[2009/03/15 12:29:03, 0] winbindd/winbindd.c:main(1115) winbindd version 3.3.0 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/03/15 12:29:04, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2578) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2009/03/15 12:29:13, 5] lib/debug.c:debug_dump_status(407) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2009/03/15 12:29:13, 10] winbindd/winbindd_dual.c:winbind_msg_debug(554) winbind_msg_debug: sending message to pid 4793. [2009/03/15 12:29:13, 10] lib/messages_local.c:messaging_tdb_store(215) messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_DEBUG (1) dest: struct server_id id : 0x000012b9 (4793) src: struct server_id id : 0x000012b6 (4790) buf : DATA_BLOB length=3 [2009/03/15 12:29:13, 10] lib/util.c:dump_data(2233) [000] 31 30 00 10. [2009/03/15 12:29:21, 6] winbindd/winbindd.c:new_connection(700) accepted socket 18 [2009/03/15 12:29:21, 10] winbindd/winbindd.c:process_request(403) process_request: request fn INTERFACE_VERSION [2009/03/15 12:29:21, 3] winbindd/winbindd_misc.c:winbindd_interface_version(754) [ 4802]: request interface version [2009/03/15 12:29:21, 10] winbindd/winbindd.c:process_request(403) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2009/03/15 12:29:21, 3] winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(787) [ 4802]: request location of privileged pipe [2009/03/15 12:29:21, 6] winbindd/winbindd.c:new_connection(700) accepted socket 19 [2009/03/15 12:29:21, 2] winbindd/winbindd.c:remove_client(744) final write to client failed: Relais brisé (pipe) [2009/03/15 12:29:21, 10] winbindd/winbindd.c:process_request(403) process_request: request fn SETGRENT [2009/03/15 12:29:21, 3] winbindd/winbindd_group.c:winbindd_setgrent_internal(1044) [ 4802]: setgrent [2009/03/15 12:29:21, 10] winbindd/winbindd.c:process_request(403) process_request: request fn GETGRENT [2009/03/15 12:29:21, 3] winbindd/winbindd_group.c:winbindd_getgrent(1261) [ 4802]: getgrent [2009/03/15 12:29:21, 10] winbindd/winbindd_group.c:winbindd_getgrent(1315) entry_index = 0, num_entries = 0 [2009/03/15 12:29:21, 8] winbindd/winbindd_cm.c:connection_ok(1580) connection_ok: Connection to for domain EVENTLAB has NULL cli! [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_get(194) Cache entry with key = SAFJOIN/DOMAIN/EVENTLAB couldn't be found [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/EVENTLAB, value = TLS-SRV-01, timeout = Sun Mar 15 12:36:25 2009 [2009/03/15 12:29:21, 5] libsmb/namequery.c:saf_fetch(200) saf_fetch: Returning "TLS-SRV-01" for "EVENTLAB" domain [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_get(194) Cache entry with key = NEG_CONN_CACHE/EVENTLAB,TLS-SRV-01 couldn't be found [2009/03/15 12:29:21, 9] libsmb/conncache.c:check_negative_conn_cache(150) check_negative_conn_cache returning result 0 for domain EVENTLAB server TLS-SRV-01 [2009/03/15 12:29:21, 10] winbindd/winbindd_cm.c:cm_open_connection(1421) cm_open_connection: saf_servername is 'TLS-SRV-01' for domain EVENTLAB [2009/03/15 12:29:21, 10] winbindd/winbindd_cm.c:cm_open_connection(1453) cm_open_connection: dcname is 'TLS-SRV-01' for domain EVENTLAB [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_get(194) Cache entry with key = NEG_CONN_CACHE/EVENTLAB,TLS-SRV-01 couldn't be found [2009/03/15 12:29:21, 9] libsmb/conncache.c:check_negative_conn_cache(150) check_negative_conn_cache returning result 0 for domain EVENTLAB server TLS-SRV-01 [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_get(194) Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found [2009/03/15 12:29:21, 5] libads/dns.c:sitename_fetch(814) sitename_fetch: No stored sitename for [2009/03/15 12:29:21, 10] libsmb/namequery.c:internal_resolve_name(1505) internal_resolve_name: looking up TLS-SRV-01#20 (sitename (null)) [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/TLS-SRV-01#20, value = 10.211.254.254:0, timeout = Sun Mar 15 12:29:35 2009 [2009/03/15 12:29:21, 5] libsmb/namecache.c:namecache_fetch(233) name TLS-SRV-01#20 found. [2009/03/15 12:29:21, 10] winbindd/winbindd_cm.c:cm_prepare_connection(774) cm_prepare_connection: connecting to DC TLS-SRV-01 for domain EVENTLAB [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,194) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,194) wrote 194 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 127 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4790 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 512 (0x200) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=11776 (0x2E00) smb_vwv[ 8]= 3 (0x3) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=58046 (0xE2BE) smb_vwv[13]=24904 (0x6148) smb_vwv[14]=51621 (0xC9A5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 74 6C 73 2D 73 72 76 2D 30 31 00 00 00 00 00 00 tls-srv- 01...... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4790 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 512 (0x200) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=11776 (0x2E00) smb_vwv[ 8]= 3 (0x3) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=58046 (0xE2BE) smb_vwv[13]=24904 (0x6148) smb_vwv[14]=51621 (0xC9A5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 74 6C 73 2D 73 72 76 2D 30 31 00 00 00 00 00 00 tls-srv- 01...... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2009/03/15 12:29:21, 3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(570) cm_get_ipc_userpass: No auth-user defined [2009/03/15 12:29:21, 10] winbindd/winbindd_cm.c:cm_prepare_connection(934) cm_prepare_connection: falling back to anonymous connection for DC TLS-SRV-01 [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,92) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,92) wrote 92 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 94 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=94 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4790 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=53 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 34 .b.a. .3 ...2...4 [020] 00 00 00 45 00 56 00 45 00 4E 00 54 00 4C 00 41 ...E.V.E .N.T.L.A [030] 00 42 00 00 00 .B... [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=94 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4790 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=53 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 34 .b.a. .3 ...2...4 [020] 00 00 00 45 00 56 00 45 00 4E 00 54 00 4C 00 41 ...E.V.E .N.T.L.A [030] 00 42 00 00 00 .B... [2009/03/15 12:29:21, 5] winbindd/winbindd_cm.c:cm_prepare_connection(938) Connected anonymously [2009/03/15 12:29:21, 10] libsmb/clientgen.c:cli_init_creds(415) cli_init_creds: user domain [2009/03/15 12:29:21, 10] libsmb/namequery.c:saf_store(86) saf_store: domain = [EVENTLAB], server = [TLS-SRV-01], expire = [1237117461] [2009/03/15 12:29:21, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/EVENTLAB; value = TLS-SRV-01 and timeout = Sun Mar 15 12:44:21 2009 (900 seconds ahead) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,88) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,88) wrote 88 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 56 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 49 50 43 00 00 00 00 IPC.... [2009/03/15 12:29:21, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(3063) set_global_winbindd_state_online: online requested. [2009/03/15 12:29:21, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(3066) set_global_winbindd_state_online: rejecting. [2009/03/15 12:29:21, 10] winbindd/winbindd_cm.c:set_domain_online(402) set_domain_online: called for domain EVENTLAB [2009/03/15 12:29:21, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_trustinfo(1662) set_dc_type_and_flags_trustinfo: domain EVENTLAB [2009/03/15 12:29:21, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1782) set_dc_type_and_flags_connect: domain EVENTLAB [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,104) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,104) wrote 104 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=48896 (0xBF00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/15 12:29:21, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf auth_type 0, auth_level 0 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:21, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 3919286a [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : b10c [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11d0 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9b a8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 00 c0 4f d9 2e f5 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:21, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30143 (0x75BF) smb_bcc=87 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,158) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,158) wrote 158 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 124 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 68 at offset 0 [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf returned 68 bytes. [2009/03/15 12:29:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf bind request returned ok. [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000d [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsarpc. [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000027 smb_io_rpc_results [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/03/15 12:29:21, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/03/15 12:29:21, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine TLS-SRV-01 and bound anonymously. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001a [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000002 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0000 [2009/03/15 12:29:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30143 (0x75BF) smb_bcc=41 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 09 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,112) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,112) wrote 112 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 160 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 09 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .P...... ........ [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ [030] 00 00 00 00 00 E8 2B B7 C6 DD F3 3D 4C 9E CA 75 ......+. ...=L..u [040] DD 92 39 1E BA 09 00 00 00 00 00 00 00 09 00 00 ..9..... ........ [050] 00 45 00 56 00 45 00 4E 00 54 00 4C 00 41 00 42 .E.V.E.N .T.L.A.B [060] 00 00 00 00 00 00 00 00 00 ........ . [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 09 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .P...... ........ [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ [030] 00 00 00 00 00 E8 2B B7 C6 DD F3 3D 4C 9E CA 75 ......+. ...=L..u [040] DD 92 39 1E BA 09 00 00 00 00 00 00 00 09 00 00 ..9..... ........ [050] 00 45 00 56 00 45 00 4E 00 54 00 4C 00 41 00 42 .E.V.E.N .T.L.A.B [060] 00 00 00 00 00 00 00 00 00 ........ . [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000050 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 104 at offset 0 [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf returned 160 bytes. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_PRIMARY_DC (5) flags : 0x01000000 (16777216) 0: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'EVENTLAB' dns_domain : NULL forest : NULL domain_guid : c6b72be8-f3dd-4c3d-9eca-75dd92391eba result : WERR_OK [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=7 smt_wct=0 smb_bcc=0 [2009/03/15 12:29:21, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host TLS-SRV-01, pipe \lsarpc, fnum 0x75bf [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,104) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,104) wrote 104 [2009/03/15 12:29:21, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=49152 (0xC000) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/15 12:29:21, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 auth_type 0, auth_level 0 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:21, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/03/15 12:29:21, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:21, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:21, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:21, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 [2009/03/15 12:29:21, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:21, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30144 (0x75C0) smb_bcc=87 [2009/03/15 12:29:21, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0A 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,158) [2009/03/15 12:29:21, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,158) wrote 158 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 124 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0A 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0A 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 68 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 returned 68 bytes. [2009/03/15 12:29:22, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 bind request returned ok. [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000d [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsarpc. [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000027 smb_io_rpc_results [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine TLS-SRV-01 and bound anonymously. [2009/03/15 12:29:22, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2009/03/15 12:29:22, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\TLS-SRV-01' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000050 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002c [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30144 (0x75C0) smb_bcc=119 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 00 00 0B 00 00 00 50 .......h .......P [020] 00 00 00 00 00 2C 00 00 00 02 00 0D 00 00 00 00 .....,.. ........ [030] 00 00 00 0D 00 00 00 5C 00 5C 00 54 00 4C 00 53 .......\ .\.T.L.S [040] 00 2D 00 53 00 52 00 56 00 2D 00 30 00 31 00 00 .-.S.R.V .-.0.1.. [050] 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 ........ ........ [070] 00 01 00 00 00 00 02 ....... [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,190) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,190) wrote 190 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 104 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 BC 49 92 E6 2E 03 00 00 00 00 00 ......I. ........ [030] 00 . [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 BC 49 92 E6 2E 03 00 00 00 00 00 ......I. ........ [030] 00 . [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 48 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 returned 48 bytes. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-bc49-92e62e030000 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-bc49-92e62e030000 level : LSA_POLICY_INFO_DNS (12) [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002e [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30144 (0x75C0) smb_bcc=61 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 0C 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 BC 49 92 E6 2E 03 00 00 0C 00 ....I... ..... [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,132) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,132) wrote 132 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 88 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 0C 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 0C 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 23 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0020 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_hdr_fault fault [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c reserved: 00000000 [2009/03/15 12:29:22, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0! [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 32 at offset 0 [2009/03/15 12:29:22, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2009/03/15 12:29:22, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0006 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30144 (0x75C0) smb_bcc=83 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 0D 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,154) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,154) wrote 154 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 104 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 BC 49 92 E6 2E 03 00 00 00 00 00 ......I. ........ [030] 00 . [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 BC 49 92 E6 2E 03 00 00 00 00 00 ......I. ........ [030] 00 . [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 48 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 returned 48 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-bc49-92e62e030000 result : NT_STATUS_OK lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-bc49-92e62e030000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0007 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30144 (0x75C0) smb_bcc=61 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 0E 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 BC 49 92 E6 2E 03 00 00 05 00 ....I... ..... [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,132) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,132) wrote 132 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 160 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 0E 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ [020] 00 10 00 12 00 04 00 02 00 08 00 02 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 45 00 56 00 45 00 4E ........ .E.V.E.N [040] 00 54 00 4C 00 41 00 42 00 04 00 00 00 01 04 00 .T.L.A.B ........ [050] 00 00 00 00 05 15 00 00 00 2B 51 25 EE 92 A3 7E ........ .+Q%...~ [060] 3A 74 DC FF 7E 00 00 00 00 :t..~... . [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 0E 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ [020] 00 10 00 12 00 04 00 02 00 08 00 02 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 45 00 56 00 45 00 4E ........ .E.V.E.N [040] 00 54 00 4C 00 41 00 42 00 04 00 00 00 01 04 00 .T.L.A.B ........ [050] 00 00 00 00 05 15 00 00 00 2B 51 25 EE 92 A3 7E ........ .+Q%...~ [060] 3A 74 DC FF 7E 00 00 00 00 :t..~... . [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000050 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 104 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 returned 160 bytes. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0010 (16) size : 0x0012 (18) string : * string : 'EVENTLAB' sid : * sid : S-1-5-21-3995423019-981377938-2130697332 result : NT_STATUS_OK [2009/03/15 12:29:22, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1914) set_dc_type_and_flags_connect: domain EVENTLAB is NOT in native mode. [2009/03/15 12:29:22, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1917) set_dc_type_and_flags_connect: domain EVENTLAB is NOT running active directory. [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=14 smt_wct=0 smb_bcc=0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host TLS-SRV-01, pipe \lsarpc, fnum 0x75c0 [2009/03/15 12:29:22, 5] winbindd/winbindd_cache.c:get_cache(182) get_cache: Setting MS-RPC methods for domain EVENTLAB [2009/03/15 12:29:22, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(405) fetch_cache_seqnum: invalid data size key [SEQNUM/EVENTLAB] [2009/03/15 12:29:22, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4113) wcache_tdc_fetch_domain: Searching for domain EVENTLAB [2009/03/15 12:29:22, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4128) wcache_tdc_fetch_domain: Found domain EVENTLAB [2009/03/15 12:29:22, 10] winbindd/winbindd_rpc.c:sequence_number(957) rpc: fetch sequence_number for EVENTLAB [2009/03/15 12:29:22, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4113) wcache_tdc_fetch_domain: Searching for domain EVENTLAB [2009/03/15 12:29:22, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4128) wcache_tdc_fetch_domain: