT running active directory. >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=15 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:50:57, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA >[2009/03/10 11:50:57, 10] winbindd/winbindd_cache.c:cache_store_response(2428) > Storing response for pid 10199, len 3496 >[2009/03/10 11:50:57, 4] winbindd/winbindd_dual.c:fork_domain_child(1323) > child daemon request 19 >[2009/03/10 11:50:57, 10] winbindd/winbindd_dual.c:child_process_request(453) > child_process_request: request fn LIST_TRUSTDOM >[2009/03/10 11:50:57, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) > [10198]: list trusted domains >[2009/03/10 11:50:57, 5] winbindd/winbindd_cache.c:get_cache(182) > get_cache: Setting MS-RPC methods for domain RK_KLBG >[2009/03/10 11:50:57, 10] winbindd/winbindd_cache.c:trusted_domains(2111) > trusted_domains: [Cached] - doing backend query for info for domain RK_KLBG >[2009/03/10 11:50:57, 3] winbindd/winbindd_rpc.c:trusted_domains(1022) > rpc: trusted_domains >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,104) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,104) wrote 104 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=16 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=52736 (0xCE00) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[71ce]: \lsarpc auth_type 3, auth_level 6 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(981) > create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1004) > create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: >[2009/03/10 11:50:57, 5] lib/util.c:dump_data(2230) > [000] 60 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E `N..+... ...D0B.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 0...+... ..7....0 > [020] 04 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 ..NTLMSS P.....5. > [030] 08 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 .`.... . ......'. > [040] 00 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 ..RK_KLB GMONSTER >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00a0 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0050 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=242 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 160 (0xA0) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29134 (0x71CE) > smb_bcc=175 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 A0 00 50 00 08 00 00 00 B8 ........ .P...... > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` > [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... ..D0B..0 > [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7....0. > [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. > [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. > [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,246) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,246) wrote 246 >[2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 389 >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 08 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 C2 56 52 54 64 55 B4 D6 00 00 00 00 5..`.VRT dU...... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 08 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 C2 56 52 54 64 55 B4 D6 00 00 00 00 5..`.VRT dU...... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 333 at offset 0 >[2009/03/10 11:50:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce returned 333 bytes. >[2009/03/10 11:50:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x71ce bind request returned ok. >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000d >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\lsarpc. >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000027 smb_io_rpc_results >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 auth_type : 09 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 auth_level : 06 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 auth_pad_len : 08 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 auth_reserved: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 auth_context_id: 00000001 >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:50:57, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:50:57, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:50:57, 5] lib/util.c:dump_data(2230) > [000] 91 18 9B E5 4F A7 FB B4 ....O... >[2009/03/10 11:50:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0e >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0108 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:50:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) > size=346 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 264 (0x108) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 264 (0x108) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29134 (0x71CE) > smb_bcc=279 >[2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0E 03 10 00 00 00 08 01 B8 00 08 00 00 00 B8 ........ ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ > [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 ..0..... ...NTLMS > [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... > [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... > [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ > [0A0] 00 10 00 9C 00 00 00 35 82 08 60 8E AE 80 3E DF .......5 ..`...>. > [0B0] FB 21 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 .!...... ........ > [0C0] 00 00 00 60 7F 49 27 B1 95 B3 07 4F 83 55 9F F0 ...