Found domain EVENTLAB [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend ldapsam [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'ldapsam' [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend ldapsam_compat [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'ldapsam_compat' [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend NDS_ldapsam [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'NDS_ldapsam' [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend NDS_ldapsam_compat [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'NDS_ldapsam_compat' [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend smbpasswd [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'smbpasswd' [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend tdbsam [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'tdbsam' [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:make_pdb_method_name(133) Attempting to find a passdb backend to match ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/ (ldapsam) [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:make_pdb_method_name(154) Found pdb backend ldapsam [2009/03/15 12:29:22, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ARCANEO))] [2009/03/15 12:29:22, 5] lib/smbldap.c:smbldap_search_ext(1203) smbldap_search_ext: base => [dc=internal,dc=arcaneo,dc=fr], filter => [(&(objectClass=sambaDomain)(sambaDomainName=ARCANEO))], scope => [2] [2009/03/15 12:29:22, 5] lib/smbldap.c:smbldap_close(1105) The connection to the LDAP server was closed [2009/03/15 12:29:22, 10] lib/smbldap.c:smb_ldap_setup_conn(618) smb_ldap_setup_connection: ldapi://%2fvar%2frun%2fslapd%2fldapi/ [2009/03/15 12:29:22, 2] lib/smbldap.c:smbldap_open_connection(798) smbldap_open_connection: connection opened [2009/03/15 12:29:22, 10] lib/smbldap.c:smbldap_connect_system(963) ldap_connect_system: Binding to ldap server ldapi://%2fvar%2frun%2fslapd%2fldapi/ as "cn=SambaAdmin,dc=internal,dc=arcaneo,dc=fr" [2009/03/15 12:29:22, 3] lib/smbldap.c:smbldap_connect_system(1009) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2009/03/15 12:29:22, 4] lib/smbldap.c:smbldap_open(1085) The LDAP server is successfully connected [2009/03/15 12:29:22, 5] passdb/pdb_interface.c:make_pdb_method_name(165) pdb backend ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/ has a valid init [2009/03/15 12:29:22, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5859) ldapsam_get_trusteddom_pw called for domain EVENTLAB [2009/03/15 12:29:22, 5] lib/smbldap.c:smbldap_search_ext(1203) smbldap_search_ext: base => [sambaDomainName=EVENTLAB,sambaDomainName=ARCANEO,dc=internal,dc=arcaneo,dc=fr], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=EVENTLAB))], scope => [2] [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,100) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,100) wrote 100 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=15 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=49408 (0xC100) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c1 auth_type 3, auth_level 6 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1133) create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1156) create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: [2009/03/15 12:29:22, 5] lib/util.c:dump_data(2233) [000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... ...G0E.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7....3 [020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 .1NTLMSS P.....5. [030] 08 60 07 00 07 00 20 00 00 00 0A 00 0A 00 27 00 .`.... . ......'. [040] 00 00 41 52 43 41 4E 45 4F 42 4C 47 2D 53 52 56 ..ARCANE OBLG-SRV [050] 2D 30 31 -01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a3 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0053 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ac [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c1 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=245 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 163 (0xA3) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 163 (0xA3) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30145 (0x75C1) smb_bcc=178 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 A3 00 53 00 0F 00 00 00 B8 ........ .S...... [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E 30 Q..+.... ..G0E..0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 04 ...+.... .7....3. [080] 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 1NTLMSSP .....5.. [090] 60 07 00 07 00 20 00 00 00 0A 00 0A 00 27 00 00 `.... .. .....'.. [0A0] 00 41 52 43 41 4E 45 4F 42 4C 47 2D 53 52 56 2D .ARCANEO BLG-SRV- [0B0] 30 31 01 [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,249) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,249) wrote 249 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 385 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=385 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 329 (0x149) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 329 (0x149) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=330 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 49 01 FD 00 0F 00 00 ........ .I...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FA `....... ........ [050] 30 81 F7 A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 E1 04 81 DE 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 10 00 10 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 09 FA 51 4B E9 71 3E 9D 00 00 00 00 5..`..QK .q>..... [090] 00 00 00 00 9E 00 9E 00 40 00 00 00 45 00 56 00 ........ @...E.V. [0A0] 45 00 4E 00 54 00 4C 00 41 00 42 00 02 00 10 00 E.N.T.L. A.B..... [0B0] 45 00 56 00 45 00 4E 00 54 00 4C 00 41 00 42 00 E.V.E.N. T.L.A.B. [0C0] 01 00 14 00 54 00 4C 00 53 00 2D 00 53 00 52 00 ....T.L. S.-.S.R. [0D0] 56 00 2D 00 30 00 31 00 04 00 28 00 69 00 6E 00 V.-.0.1. ..(.i.n. [0E0] 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 65 00 t.e.r.n. a.l...e. [0F0] 76 00 65 00 6E 00 74 00 6C 00 61 00 62 00 2E 00 v.e.n.t. l.a.b... [100] 66 00 72 00 03 00 3E 00 74 00 6C 00 73 00 2D 00 f.r...>. t.l.s.-. [110] 73 00 72 00 76 00 2D 00 30 00 31 00 2E 00 69 00 s.r.v.-. 0.1...i. [120] 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 n.t.e.r. n.a.l... [130] 65 00 76 00 65 00 6E 00 74 00 6C 00 61 00 62 00 e.v.e.n. t.l.a.b. [140] 2E 00 66 00 72 00 00 00 00 00 ..f.r... .. [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=385 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 329 (0x149) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 329 (0x149) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=330 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 49 01 FD 00 0F 00 00 ........ .I...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FA `....... ........ [050] 30 81 F7 A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 E1 04 81 DE 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 10 00 10 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 09 FA 51 4B E9 71 3E 9D 00 00 00 00 5..`..QK .q>..... [090] 00 00 00 00 9E 00 9E 00 40 00 00 00 45 00 56 00 ........ @...E.V. [0A0] 45 00 4E 00 54 00 4C 00 41 00 42 00 02 00 10 00 E.N.T.L. A.B..... [0B0] 45 00 56 00 45 00 4E 00 54 00 4C 00 41 00 42 00 E.V.E.N. T.L.A.B. [0C0] 01 00 14 00 54 00 4C 00 53 00 2D 00 53 00 52 00 ....T.L. S.-.S.R. [0D0] 56 00 2D 00 30 00 31 00 04 00 28 00 69 00 6E 00 V.-.0.1. ..(.i.n. [0E0] 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 65 00 t.e.r.n. a.l...e. [0F0] 76 00 65 00 6E 00 74 00 6C 00 61 00 62 00 2E 00 v.e.n.t. l.a.b... [100] 66 00 72 00 03 00 3E 00 74 00 6C 00 73 00 2D 00 f.r...>. t.l.s.-. [110] 73 00 72 00 76 00 2D 00 30 00 31 00 2E 00 69 00 s.r.v.-. 0.1...i. [120] 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 n.t.e.r. n.a.l... [130] 65 00 76 00 65 00 6E 00 74 00 6C 00 61 00 62 00 e.v.e.n. t.l.a.b. [140] 2E 00 66 00 72 00 00 00 00 00 ..f.r... .. [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0149 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00fd [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 329 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c1 returned 329 bytes. [2009/03/15 12:29:22, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host TLS-SRV-01, pipe \samr, fnum 0x75c1 bind request returned ok. [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0149 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00fd [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000b [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\samr. [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000025 smb_io_rpc_results [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 auth_type : 09 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 auth_level : 06 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 auth_pad_len : 08 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 auth_reserved: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0048 auth_context_id: 00000001 [2009/03/15 12:29:22, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) Got challenge flags: [2009/03/15 12:29:22, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/15 12:29:22, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) NTLMSSP: Set final flags: [2009/03/15 12:29:22, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/15 12:29:22, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/15 12:29:22, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60008235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/15 12:29:22, 5] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(455) NTLMSSP Sign/Seal - using NTLM1 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00e0 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0090 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ac [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c1 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=306 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 224 (0xE0) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30145 (0x75C1) smb_bcc=239 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 E0 00 90 00 0F 00 00 00 B8 ........ ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ [060] 81 8D 30 81 8A A2 81 87 04 81 84 4E 54 4C 4D 53 ..0..... ...NTLMS [070] 53 50 00 03 00 00 00 00 00 00 00 40 00 00 00 00 SP...... ...@.... [080] 00 00 00 40 00 00 00 10 00 10 00 40 00 00 00 10 ...@.... ...@.... [090] 00 10 00 50 00 00 00 14 00 14 00 60 00 00 00 10 ...P.... ...`.... [0A0] 00 10 00 74 00 00 00 35 82 00 60 45 00 56 00 45 ...t...5 ..`E.V.E [0B0] 00 4E 00 54 00 4C 00 41 00 42 00 41 00 52 00 43 .N.T.L.A .B.A.R.C [0C0] 00 41 00 4E 00 45 00 4F 00 24 00 42 00 4C 00 47 .A.N.E.O .$.B.L.G [0D0] 00 2D 00 53 00 52 00 56 00 2D 00 30 00 31 00 1F .-.S.R.V .-.0.1.. [0E0] F7 17 DE 42 16 76 B4 15 7D 5E 5E 5A 56 F2 4E ...B.v.. }^^ZV.N [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,310) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,310) wrote 310 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 74 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=74 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 18 (0x12) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 18 (0x12) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=19 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0D 03 10 00 00 00 12 00 00 00 0F 00 00 ........ ........ [010] 00 00 00 ... [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=74 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 18 (0x12) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 18 (0x12) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=19 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0D 03 10 00 00 00 12 00 00 00 0F 00 00 ........ ........ [010] 00 00 00 ... [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0d [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0012 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/15 12:29:22, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(733) cli_pipe_validate_current_pdu: Bind NACK received from host TLS-SRV-01, pipe \samr, fnum 0x75c1! [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 18 at offset 0 [2009/03/15 12:29:22, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(3051) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=18 smt_wct=0 smb_bcc=0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host TLS-SRV-01, pipe \samr, fnum 0x75c1 [2009/03/15 12:29:22, 10] winbindd/winbindd_cm.c:cm_connect_sam(2052) cm_connect_sam: failed to connect to SAMR pipe for domain EVENTLAB using NTLMSSP authenticated pipe: user EVENTLAB\ARCANEO$. Error was NT_STATUS_NETWORK_ACCESS_DENIED [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,108) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,108) wrote 108 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=19 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=49664 (0xC200) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 auth_type 0, auth_level 0 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345678 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 cf fb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30146 (0x75C2) smb_bcc=87 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 10 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,158) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,158) wrote 158 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 10 00 00 ........ .H...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 10 00 00 ........ .H...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 72 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 returned 72 bytes. [2009/03/15 12:29:22, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 bind request returned ok. [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000f [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\netlogon. [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000029 smb_io_rpc_results [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002c num_results: 01 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0030 result : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0032 reason : 0000 [2009/03/15 12:29:22, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:22, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine TLS-SRV-01 and bound anonymously. [2009/03/15 12:29:22, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5859) ldapsam_get_trusteddom_pw called for domain EVENTLAB [2009/03/15 12:29:22, 5] lib/smbldap.c:smbldap_search_ext(1203) smbldap_search_ext: base => [sambaDomainName=EVENTLAB,sambaDomainName=ARCANEO,dc=internal,dc=arcaneo,dc=fr], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=EVENTLAB))], scope => [2] netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\TLS-SRV-01' computer_name : 'BLG-SRV-01' credentials : * credentials: struct netr_Credential data : 79433f01f159853f [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 006e [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000011 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000056 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0004 [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 110 (0x6E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 110 (0x6E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30146 (0x75C2) smb_bcc=125 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6E 00 00 00 11 00 00 00 56 .......n .......V [020] 00 00 00 00 00 04 00 00 00 02 00 0D 00 00 00 00 ........ ........ [030] 00 00 00 0D 00 00 00 5C 00 5C 00 54 00 4C 00 53 .......\ .\.T.L.S [040] 00 2D 00 53 00 52 00 56 00 2D 00 30 00 31 00 00 .-.S.R.V .-.0.1.. [050] 00 00 00 0B 00 00 00 00 00 00 00 0B 00 00 00 42 ........ .......B [060] 00 4C 00 47 00 2D 00 53 00 52 00 56 00 2D 00 30 .L.G.-.S .R.V.-.0 [070] 00 31 00 00 00 79 43 3F 01 F1 59 85 3F .1...yC? ..Y.? [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,196) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,196) wrote 196 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 92 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 BF AD 74 BD 91 2E 2E ........ ...t.... [020] 51 00 00 00 00 Q.... [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 BF AD 74 BD 91 2E 2E ........ ...t.... [020] 51 00 00 00 00 Q.... [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000011 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 36 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 returned 24 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : bfad74bd912e2e51 result : NT_STATUS_OK [2009/03/15 12:29:22, 10] libsmb/credentials.c:creds_client_init(294) creds_client_init: neg_flags : 600fffff [2009/03/15 12:29:22, 10] libsmb/credentials.c:creds_client_init(295) creds_client_init: client chal : 79433F01F159853F [2009/03/15 12:29:22, 10] libsmb/credentials.c:creds_client_init(296) creds_client_init: server chal : BFAD74BD912E2E51 [2009/03/15 12:29:22, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2009/03/15 12:29:22, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: 79433F01F159853F [2009/03/15 12:29:22, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : BFAD74BD912E2E51 [2009/03/15 12:29:22, 10] libsmb/credentials.c:creds_client_init(314) creds_client_init: clnt : E75B11179FE4826E [2009/03/15 12:29:22, 10] libsmb/credentials.c:creds_client_init(315) creds_client_init: server : 2B454A4E55D75B77 [2009/03/15 12:29:22, 10] libsmb/credentials.c:creds_client_init(316) creds_client_init: seed : E75B11179FE4826E netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\TLS-SRV-01' account_name : 'ARCANEO$' secure_channel_type : SEC_CHAN_DOMAIN (4) computer_name : 'BLG-SRV-01' credentials : * credentials: struct netr_Credential data : e75b11179fe4826e negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0094 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000012 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000007c [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000f [2009/03/15 12:29:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=230 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30146 (0x75C2) smb_bcc=163 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 94 00 00 00 12 00 00 00 7C ........ .......| [020] 00 00 00 00 00 0F 00 00 00 02 00 0D 00 00 00 00 ........ ........ [030] 00 00 00 0D 00 00 00 5C 00 5C 00 54 00 4C 00 53 .......\ .\.T.L.S [040] 00 2D 00 53 00 52 00 56 00 2D 00 30 00 31 00 00 .-.S.R.V .-.0.1.. [050] 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 41 ........ .......A [060] 00 52 00 43 00 41 00 4E 00 45 00 4F 00 24 00 00 .R.C.A.N .E.O.$.. [070] 00 04 00 0B 00 00 00 00 00 00 00 0B 00 00 00 42 ........ .......B [080] 00 4C 00 47 00 2D 00 53 00 52 00 56 00 2D 00 30 .L.G.-.S .R.V.-.0 [090] 00 31 00 00 00 E7 5B 11 17 9F E4 82 6E 00 00 FF .1....[. ....n... [0A0] FF 0F 60 ..` [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,234) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,234) wrote 234 [2009/03/15 12:29:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 96 [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 2B 45 4A 4E 55 D7 5B ........ .+EJNU.[ [020] 77 FF 01 00 40 00 00 00 00 w...@... . [2009/03/15 12:29:22, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:22, 5] lib/util.c:show_msg(655) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2009/03/15 12:29:22, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 2B 45 4A 4E 55 D7 5B ........ .+EJNU.[ [020] 77 FF 01 00 40 00 00 00 00 w...