`.I'. ...O.U.. > [0D0] D5 10 E7 30 97 11 3D C6 15 7B D5 52 00 4B 00 5F ...0..=. .{.R.K._ > [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S > [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S > [100] 00 54 00 45 00 52 00 EE 3F 1B 44 FA 5E 2C E2 09 .T.E.R.. ?.D.^,.. > [110] C1 1F 7D 4C 70 97 5B ..}Lp.[ >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,350) >[2009/03/10 11:50:57, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,350) wrote 350 >[2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 143 >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 87 at offset 0 >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce returned 87 bytes. >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 08 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:50:58, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2023) > rpc_finish_spnego_ntlmssp_bind: alter context request to remote machine SAMBA pipe \lsarpc fnum 0x71ce. >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2374) > cli_rpc_pipe_open_ntlmssp_internal: opened pipe \lsarpc to machine SAMBA and bound NTLMSSP as user RK_KLBG\MONSTER$. >[2009/03/10 11:50:58, 10] winbindd/winbindd_cm.c:cm_connect_lsa(2177) > cm_connect_lsa: connected to LSA pipe for domain RK_KLBG using NTLMSSP authenticated pipe: user RK_KLBG\MONSTER$ >[2009/03/10 11:50:58, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/03/10 11:50:58, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0060 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 04 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:50:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29134 (0x71CE) > smb_bcc=111 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 10 00 09 00 00 00 2C .......` ......., > [020] 00 00 00 00 00 06 00 28 7A 6A 98 29 5E 38 96 DD .......( zj.)^8.. > [030] 37 72 9F 43 8D 14 EC DC 4E 59 0E 6E EC 0D 48 97 7r.C.... NY.n..H. > [040] AC C9 91 D7 9B FF F9 24 55 3A 0B 26 C4 FC 67 E1 .......$ U:.&..g. > [050] 5A FB CD A2 EA 29 9E 09 06 04 00 01 00 00 00 01 Z....).. ........ > [060] 00 00 00 9E AA 11 73 12 10 C1 B9 00 00 00 00 ......s. ....... >[2009/03/10 11:50:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,182) >[2009/03/10 11:50:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,182) wrote 182 >[2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 91 E4 9B AB 2A 1F F2 ........ .....*.. > [020] DF 88 4E 37 02 A9 EA 5B 32 DF D3 31 C4 7C 01 BD ..N7...[ 2..1.|.. > [030] E8 09 06 00 00 01 00 00 00 01 00 00 00 57 66 2F ........ .....Wf/ > [040] 0A C3 6D EF 2E 00 00 00 00 ..m..... . >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 91 E4 9B AB 2A 1F F2 ........ .....*.. > [020] DF 88 4E 37 02 A9 EA 5B 32 DF D3 31 C4 7C 01 BD ..N7...[ 2..1.|.. > [030] E8 09 06 00 00 01 00 00 00 01 00 00 00 57 66 2F ........ .....Wf/ > [040] 0A C3 6D EF 2E 00 00 00 00 ..m..... . >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-b649-1246dd370000 > result : NT_STATUS_OK > lsa_EnumTrustDom: struct lsa_EnumTrustDom > in: struct lsa_EnumTrustDom > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-b649-1246dd370000 > resume_handle : * > resume_handle : 0x00000000 (0) > max_size : 0xffffffff (4294967295) >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000001c >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000d >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 04 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:50:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29134 (0x71CE) > smb_bcc=95 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 10 00 0A 00 00 00 1C .......P ........ > [020] 00 00 00 00 00 0D 00 00 AA 9C B1 4F A0 4B 4A 2E ........ ...O.KJ. > [030] 33 B9 2E 3D D1 4B 23 42 3B F7 3B C8 D4 4E 1B B3 3..=.K#B ;.;..N.. > [040] D9 C2 3D 1E E5 FD 49 09 06 04 00 01 00 00 00 01 ..=...I. ........ > [050] 00 00 00 EC B3 C9 AD E9 F6 90 8F 01 00 00 00 ........ ....... >[2009/03/10 11:50:58, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:50:58, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... > [010] 00 14 00 00 00 00 00 00 00 56 54 E0 91 FF CD 23 ........ .VT....# > [020] 28 4F 2D B4 0F 17 4E 44 E9 6E 8D 41 58 60 63 40 (O-...ND .n.AX`c@ > [030] 07 09 06 04 00 01 00 00 00 01 00 00 00 50 7E 88 ........ .....P~. > [040] 2F 2B B3 7C F4 01 00 00 00 /+.|.... . >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) >[2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... > [010] 00 14 00 00 00 00 00 00 00 56 54 E0 91 FF CD 23 ........ .VT....# > [020] 28 4F 2D B4 0F 17 4E 44 E9 6E 8D 41 58 60 63 40 (O-...ND .n.AX`c@ > [030] 07 09 06 04 00 01 00 00 00 01 00 00 00 50 7E 88 ........ .....P~. > [040] 2F 2B B3 7C F4 01 00 00 00 /+.|.... . >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 04 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 20, ss_len 4 >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:50:58, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x71ce returned 40 bytes. > lsa_EnumTrustDom: struct lsa_EnumTrustDom > out: struct lsa_EnumTrustDom > resume_handle : * > resume_handle : 0xffffffff (4294967295) > domains : * > domains: struct lsa_DomainList > count : 0x00000000 (0) > domains : * > domains: ARRAY(0) > result : NT_STATUS_NO_MORE_ENTRIES >[2009/03/10 11:50:58, 10] winbindd/winbindd_cache.c:cache_store_response(2428) > Storing response for pid 10199, len 3496 >[2009/03/10 11:51:10, 4] winbindd/winbindd_dual.c:fork_domain_child(1323) > child daemon request 18 >[2009/03/10 11:51:10, 10] winbindd/winbindd_dual.c:child_process_request(453) > child_process_request: request fn LIST_GROUPS >[2009/03/10 11:51:10, 10] winbindd/winbindd_cache.c:enum_dom_groups(1298) > enum_dom_groups: [Cached] - doing backend query for list for domain RK_KLBG >[2009/03/10 11:51:10, 3] winbindd/winbindd_rpc.c:enum_dom_groups(141) > rpc: enum_dom_groups >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,100) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,100) wrote 100 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=21 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=52992 (0xCF00) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[71cf]: \samr auth_type 3, auth_level 6 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(981) > create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1004) > create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: >[2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) > [000] 60 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E `N..+... ...D0B.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 0...+... ..7....0 > [020] 04 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 ..NTLMSS P.....5. > [030] 08 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 .`.... . ......'. > [040] 00 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 ..RK_KLB GMONSTER >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00a0 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0050 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=242 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=22 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 160 (0xA0) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29135 (0x71CF) > smb_bcc=175 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 A0 00 50 00 0B 00 00 00 B8 ........ .P...... > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` > [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... ..D0B..0 > [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7....0. > [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. > [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. > [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,246) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,246) wrote 246 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 389 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=22 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 0B 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 92 DE 84 97 37 5A 24 78 00 00 00 00 5..`.... 7Z$x.... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=22 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 0B 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 92 DE 84 97 37 5A 24 78 00 00 00 00 5..`.... 7Z$x.... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 333 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf returned 333 bytes. >[2009/03/10 11:51:10, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \samr fnum 0x71cf bind request returned ok. >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\samr. >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000025 smb_io_rpc_results >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 auth_pad_len : 08 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 auth_context_id: 00000001 >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:51:10, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) > [000] E9 F6 B1 09 66 2D F4 19 ....f-.. >[2009/03/10 11:51:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0e >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0108 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=346 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=23 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 264 (0x108) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 264 (0x108) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29135 (0x71CF) > smb_bcc=279 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0E 03 10 00 00 00 08 01 B8 00 0B 00 00 00 B8 ........ ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ > [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 ..0..... ...NTLMS > [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... > [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... > [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ > [0A0] 00 10 00 9C 00 00 00 35 82 08 60 74 D5 F7 95 01 .......5 ..`t.... > [0B0] E5 72 D9 00 00 00 00 00 00 00 00 00 00 00 00 00 .r...... ........ > [0C0] 00 00 00 23 B0 1C 9C A0 DC 86 12 58 78 D6 EE B4 ...#.... ...Xx... > [0D0] 53 79 DC 3B 0A B1 16 2E 34 45 3B 52 00 4B 00 5F Sy.;.... 4E;R.K._ > [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S > [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S > [100] 00 54 00 45 00 52 00 F9 4C 93 F0 03 8D BC 9E A5 .T.E.R.. L....... > [110] D5 B9 78 AA F2 DE 1C ..x.... >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,350) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,350) wrote 350 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 143 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0B 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0B 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 87 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf returned 87 bytes. >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 08 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2023) > rpc_finish_spnego_ntlmssp_bind: alter context request to remote machine SAMBA pipe \samr fnum 0x71cf. >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2374) > cli_rpc_pipe_open_ntlmssp_internal: opened pipe \samr to machine SAMBA and bound NTLMSSP as user RK_KLBG\MONSTER$. >[2009/03/10 11:51:10, 10] winbindd/winbindd_cm.c:cm_connect_sam(2040) > cm_connect_sam: connected to SAMR pipe for domain RK_KLBG using NTLMSSP authenticated pipe: user RK_KLBG\MONSTER$ > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'SAMBA' > access_mask : 0x02000000 (33554432) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 0: SAMR_ACCESS_ENUM_DOMAINS > 0: SAMR_ACCESS_OPEN_DOMAIN >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000020 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0039 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29135 (0x71CF) > smb_bcc=95 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 10 00 0C 00 00 00 20 .......P ....... > [020] 00 00 00 00 00 39 00 31 B8 DE 34 39 D4 81 0A F3 .....9.1 ..49.... > [030] FE 74 49 0D 26 62 BA B0 65 E2 26 DA 36 21 81 2D .tI.&b.. e.&.6!.- > [040] EB A8 60 5B 9A 7F 0D 09 06 00 00 01 00 00 00 01 ..`[.... ........ > [050] 00 00 00 BA 50 DC 1D D3 50 28 D4 00 00 00 00 ....P... P(..... >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0C 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 8E 4A 83 67 F1 06 35 ........ ..J.g..5 > [020] 2C 7B 18 8B 78 BA BD E2 46 CB C1 33 CC B0 ED 58 ,{..x... F..3...X > [030] 80 09 06 00 00 01 00 00 00 01 00 00 00 98 00 91 ........ ........ > [040] 99 40 89 61 E0 00 00 00 00 .@.a.... . >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0C 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 8E 4A 83 67 F1 06 35 ........ ..J.g..5 > [020] 2C 7B 18 8B 78 BA BD E2 46 CB C1 33 CC B0 ED 58 ,{..x... F..3...X > [030] 80 09 06 00 00 01 00 00 00 01 00 00 00 98 00 91 ........ ........ > [040] 99 40 89 61 E0 00 00 00 00 .@.a.... . >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf returned 48 bytes. > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-b649-1e46dd370000 > result : NT_STATUS_OK > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-b649-1e46dd370000 > access_mask : 0x02000000 (33554432) > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 0: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-181998944-1107627502-2274996074 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0068 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000050 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0050 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0051 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0052 auth_pad_len : 04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0053 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0054 auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29135 (0x71CF) > smb_bcc=119 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 68 00 10 00 0D 00 00 00 34 .......h .......4 > [020] 00 00 00 00 00 07 00 E8 7B 16 5B BE B8 13 6A 44 ........ {.[...jD > [030] 8B 4B 76 A1 CE 95 55 13 B7 2C B0 11 DD 79 CA 66 .Kv...U. .,...y.f > [040] F8 45 AB BB C0 B6 B8 3D E3 9B BB FD B9 06 4A 82 .E.....= ......J. > [050] 66 00 EB 12 1F BB 88 36 08 74 A2 A4 41 09 E8 09 f......6 .t..A... > [060] 06 04 00 01 00 00 00 01 00 00 00 BE C8 16 57 6C ........ ......Wl > [070] 47 AF A9 01 00 00 00 G...... >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,190) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,190) wrote 190 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0D 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 74 12 56 7B 8F 0E D1 ........ .t.V{... > [020] 11 89 80 4C 85 E3 7B D0 4F B3 18 6B 44 1B 69 62 ...L..{. O..kD.ib > [030] EF 09 06 00 00 01 00 00 00 01 00 00 00 1A 28 A2 ........ ......(. > [040] 2D FD 97 F9 FA 01 00 00 00 -....... . >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0D 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 74 12 56 7B 8F 0E D1 ........ .t.V{... > [020] 11 89 80 4C 85 E3 7B D0 4F B3 18 6B 44 1B 69 62 ...L..{. O..kD.ib > [030] EF 09 06 00 00 01 00 00 00 01 00 00 00 1A 28 A2 ........ ......(. > [040] 2D FD 97 F9 FA 01 00 00 00 -....... . >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71cf returned 48 bytes. > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_ACCESS_DENIED >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=26 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:51:10, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \samr to machine SAMBA >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=27 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:51:10, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,39) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,39) wrote 39 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=28 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:51:10, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(405) > fetch_cache_seqnum: invalid data size key [SEQNUM/RK_KLBG] >[2009/03/10 11:51:10, 10] winbindd/winbindd_rpc.c:sequence_number(923) > rpc: fetch sequence_number for RK_KLBG >[2009/03/10 11:51:10, 8] winbindd/winbindd_cm.c:connection_ok(1564) > connection_ok: Connection to SAMBA for domain RK_KLBG has NULL cli! >[2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(194) > Cache entry with key = SAFJOIN/DOMAIN/RK_KLBG couldn't be found >[2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = SAF/DOMAIN/RK_KLBG, value = SAMBA, timeout = Tue Mar 10 12:05:57 2009 >[2009/03/10 11:51:10, 5] libsmb/namequery.c:saf_fetch(200) > saf_fetch: Returning "SAMBA" for "RK_KLBG" domain >[2009/03/10 11:51:10, 10] winbindd/winbindd_cm.c:cm_open_connection(1399) > cm_open_connection: saf_servername is 'SAMBA' for domain RK_KLBG >[2009/03/10 11:51:10, 10] winbindd/winbindd_cm.c:cm_open_connection(1431) > cm_open_connection: dcname is 'SAMBA' for domain RK_KLBG >[2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(194) > Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found >[2009/03/10 11:51:10, 5] libads/dns.c:sitename_fetch(814) > sitename_fetch: No stored sitename for >[2009/03/10 11:51:10, 10] libsmb/namequery.c:internal_resolve_name(1505) > internal_resolve_name: looking up SAMBA#20 (sitename (null)) >[2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = NBT/SAMBA#20, value = 192.168.60.3:0, timeout = Tue Mar 10 11:57:52 2009 >[2009/03/10 11:51:10, 5] libsmb/namecache.c:namecache_fetch(233) > name SAMBA#20 found. >[2009/03/10 11:51:10, 10] winbindd/winbindd_cm.c:cm_prepare_connection(754) > cm_prepare_connection: connecting to DC SAMBA for domain RK_KLBG >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,194) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,194) wrote 194 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 127 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=59392 (0xE800) > smb_vwv[ 8]= 55 (0x37) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=18211 (0x4723) > smb_vwv[13]=28191 (0x6E1F) > smb_vwv[14]=51617 (0xC9A1) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=59392 (0xE800) > smb_vwv[ 8]= 55 (0x37) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=18211 (0x4723) > smb_vwv[13]=28191 (0x6E1F) > smb_vwv[14]=51617 (0xC9A1) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2009/03/10 11:51:10, 5] winbindd/winbindd_cm.c:cm_prepare_connection(860) > connecting to SAMBA from MONSTER with username [RK_KLBG]\[MONSTER$] >[2009/03/10 11:51:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) > Doing spnego session setup (blob length=58) >[2009/03/10 11:51:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 3 6 1 4 1 311 2 2 10 >[2009/03/10 11:51:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) > got principal=NONE >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 376 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=376 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 257 (0x101) > smb_bcc=333 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 15 82 89 60 F9 01 17 F0 BD CA 2F 95 00 ......`. ...../.. > [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 ........ ...>...R > [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... > [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. > [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 > [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r > [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e > [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g > [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m > [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r > [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o > [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b > [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... > [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [110] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 38 .b.a. .3 ...2...8 > [120] 00 2D 00 30 00 2E 00 32 00 36 00 6C 00 65 00 6F .-.0...2 .6.l.e.o > [130] 00 2E 00 66 00 63 00 31 00 30 00 00 00 52 00 4B ...f.c.1 .0...R.K > [140] 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 ._.K.L.B .G... >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=376 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 257 (0x101) > smb_bcc=333 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 15 82 89 60 F9 01 17 F0 BD CA 2F 95 00 ......`. ...../.. > [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 ........ ...>...R > [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... > [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. > [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 > [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r > [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e > [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g > [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m > [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r > [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o > [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b > [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... > [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [110] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 38 .b.a. .3 ...2...8 > [120] 00 2D 00 30 00 2E 00 32 00 36 00 6C 00 65 00 6F .-.0...2 .6.l.e.o > [130] 00 2E 00 66 00 63 00 31 00 30 00 00 00 52 00 4B ...f.c.1 .0...R.K > [140] 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 ._.K.L.B .G... >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:51:10, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) > [000] FA BE 19 CD B9 C0 24 91 ......