@... . [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000012 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:22, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 40 at offset 0 [2009/03/15 12:29:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 returned 32 bytes. netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 2b454a4e55d75b77 negotiate_flags : * negotiate_flags : 0x400001ff (1073742335) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2009/03/15 12:29:22, 10] libsmb/credentials.c:netlogon_creds_client_check(338) netlogon_creds_client_check: credentials check OK. [2009/03/15 12:29:22, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(130) rpccli_netlogon_setup_creds: server TLS-SRV-01 credential chain established. [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,108) [2009/03/15 12:29:22, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,108) wrote 108 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=23 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=49920 (0xC300) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c3 auth_type 2, auth_level 6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 type1: 00000000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 type2: 00000003 [2009/03/15 12:29:23, 6] lib/util.c:dump_data(2233) [000] 45 56 45 4E 54 4C 41 42 EVENTLAB [2009/03/15 12:29:23, 6] lib/util.c:dump_data(2233) [000] 42 4C 47 2D 53 52 56 2D 30 31 BLG-SRV- 01 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 006c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000013 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:23, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345678 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 cf fb [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:23, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c3 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30147 (0x75C3) smb_bcc=123 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 6C 00 1C 00 13 00 00 00 B8 .......l ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 45 56 45 4E 54 4C 41 42 00 .......E VENTLAB. [070] 42 4C 47 2D 53 52 56 2D 30 31 00 BLG-SRV- 01. [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,194) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,194) wrote 194 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 148 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 5C 00 0C 00 13 00 00 ........ .\...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 44 06 08 00 01 00 00 .+.H`... .D...... [050] 00 01 00 00 00 00 00 00 00 05 00 00 00 ........ ..... [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 5C 00 0C 00 13 00 00 ........ .\...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 44 06 08 00 01 00 00 .+.H`... .D...... [050] 00 01 00 00 00 00 00 00 00 05 00 00 00 ........ ..... [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 005c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000013 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 92 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c3 returned 92 bytes. [2009/03/15 12:29:23, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c3 bind request returned ok. [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 005c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000013 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000f [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\netlogon. [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000029 smb_io_rpc_results [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002c num_results: 01 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0030 result : 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0032 reason : 0000 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:23, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(3250) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine TLS-SRV-01 for domain EVENTLAB and bound using schannel. [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=25 smt_wct=0 smb_bcc=0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host TLS-SRV-01, pipe \NETLOGON, fnum 0x75c2 [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,100) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,100) wrote 100 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=26 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=50176 (0xC400) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 auth_type 2, auth_level 6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 type1: 00000000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 type2: 00000003 [2009/03/15 12:29:23, 6] lib/util.c:dump_data(2233) [000] 45 56 45 4E 54 4C 41 42 EVENTLAB [2009/03/15 12:29:23, 6] lib/util.c:dump_data(2233) [000] 42 4C 47 2D 53 52 56 2D 30 31 BLG-SRV- 01 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 006c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000014 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/03/15 12:29:23, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ac [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/03/15 12:29:23, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=27 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=123 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 6C 00 1C 00 14 00 00 00 B8 .......l ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 45 56 45 4E 54 4C 41 42 00 .......E VENTLAB. [070] 42 4C 47 2D 53 52 56 2D 30 31 00 BLG-SRV- 01. [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,194) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,194) wrote 194 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 14 00 00 ........ .X...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 05 00 00 00 ........ . [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 14 00 00 ........ .X...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 05 00 00 00 ........ . [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000014 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 88 bytes. [2009/03/15 12:29:23, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host TLS-SRV-01, pipe \samr, fnum 0x75c4 bind request returned ok. [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000014 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000b [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\samr. [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000025 smb_io_rpc_results [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/03/15 12:29:23, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/03/15 12:29:23, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(3250) cli_rpc_pipe_open_schannel_with_key: opened pipe \samr to machine TLS-SRV-01 for domain EVENTLAB and bound using schannel. [2009/03/15 12:29:23, 10] winbindd/winbindd_cm.c:cm_connect_sam(2094) cm_connect_sam: connected to SAMR pipe for domain EVENTLAB using schannel. samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'TLS-SRV-01' access_mask : 0x02000000 (33554432) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_OPEN_DOMAIN [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0070 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0039 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=0 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=0 data_len=48 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 seq_num: 7d 5f f8 ef 64 0d 4d 30 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 packet_digest: 4a d6 c7 11 a9 1d 86 64 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 confounder: 7e 24 b0 66 eb 29 a2 33 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=194 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=28 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=127 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 70 00 20 00 15 00 00 00 2C .......p . ....., [020] 00 00 00 00 00 39 00 F7 4D 9C 43 6C FE 21 17 81 .....9.. M.Cl.!.. [030] 21 10 6B DC 55 D1 B6 15 F7 B5 06 FA DE 9A E0 7E !.k.U... .......~ [040] A4 23 6D 2F 1F 81 20 AC 56 C6 17 5F E1 64 52 FE .#m/.. . V.._.dR. [050] 22 35 F1 DD 3B 80 00 44 06 04 00 01 00 00 00 77 "5..;..D .......w [060] 00 7A 00 FF FF 00 00 7D 5F F8 EF 64 0D 4D 30 4A .z.....} _..d.M0J [070] D6 C7 11 A9 1D 86 64 7E 24 B0 66 EB 29 A2 33 ......d~ $.f.).3 [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,198) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,198) wrote 198 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 15 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 2A A8 E4 B1 68 77 6C ........ .*...hwl [020] 78 A0 9B A8 58 0C 0A B8 85 D2 84 B0 31 AA 4E 58 x...X... ....1.NX [030] 42 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 BD...... .w.z.... [040] 00 A9 60 56 5B 2F B4 7B 56 CC 6C 6F CA A9 E5 35 ..`V[/.{ V.lo...5 [050] A8 03 01 20 10 6D 72 43 D2 ... .mrC . [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 15 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 2A A8 E4 B1 68 77 6C ........ .*...hwl [020] 78 A0 9B A8 58 0C 0A B8 85 D2 84 B0 31 AA 4E 58 x...X... ....1.NX [030] 42 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 BD...... .w.z.... [040] 00 A9 60 56 5B 2F B4 7B 56 CC 6C 6F CA A9 E5 35 ..`V[/.{ V.lo...5 [050] A8 03 01 20 10 6D 72 43 D2 ... .mrC . [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: a9 60 56 5b 2f b4 7b 56 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: cc 6c 6f ca a9 e5 35 a8 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 03 01 20 10 6d 72 43 d2 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=1 data_len=24 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=1 data_len=24 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-bc49-93e62e030000 result : NT_STATUS_OK samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-bc49-93e62e030000 access_mask : 0x02000000 (33554432) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-3995423019-981377938-2130697332 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000016 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000034 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0007 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0050 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0051 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0052 auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0053 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=2 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=2 data_len=56 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000058 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 seq_num: 82 81 68 e6 42 05 09 c6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 packet_digest: 30 36 e2 f8 45 13 c1 32 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0070 confounder: d5 af f1 bd cc a8 2e 96 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=29 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=135 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 20 00 16 00 00 00 34 .......x . .....4 [020] 00 00 00 00 00 07 00 12 04 B0 88 FB AF 5F 90 E8 ........ ....._.. [030] 6A BD 36 C2 B4 1A C4 EC 5E 02 55 5A D8 18 94 B4 j.6..... ^.UZ.... [040] 23 98 83 31 06 A6 BD 1E 17 BB 44 DE 81 46 0F AA #..1.... ..D..F.. [050] 3C CA 01 61 FB 58 63 99 84 37 23 53 66 D7 24 44 <..a.Xc. .7#Sf.$D [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 82 .......w .z...... [070] 81 68 E6 42 05 09 C6 30 36 E2 F8 45 13 C1 32 D5 .h.B...0 6..E..2. [080] AF F1 BD CC A8 2E 96 ....... [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,206) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,206) wrote 206 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=29 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 16 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 83 45 B6 19 BD BC 8C ........ ..E..... [020] F2 8F 22 2F 99 A5 7B 7F BD 90 EF 4F CF BA 20 37 .."/..{. ...O.. 7 [030] DF 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 2C AC 4A CA A7 2E 63 04 62 3C 08 64 1F BD 4C .,.J...c .b<.d..L [050] CF 8D 2C FA D6 56 02 3A 01 ..,..V.: . [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=29 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 16 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 83 45 B6 19 BD BC 8C ........ ..E..... [020] F2 8F 22 2F 99 A5 7B 7F BD 90 EF 4F CF BA 20 37 .."/..{. ...O.. 7 [030] DF 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 2C AC 4A CA A7 2E 63 04 62 3C 08 64 1F BD 4C .,.J...c .b<.d..L [050] CF 8D 2C FA D6 56 02 3A 01 ..,..V.: . [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000016 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 2c ac 4a ca a7 2e 63 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 62 3c 08 64 1f bd 4c cf [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 8d 2c fa d6 56 02 3a 01 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=3 data_len=24 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=3 data_len=24 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 result : NT_STATUS_OK samr_QueryDomainInfo: struct samr_QueryDomainInfo in: struct samr_QueryDomainInfo domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 level : 0x0008 (8) [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000017 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0008 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=4 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=4 data_len=24 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: d9 bd e0 9b cb b8 39 a4 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: de 31 2b 6d e4 d4 f5 5a [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 32 b0 e4 d4 78 fb ea d1 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=30 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=103 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 20 00 17 00 00 00 16 .......X . ...... [020] 00 00 00 00 00 08 00 41 5D E8 64 E4 98 F0 B9 97 .......A ].d..... [030] C8 1A B4 19 FA 17 67 F6 08 41 41 78 35 1E 09 44 ......g. .AAx5..D [040] 06 02 00 01 00 00 00 77 00 7A 00 FF FF 00 00 D9 .......w .z...... [050] BD E0 9B CB B8 39 A4 DE 31 2B 6D E4 D4 F5 5A 32 .....9.. 1+m...Z2 [060] B0 E4 D4 78 FB EA D1 ...x... [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 152 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=30 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 17 00 00 ........ .`. .... [010] 00 1C 00 00 00 00 00 00 00 58 89 A7 F1 F3 DF 96 ........ .X...... [020] 67 5E 5B A2 55 52 DE FD FF F2 BA F7 D4 D7 4D DF g^[.UR.. ......M. [030] B1 21 85 D2 9A AA 94 5D 72 44 06 04 00 01 00 00 .!.....] rD...... [040] 00 77 00 7A 00 FF FF 00 00 9A F9 34 00 97 9E A5 .w.z.... ...4.... [050] 16 68 C4 98 25 16 B5 16 7E 62 D4 59 29 F8 08 E6 .h..%... ~b.Y)... [060] 81 . [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=30 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 60 00 20 00 17 00 00 ........ .`. .... [010] 00 1C 00 00 00 00 00 00 00 58 89 A7 F1 F3 DF 96 ........ .X...... [020] 67 5E 5B A2 55 52 DE FD FF F2 BA F7 D4 D7 4D DF g^[.UR.. ......M. [030] B1 21 85 D2 9A AA 94 5D 72 44 06 04 00 01 00 00 .!.....] rD...... [040] 00 77 00 7A 00 FF FF 00 00 9A F9 34 00 97 9E A5 .w.z.... ...4.... [050] 16 68 C4 98 25 16 B5 16 7E 62 D4 59 29 F8 08 E6 .h..%... ~b.Y)... [060] 81 . [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000017 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 seq_num: 9a f9 34 00 97 9e a5 16 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 packet_digest: 68 c4 98 25 16 b5 16 7e [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 confounder: 62 d4 59 29 f8 08 e6 81 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=5 data_len=32 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=5 data_len=32 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 96, data_len 28, ss_len 4 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 96 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 56 bytes. samr_QueryDomainInfo: struct samr_QueryDomainInfo out: struct samr_QueryDomainInfo info : * info : * info : union samr_DomainInfo(case 8) info8: struct samr_DomInfo8 sequence_num : 0x0000000049bce693 (1237116563) domain_create_time : NTTIME(0) result : NT_STATUS_OK [2009/03/15 12:29:23, 10] winbindd/winbindd_rpc.c:sequence_number(1029) domain_sequence_number: for domain EVENTLAB is 1237116563 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:store_cache_seqnum(456) store_cache_seqnum: success [EVENTLAB][1237116563 @ 1237116563] [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:enum_dom_groups(1497) enum_dom_groups: [Cached] - doing backend query for list for domain EVENTLAB [2009/03/15 12:29:23, 3] winbindd/winbindd_rpc.c:enum_dom_groups(141) rpc: enum_dom_groups [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4113) wcache_tdc_fetch_domain: Searching for domain EVENTLAB [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4128) wcache_tdc_fetch_domain: Found domain EVENTLAB samr_EnumDomainGroups: struct samr_EnumDomainGroups in: struct samr_EnumDomainGroups domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0x0000ffff (65535) [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000b [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=6 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=6 data_len=32 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 seq_num: da 97 62 f5 04 97 f3 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 packet_digest: e0 7b 94 c8 b8 17 86 fe [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 confounder: fa aa 5e 01 3c 02 00 40 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=31 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=111 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 20 00 18 00 00 00 1C .......` . ...... [020] 00 00 00 00 00 0B 00 39 69 82 BB 1B 85 34 32 37 .......9 i....427 [030] FC 01 86 8E D8 90 E2 89 7F 4A A5 18 40 71 3D B2 ........ .J..@q=. [040] 06 82 D3 00 35 73 B2 44 06 04 00 01 00 00 00 77 ....5s.D .......w [050] 00 7A 00 FF FF 00 00 DA 97 62 F5 04 97 F3 02 E0 .z...... .b...... [060] 7B 94 C8 B8 17 86 FE FA AA 5E 01 3C 02 00 40 {....... .^.<..@ [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,182) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,182) wrote 182 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 616 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=616 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=31 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 560 (0x230) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 560 (0x230) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=561 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 02 20 00 18 00 00 ........ .0. .... [010] 00 EC 01 00 00 00 00 00 00 32 7D 1F 54 71 AE C5 ........ .2}.Tq.. [020] B0 71 32 2F 6A A2 7E B7 C1 61 97 11 5F C8 54 D2 .q2/j.~. .a.._.T. [030] D3 36 94 5F 89 3B D4 C1 D8 F4 15 67 E1 E9 E1 08 .6._.;.. ...g.... [040] 73 CB 0F 93 7F 8C 62 D0 84 08 4F E4 69 AF 75 1B s.....b. ..O.i.u. [050] 03 5C F8 E9 DE DB CF CC 35 BE BA 08 C0 6E B5 C1 .\...... 5....n.. [060] 96 64 AB 34 75 25 EB 08 F9 3A 04 5B E5 41 C3 E0 .d.4u%.. .:.[.A.. [070] D3 D3 E1 0A C4 29 40 20 59 4A EB 21 00 A7 35 A4 .....)@ YJ.!..5. [080] 2E A3 94 60 0B E7 55 1C BC 41 5E 54 D3 9A 7A 9E ...`..U. .A^T..z. [090] BF C8 61 7C BD AB 49 29 56 88 1A FF 5B 6A BE F9 ..a|..I) V...[j.. [0A0] 16 86 77 C3 DD 14 64 B6 34 8F 2A 2C 68 32 2D 8E ..w...d. 4.*,h2-. [0B0] 2F 64 D8 DA 05 F0 31 F2 8F 1D D7 10 35 E1 82 5B /d....1. ....5..[ [0C0] BB 48 44 D4 F7 6D 72 3A 01 DF 2C E8 B1 72 41 A4 .HD..mr: ..,..rA. [0D0] 4F 41 BA 15 2F 5F 88 CD 6D 3D CF A4 89 12 4C 92 OA../_.. m=....L. [0E0] 85 F3 0A 5C F5 AD 65 6A 41 89 B5 CF 5E DE 77 50 ...\..ej A...^.wP [0F0] D0 20 F8 1D 96 2A 9C 39 FC 72 EC 8A 92 1C 1D 20 . ...*.9 .r..... [100] 90 8E A4 9F 6F F7 E3 EC 52 EF 89 58 AC D4 B8 E0 ....o... R..X.... [110] DD FA 31 DB 7B 8E D0 15 35 E2 72 86 08 2E 2D D1 ..1.{... 5.r...-. [120] 6D C7 86 B4 96 DF D8 2C 61 E2 2E 26 FA 04 37 FF m......, a..&..7. [130] 78 5E 24 E4 5B C5 C2 17 EE 40 44 5F A6 5B D0 1F x^$.[... .@D_.[.. [140] F7 E4 8A 6F A9 4C BC 7F B2 EC 20 6D 1D 10 D7 24 ...o.L.. .. m...$ [150] FE 0E D0 7F EB 30 CD C4 7E 5A DF 0B 05 6F C2 C0 .....0.. ~Z...o.. [160] 69 2A 52 EE F3 EC CD 5D B8 DD 21 82 42 62 94 DF i*R....] ..!.Bb.. [170] 6C 88 C7 B2 4F 1B 8E 05 60 07 D1 FE 60 13 ED 30 l...O... `...`..0 [180] 8F EE E6 4A 5F C1 FE A3 6E B6 24 BA 48 59 82 44 ...J_... n.$.HY.D [190] E0 39 9C F9 AA 57 2B DD 5C 63 F9 00 BB 70 D3 4D .9...W+. \c...p.M [1A0] 33 C6 B2 CA B9 A3 56 43 DA 36 2F 8E 22 9D C8 A8 3.....VC .6/."... [1B0] E8 42 9E 2E 86 A3 D0 45 47 7D 00 D0 B7 13 B2 E8 .B.....E G}...... [1C0] 39 97 C1 DC 27 72 36 70 71 C9 49 B0 4F 05 3E 62 9...'r6p q.I.O.>b [1D0] 64 22 C3 C7 95 26 87 50 29 08 29 40 5B AA 1F 0B d"...&.P ).)@[... [1E0] 6D F3 27 7E 09 2B 0A 0B 52 56 EE CA 18 55 F9 50 m.'~.+.. RV...U.P [1F0] 56 92 7E 71 86 50 BE 87 EB BA E6 FB 97 D6 87 BB V.~q.P.. ........ [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=616 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=31 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 560 (0x230) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 560 (0x230) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=561 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 02 20 00 18 00 00 ........ .0. .... [010] 00 EC 01 00 00 00 00 00 00 32 7D 1F 54 71 AE C5 ........ .2}.Tq.. [020] B0 71 32 2F 6A A2 7E B7 C1 61 97 11 5F C8 54 D2 .q2/j.~. .a.._.T. [030] D3 36 94 5F 89 3B D4 C1 D8 F4 15 67 E1 E9 E1 08 .6._.;.. ...g.... [040] 73 CB 0F 93 7F 8C 62 D0 84 08 4F E4 69 AF 75 1B s.....b. ..O.i.u. [050] 03 5C F8 E9 DE DB CF CC 35 BE BA 08 C0 6E B5 C1 .\...... 5....n.. [060] 96 64 AB 34 75 25 EB 08 F9 3A 04 5B E5 41 C3 E0 .d.4u%.. .:.[.A.. [070] D3 D3 E1 0A C4 29 40 20 59 4A EB 21 00 A7 35 A4 .....)@ YJ.!..5. [080] 2E A3 94 60 0B E7 55 1C BC 41 5E 54 D3 9A 7A 9E ...`..U. .A^T..z. [090] BF C8 61 7C BD AB 49 29 56 88 1A FF 5B 6A BE F9 ..a|..I) V...[j.. [0A0] 16 86 77 C3 DD 14 64 B6 34 8F 2A 2C 68 32 2D 8E ..w...d. 4.*,h2-. [0B0] 2F 64 D8 DA 05 F0 31 F2 8F 1D D7 10 35 E1 82 5B /d....1. ....5..[ [0C0] BB 48 44 D4 F7 6D 72 3A 01 DF 2C E8 B1 72 41 A4 .HD..mr: ..,..rA. [0D0] 4F 41 BA 15 2F 5F 88 CD 6D 3D CF A4 89 12 4C 92 OA../_.. m=....L. [0E0] 85 F3 0A 5C F5 AD 65 6A 41 89 B5 CF 5E DE 77 50 ...\..ej A...^.wP [0F0] D0 20 F8 1D 96 2A 9C 39 FC 72 EC 8A 92 1C 1D 20 . ...*.9 .r..... [100] 90 8E A4 9F 6F F7 E3 EC 52 EF 89 58 AC D4 B8 E0 ....o... R..X.... [110] DD FA 31 DB 7B 8E D0 15 35 E2 72 86 08 2E 2D D1 ..1.{... 5.r...-. [120] 6D C7 86 B4 96 DF D8 2C 61 E2 2E 26 FA 04 37 FF m......, a..&..7. [130] 78 5E 24 E4 5B C5 C2 17 EE 40 44 5F A6 5B D0 1F x^$.[... .@D_.[.. [140] F7 E4 8A 6F A9 4C BC 7F B2 EC 20 6D 1D 10 D7 24 ...o.L.. .. m...$ [150] FE 0E D0 7F EB 30 CD C4 7E 5A DF 0B 05 6F C2 C0 .....0.. ~Z...o.. [160] 69 2A 52 EE F3 EC CD 5D B8 DD 21 82 42 62 94 DF i*R....] ..!.Bb.. [170] 6C 88 C7 B2 4F 1B 8E 05 60 07 D1 FE 60 13 ED 30 l...O... `...`..0 [180] 8F EE E6 4A 5F C1 FE A3 6E B6 24 BA 48 59 82 44 ...J_... n.$.HY.D [190] E0 39 9C F9 AA 57 2B DD 5C 63 F9 00 BB 70 D3 4D .9...W+. \c...p.M [1A0] 33 C6 B2 CA B9 A3 56 43 DA 36 2F 8E 22 9D C8 A8 3.....VC .6/."... [1B0] E8 42 9E 2E 86 A3 D0 45 47 7D 00 D0 B7 13 B2 E8 .B.....E G}...... [1C0] 39 97 C1 DC 27 72 36 70 71 C9 49 B0 4F 05 3E 62 9...'r6p q.I.O.>b [1D0] 64 22 C3 C7 95 26 87 50 29 08 29 40 5B AA 1F 0B d"...&.P ).)@[... [1E0] 6D F3 27 7E 09 2B 0A 0B 52 56 EE CA 18 55 F9 50 m.'~.+.. RV...U.P [1F0] 56 92 7E 71 86 50 BE 87 EB BA E6 FB 97 D6 87 BB V.~q.P.. ........ [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0230 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 000001ec [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000208 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0208 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0209 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 020a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 020b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 020c auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000210 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0210 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0218 seq_num: f9 74 a6 b4 8d 10 4d 5f [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0220 packet_digest: ab 3e 63 a8 85 1e 95 b5 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0228 confounder: 9d 6d 0c b1 11 bd 2b 37 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=7 data_len=496 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=7 data_len=496 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 560, data_len 492, ss_len 4 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 560 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 984 bytes. samr_EnumDomainGroups: struct samr_EnumDomainGroups out: struct samr_EnumDomainGroups resume_handle : * resume_handle : 0x00000000 (0) sam : * sam : * sam: struct samr_SamArray count : 0x00000006 (6) entries : * entries: ARRAY(6) entries: struct samr_SamEntry idx : 0x00000200 (512) name: struct lsa_String length : 0x0034 (52) size : 0x0034 (52) string : * string : 'Administrateurs du domaine' entries: struct samr_SamEntry idx : 0x00000202 (514) name: struct lsa_String length : 0x0024 (36) size : 0x0024 (36) string : * string : 'Invités du domaine' entries: struct samr_SamEntry idx : 0x00000201 (513) name: struct lsa_String length : 0x002e (46) size : 0x002e (46) string : * string : 'Utilisateurs du domaine' entries: struct samr_SamEntry idx : 0x00002329 (9001) name: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'Dossiers privés Eventlab' entries: struct samr_SamEntry idx : 0x0000232b (9003) name: struct lsa_String length : 0x0032 (50) size : 0x0032 (50) string : * string : 'Dossiers publics Eventlab' entries: struct samr_SamEntry idx : 0x00002af9 (11001) name: struct lsa_String length : 0x0054 (84) size : 0x0054 (84) string : * string : 'Administrateurs des sites internet de base' num_entries : * num_entries : 0x00000006 (6) result : NT_STATUS_OK [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(492) refresh_sequence_number: EVENTLAB time ok [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:23, 10] winbindd/idmap_util.c:idmap_sid_to_gid(216) idmap_sid_to_gid: sid = [S-1-5-21-3995423019-981377938-2130697332-512], domain = 'EVENTLAB' [2009/03/15 12:29:23, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-21-3995423019-981377938-2130697332-512, value = 20000, timeout = Sun Mar 22 12:21:27 2009 [2009/03/15 12:29:23, 10] winbindd/idmap_util.c:idmap_sid_to_gid(220) idmap_cache_find_sid2gid found 20000 [2009/03/15 12:29:23, 10] winbindd/idmap_util.c:idmap_sid_to_gid(229) Returning positive cache entry [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:winbindd_getgrent(1385) got gid 20000 for group 512 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(547) group SID S-1-5-21-3995423019-981377938-2130697332-512 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(492) refresh_sequence_number: EVENTLAB time ok [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:lookup_groupmem(2209) lookup_groupmem: [Cached] - doing backend query for info for domain EVENTLAB [2009/03/15 12:29:23, 10] winbindd/winbindd_rpc.c:lookup_groupmem(756) rpc: lookup_groupmem EVENTLAB sid=S-1-5-21-3995423019-981377938-2130697332-512 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4113) wcache_tdc_fetch_domain: Searching for domain EVENTLAB [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4128) wcache_tdc_fetch_domain: Found domain EVENTLAB samr_OpenGroup: struct samr_OpenGroup in: struct samr_OpenGroup domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 access_mask : 0x02000000 (33554432) 0: SAMR_GROUP_ACCESS_LOOKUP_INFO 0: SAMR_GROUP_ACCESS_SET_INFO 0: SAMR_GROUP_ACCESS_ADD_MEMBER 0: SAMR_GROUP_ACCESS_REMOVE_MEMBER 0: SAMR_GROUP_ACCESS_GET_MEMBERS rid : 0x00000200 (512) [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000019 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0013 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=8 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=8 data_len=32 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 seq_num: 0e b0 a5 8c 25 53 20 99 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 packet_digest: 95 93 d0 81 6b 9f dd 0c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 confounder: 8f 72 f8 70 fc 98 ff 22 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=32 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=111 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 20 00 19 00 00 00 1C .......` . ...... [020] 00 00 00 00 00 13 00 35 3C E9 93 D6 85 1F C3 9B .......5 <....... [030] A0 59 22 96 76 72 73 D0 C3 FA 6E 67 E0 D4 7F 40 .Y".vrs. ..ng...@ [040] 50 26 5C 21 76 94 77 44 06 04 00 01 00 00 00 77 P&\!v.wD .......w [050] 00 7A 00 FF FF 00 00 0E B0 A5 8C 25 53 20 99 95 .z...... ...%S .. [060] 93 D0 81 6B 9F DD 0C 8F 72 F8 70 FC 98 FF 22 ...k.... r.p..." [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,182) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,182) wrote 182 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=32 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 19 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 28 D2 2A 61 A8 4D B1 ........ .(.*a.M. [020] 50 74 1B 9F 4E 8E 6B 6D 1C EF 47 4E 37 43 36 81 Pt..N.km ..GN7C6. [030] 5F 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 _D...... .w.z.... [040] 00 03 A3 D1 C8 7C 53 C6 0E 32 24 6E DE 84 AF C6 .....|S. .2$n.... [050] 15 36 E1 D9 06 B7 A2 0A EF .6...... . [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=32 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 19 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 28 D2 2A 61 A8 4D B1 ........ .(.*a.M. [020] 50 74 1B 9F 4E 8E 6B 6D 1C EF 47 4E 37 43 36 81 Pt..N.km ..GN7C6. [030] 5F 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 _D...... .w.z.... [040] 00 03 A3 D1 C8 7C 53 C6 0E 32 24 6E DE 84 AF C6 .....