$. >[2009/03/10 11:51:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,270) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,270) wrote 270 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=85 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 > [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 > [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B > [050] 00 47 00 00 00 .G... >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=10199 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=85 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 > [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 > [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B > [050] 00 47 00 00 00 .G... >[2009/03/10 11:51:10, 10] libsmb/clientgen.c:cli_init_creds(415) > cli_init_creds: user MONSTER$ domain RK_KLBG >[2009/03/10 11:51:10, 10] libsmb/namequery.c:saf_store(86) > saf_store: domain = [RK_KLBG], server = [SAMBA], expire = [1236683170] >[2009/03/10 11:51:10, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/RK_KLBG; value = SAMBA and timeout = Tue Mar 10 12:06:10 2009 > (900 seconds ahead) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,78) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,78) wrote 78 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 56 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 49 50 43 00 00 00 00 IPC.... >[2009/03/10 11:51:10, 10] winbindd/winbindd_cm.c:set_domain_online(390) > set_domain_online: called for domain RK_KLBG >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,100) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,100) wrote 100 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62976 (0xF600) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) > Bind RPC Pipe[71f6]: \samr auth_type 3, auth_level 6 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(981) > create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1004) > create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: >[2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) > [000] 60 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E `N..+... ...D0B.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 0...+... ..7....0 > [020] 04 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 ..NTLMSS P.....5. > [030] 08 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 .`.... . ......'. > [040] 00 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 ..RK_KLB GMONSTER >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00a0 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0050 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=242 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 160 (0xA0) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29174 (0x71F6) > smb_bcc=175 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 A0 00 50 00 0E 00 00 00 B8 ........ .P...... > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` > [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... ..D0B..0 > [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7....0. > [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. > [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. > [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,246) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,246) wrote 246 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 389 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 0E 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 F9 89 AD 59 AC 78 C4 0D 00 00 00 00 5..`...Y .x...... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=389 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 333 (0x14D) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 333 (0x14D) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=334 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 0E 00 00 ........ .M...... > [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... ........ > [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... > [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7..... ....NTLM > [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... > [080] 35 82 89 60 F9 89 AD 59 AC 78 C4 0D 00 00 00 00 5..`...Y .x...... > [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ........ >...R.K. > [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. > [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... > [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. > [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. > [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. > [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... > [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. > [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. > [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. > [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. > [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 333 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 returned 333 bytes. >[2009/03/10 11:51:10, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) > rpc_pipe_bind: Remote machine SAMBA pipe \samr fnum 0x71f6 bind request returned ok. >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 014d >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0101 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 000053f0 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000b >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \PIPE\samr. >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000025 smb_io_rpc_results >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:check_bind_response(1704) > check_bind_response: accepted! >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0044 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0045 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0046 auth_pad_len : 08 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0047 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 auth_context_id: 00000001 >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) > Got challenge flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60898235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > NTLMSSP: Set final flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) > NTLMSSP challenge set by NTLM2 >[2009/03/10 11:51:10, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) > challenge is: >[2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) > [000] E0 93 B2 0B BC E0 52 07 ......R. >[2009/03/10 11:51:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0e >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0108 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 00b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0048 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0049 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004a auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 004b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 004c auth_context_id: 00000001 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=346 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 264 (0x108) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 264 (0x108) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29174 (0x71F6) > smb_bcc=279 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0E 03 10 00 00 00 08 01 B8 00 0E 00 00 00 B8 ........ ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ > [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 ..0..... ...NTLMS > [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... > [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... > [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ > [0A0] 00 10 00 9C 00 00 00 35 82 08 60 78 72 D1 CF A8 .......5 ..`xr... > [0B0] 1D F5 95 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C0] 00 00 00 86 A7 83 56 4E 4C D3 EE 98 96 8C 17 34 ......VN L......4 > [0D0] B2 C0 F9 15 6C 13 11 87 D7 8E F0 52 00 4B 00 5F ....l... ...R.K._ > [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S > [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S > [100] 00 54 00 45 00 52 00 A7 29 05 6F 33 BD 57 96 C2 .T.E.R.. ).o3.W.. > [110] D4 4B E3 A5 84 85 C2 .K..... >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,350) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,350) wrote 350 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 143 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0E 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=143 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 87 (0x57) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 87 (0x57) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=88 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0E 00 00 ........ .W...... > [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ > [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ > [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. > [050] 01 04 01 82 37 02 02 0A ....7... >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 87 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 returned 87 bytes. >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0f >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0057 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0017 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 08 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2023) > rpc_finish_spnego_ntlmssp_bind: alter context request to remote machine SAMBA pipe \samr fnum 0x71f6. >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2374) > cli_rpc_pipe_open_ntlmssp_internal: opened pipe \samr to machine SAMBA and bound NTLMSSP as user RK_KLBG\MONSTER$. >[2009/03/10 11:51:10, 10] winbindd/winbindd_cm.c:cm_connect_sam(2040) > cm_connect_sam: connected to SAMR pipe for domain RK_KLBG using NTLMSSP authenticated pipe: user RK_KLBG\MONSTER$ > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'SAMBA' > access_mask : 0x02000000 (33554432) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 0: SAMR_ACCESS_ENUM_DOMAINS > 0: SAMR_ACCESS_OPEN_DOMAIN >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0050 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000f >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000020 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0039 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000038 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0038 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0039 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003a auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 003b auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 003c auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=162 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29174 (0x71F6) > smb_bcc=95 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 50 00 10 00 0F 00 00 00 20 .......P ....... > [020] 00 00 00 00 00 39 00 F3 11 AC 5D C3 90 9D 32 45 .....9.. ..]...2E > [030] 03 CA 09 46 2B 31 89 B6 32 9C 97 16 41 AF 0D 69 ...F+1.. 2...A..i > [040] D1 B8 08 8E BE F9 C2 09 06 00 00 01 00 00 00 01 ........ ........ > [050] 00 00 00 D6 88 12 8B 9D 23 65 3D 00 00 00 00 ........ #e=.... >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,166) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,166) wrote 166 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0F 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 B4 B9 90 FC AB E1 A9 ........ ........ > [020] 45 04 66 30 6C C9 6F 51 30 9B 8E B0 35 44 B0 A2 E.f0l.oQ 0...5D.. > [030] B4 09 06 00 00 01 00 00 00 01 00 00 00 F0 52 06 ........ ......R. > [040] AD CE CB C1 F0 00 00 00 00 ........ . >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0F 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 B4 B9 90 FC AB E1 A9 ........ ........ > [020] 45 04 66 30 6C C9 6F 51 30 9B 8E B0 35 44 B0 A2 E.f0l.oQ 0...5D.. > [030] B4 09 06 00 00 01 00 00 00 01 00 00 00 F0 52 06 ........ ......R. > [040] AD CE CB C1 F0 00 00 00 00 ........ . >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000f >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 returned 48 bytes. > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-b649-1e46e8370000 > result : NT_STATUS_OK > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-b649-1e46e8370000 > access_mask : 0x02000000 (33554432) > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 0: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-181998944-1107627502-2274996074 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0068 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000050 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0050 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0051 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0052 auth_pad_len : 04 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0053 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0054 auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) > ntlmssp_seal_data: seal >[2009/03/10 11:51:10, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29174 (0x71F6) > smb_bcc=119 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 68 00 10 00 10 00 00 00 34 .......h .......4 > [020] 00 00 00 00 00 07 00 D5 8E 43 99 B3 54 63 52 A7 ........ .C..TcR. > [030] 0D 4F AC 0E 67 69 2A 6F C2 16 39 B4 4D 18 E3 72 .O..gi*o ..9.M..r > [040] 9B D0 C9 3F FF A5 0D 95 AE 03 07 B3 16 2F 8D 92 ...?.... ...../.. > [050] A6 64 CC FE A1 8A CC 77 AC A5 6C 53 E8 EA AE 09 .d.....w ..lS.... > [060] 06 04 00 01 00 00 00 01 00 00 00 0A 05 7C 3F 6F ........ .....|?o > [070] A8 1A B3 01 00 00 00 ....... >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,190) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,190) wrote 190 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 128 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 10 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 E7 63 93 62 9F 55 14 ........ ..c.b.U. > [020] F8 15 EE D9 DF 66 98 E4 BA BF 59 12 9E 66 B4 69 .....f.. ..Y..f.i > [030] 62 09 06 00 00 01 00 00 00 01 00 00 00 BB FD 0F b....... ........ > [040] 65 72 81 99 F8 01 00 00 00 er...... . >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) > [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 10 00 00 ........ .H...... > [010] 00 18 00 00 00 00 00 00 00 E7 63 93 62 9F 55 14 ........ ..c.b.U. > [020] F8 15 EE D9 DF 66 98 E4 BA BF 59 12 9E 66 B4 69 .....f.. ..Y..f.i > [030] 62 09 06 00 00 01 00 00 00 01 00 00 00 BB FD 0F b....... ........ > [040] 65 72 81 99 F8 01 00 00 00 er...... . >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000010 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_hdr_auth hdr_auth >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0030 auth_type : 09 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0031 auth_level : 06 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0032 auth_pad_len : 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0033 auth_reserved: 00 >[2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 auth_context_id: 00000001 >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) > ntlmssp_unseal_packet: seal >[2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 72 at offset 0 >[2009/03/10 11:51:10, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine SAMBA pipe \samr fnum 0x71f6 returned 48 bytes. > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_ACCESS_DENIED >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,45) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,45) wrote 45 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:51:10, 10] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \samr to machine SAMBA >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(236) > write_socket(19,39) >[2009/03/10 11:51:10, 6] libsmb/clientgen.c:write_socket(239) > write_socket(19,39) wrote 39 >[2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) >[2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=10199 > smb_uid=100 > smb_mid=11 > smt_wct=0 > smb_bcc=0 >[2009/03/10 11:51:10, 10] winbindd/winbindd_cache.c:refresh_sequence_number(531) > refresh_sequence_number: failed with NT_STATUS_ACCESS_DENIED >[2009/03/10 11:51:10, 10] winbindd/winbindd_cache.c:store_cache_seqnum(456) > store_cache_seqnum: success [RK_KLBG][4294967295 @ 1236682270] >[2009/03/10 11:51:10, 10] winbindd/winbindd_cache.c:refresh_sequence_number(543) > refresh_sequence_number: RK_KLBG seq number is now -1 >[2009/03/10 11:51:10, 3] winbindd/winbindd_group.c:get_sam_group_entries(1027) > get_sam_group_entries: could not enumerate domain groups! Error: NT_STATUS_ACCESS_DENIED >[2009/03/10 11:51:10, 10] winbindd/winbindd_cache.c:cache_store_response(2428) > Storing response for pid 10199, len 3496 >[2009/03/10 11:51:18, 5] lib/gencache.c:gencache_shutdown(93) > Closing cache file
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3985">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6177
: 3985 |
3986
|
3987