|S. .2$n.... [050] 15 36 E1 D9 06 B7 A2 0A EF .6...... . [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000019 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 03 a3 d1 c8 7c 53 c6 0e [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 32 24 6e de 84 af c6 15 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 36 e1 d9 06 b7 a2 0a ef [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=9 data_len=24 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=9 data_len=24 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_OpenGroup: struct samr_OpenGroup out: struct samr_OpenGroup group_handle : * group_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-bc49-93e62e030000 result : NT_STATUS_OK samr_QueryGroupMember: struct samr_QueryGroupMember in: struct samr_QueryGroupMember group_handle : * group_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-bc49-93e62e030000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001a [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0019 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=10 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=10 data_len=24 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: b3 e0 e0 14 0f 4c ee 32 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: ad 1c f8 d1 95 69 1c a6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 42 31 2b c1 d0 57 64 27 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=33 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=103 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 20 00 1A 00 00 00 14 .......X . ...... [020] 00 00 00 00 00 19 00 95 EF 38 3F FE BE 29 27 CA ........ .8?..)'. [030] D4 BB 01 14 BC A1 B8 B6 2B 82 36 1F 99 65 76 44 ........ +.6..evD [040] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 B3 .......w .z...... [050] E0 E0 14 0F 4C EE 32 AD 1C F8 D1 95 69 1C A6 42 ....L.2. ....i..B [060] 31 2B C1 D0 57 64 27 1+..Wd' [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 168 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=33 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 70 00 20 00 1A 00 00 ........ .p. .... [010] 00 2C 00 00 00 00 00 00 00 19 18 2C 06 0E A6 07 .,...... ...,.... [020] FA E9 D0 97 D9 8B 27 EF 0F 54 EA 6E F0 21 50 B7 ......'. .T.n.!P. [030] 37 86 48 4D 59 66 DC 28 83 87 B7 B4 DC C8 A7 E5 7.HMYf.( ........ [040] 46 77 87 F5 82 87 D7 4C 36 44 06 04 00 01 00 00 Fw.....L 6D...... [050] 00 77 00 7A 00 FF FF 00 00 A5 4F D5 44 1A 04 A7 .w.z.... ..O.D... [060] 1D B0 A8 34 A3 1D 8E 9B 84 27 4F CD 6C BE 0D 37 ...4.... .'O.l..7 [070] 30 0 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=33 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 70 00 20 00 1A 00 00 ........ .p. .... [010] 00 2C 00 00 00 00 00 00 00 19 18 2C 06 0E A6 07 .,...... ...,.... [020] FA E9 D0 97 D9 8B 27 EF 0F 54 EA 6E F0 21 50 B7 ......'. .T.n.!P. [030] 37 86 48 4D 59 66 DC 28 83 87 B7 B4 DC C8 A7 E5 7.HMYf.( ........ [040] 46 77 87 F5 82 87 D7 4C 36 44 06 04 00 01 00 00 Fw.....L 6D...... [050] 00 77 00 7A 00 FF FF 00 00 A5 4F D5 44 1A 04 A7 .w.z.... ..O.D... [060] 1D B0 A8 34 A3 1D 8E 9B 84 27 4F CD 6C BE 0D 37 ...4.... .'O.l..7 [070] 30 0 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0070 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001a [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 seq_num: a5 4f d5 44 1a 04 a7 1d [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 packet_digest: b0 a8 34 a3 1d 8e 9b 84 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 confounder: 27 4f cd 6c be 0d 37 30 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=11 data_len=48 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=11 data_len=48 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 112, data_len 44, ss_len 4 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 112 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 88 bytes. samr_QueryGroupMember: struct samr_QueryGroupMember out: struct samr_QueryGroupMember rids : * rids : * rids: struct samr_RidTypeArray count : 0x00000002 (2) rids : * rids: ARRAY(2) rids : 0x000001f4 (500) rids : 0x00000bbc (3004) types : * types: ARRAY(2) types : 0x00000001 (1) types : 0x00000001 (1) result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-bc49-93e62e030000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001b [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=12 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=12 data_len=24 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: ba 41 ad 78 b1 43 7e e4 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 51 b7 bb b9 69 e4 68 17 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 34 4b 81 8f 13 e5 3e 7e [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=34 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=103 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 20 00 1B 00 00 00 14 .......X . ...... [020] 00 00 00 00 00 01 00 54 E1 C4 C1 8E 61 D9 B5 04 .......T ....a... [030] 43 46 13 9F C9 0F 4B 20 19 11 DC 45 DD 3E 32 44 CF....K ...E.>2D [040] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 BA .......w .z...... [050] 41 AD 78 B1 43 7E E4 51 B7 BB B9 69 E4 68 17 34 A.x.C~.Q ...i.h.4 [060] 4B 81 8F 13 E5 3E 7E K....>~ [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=34 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 1B 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 AF E7 13 BE 2E 58 CB ........ ......X. [020] 74 18 AF 93 BD 2E E7 33 A7 10 A1 22 08 FB F5 72 t......3 ..."...r [030] 9D 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 89 42 F2 FF 09 AE 66 97 C3 83 97 0A F1 34 8A ..B....f ......4. [050] 08 73 7E 53 2F FC 55 2D 51 .s~S/.U- Q [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=34 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 1B 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 AF E7 13 BE 2E 58 CB ........ ......X. [020] 74 18 AF 93 BD 2E E7 33 A7 10 A1 22 08 FB F5 72 t......3 ..."...r [030] 9D 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 89 42 F2 FF 09 AE 66 97 C3 83 97 0A F1 34 8A ..B....f ......4. [050] 08 73 7E 53 2F FC 55 2D 51 .s~S/.U- Q [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001b [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 89 42 f2 ff 09 ae 66 97 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: c3 83 97 0a f1 34 8a 08 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 73 7e 53 2f fc 55 2d 51 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=13 data_len=24 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=13 data_len=24 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_LookupRids: struct samr_LookupRids in: struct samr_LookupRids domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 num_rids : 0x00000002 (2) rids: ARRAY(2) rids : 0x000001f4 (500) rids : 0x00000bbc (3004) [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0070 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0012 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=14 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=14 data_len=48 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 seq_num: fb 8a 37 66 a1 a7 d4 6f [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 packet_digest: 67 e0 e4 1b a4 10 c1 6f [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 confounder: cb da 99 61 15 0f 6a c4 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=194 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=35 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=127 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 70 00 20 00 1C 00 00 00 2C .......p . ....., [020] 00 00 00 00 00 12 00 E0 D6 08 C3 0C 8B 8E 3F 77 ........ ......?w [030] B3 BF BB 77 25 3A F0 E7 6E A3 A8 61 6F 34 FC 14 ...w%:.. n..ao4.. [040] 72 DD 88 D7 15 98 39 BF 62 49 65 E2 F2 47 77 64 r.....9. bIe..Gwd [050] 95 E9 44 B6 0A 53 F0 44 06 04 00 01 00 00 00 77 ..D..S.D .......w [060] 00 7A 00 FF FF 00 00 FB 8A 37 66 A1 A7 D4 6F 67 .z...... .7f...og [070] E0 E4 1B A4 10 C1 6F CB DA 99 61 15 0F 6A C4 ......o. ..a..j. [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,198) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,198) wrote 198 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 232 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=35 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 B0 00 20 00 1C 00 00 ........ ... .... [010] 00 6C 00 00 00 00 00 00 00 10 F0 89 A2 C7 C6 7D .l...... .......} [020] B8 C4 26 D0 39 71 F1 2F 1D 96 28 96 49 65 42 B7 ..&.9q./ ..(.IeB. [030] E4 80 DF F3 1E F8 E3 7C 27 41 AA 10 CF 16 2E F6 .......| 'A...... [040] C1 05 ED CE A3 9B 42 80 F0 0F BF DB 4E 98 22 50 ......B. ....N."P [050] 34 F2 2B 60 6A D8 49 C0 73 77 B4 EB C0 1D 59 84 4.+`j.I. sw....Y. [060] 2F EB 09 57 A7 5B 1D 60 2D B9 92 9B 22 98 17 62 /..W.[.` -..."..b [070] EB 7E 9C 2C 6F 22 64 E1 A5 04 B3 2D 29 DB EC 1F .~.,o"d. ...-)... [080] 16 4F 07 1C 39 B4 F3 77 4A 44 06 04 00 01 00 00 .O..9..w JD...... [090] 00 77 00 7A 00 FF FF 00 00 D9 D1 A2 BA 91 AD 90 .w.z.... ........ [0A0] 2D B1 B1 E5 A9 16 A5 C2 E9 60 6E 77 B0 34 2B 59 -....... .`nw.4+Y [0B0] F1 . [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=35 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 B0 00 20 00 1C 00 00 ........ ... .... [010] 00 6C 00 00 00 00 00 00 00 10 F0 89 A2 C7 C6 7D .l...... .......} [020] B8 C4 26 D0 39 71 F1 2F 1D 96 28 96 49 65 42 B7 ..&.9q./ ..(.IeB. [030] E4 80 DF F3 1E F8 E3 7C 27 41 AA 10 CF 16 2E F6 .......| 'A...... [040] C1 05 ED CE A3 9B 42 80 F0 0F BF DB 4E 98 22 50 ......B. ....N."P [050] 34 F2 2B 60 6A D8 49 C0 73 77 B4 EB C0 1D 59 84 4.+`j.I. sw....Y. [060] 2F EB 09 57 A7 5B 1D 60 2D B9 92 9B 22 98 17 62 /..W.[.` -..."..b [070] EB 7E 9C 2C 6F 22 64 E1 A5 04 B3 2D 29 DB EC 1F .~.,o"d. ...-)... [080] 16 4F 07 1C 39 B4 F3 77 4A 44 06 04 00 01 00 00 .O..9..w JD...... [090] 00 77 00 7A 00 FF FF 00 00 D9 D1 A2 BA 91 AD 90 .w.z.... ........ [0A0] 2D B1 B1 E5 A9 16 A5 C2 E9 60 6E 77 B0 34 2B 59 -....... .`nw.4+Y [0B0] F1 . [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00b0 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000006c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000088 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0088 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0089 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 008c auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000090 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0090 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0098 seq_num: d9 d1 a2 ba 91 ad 90 2d [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 00a0 packet_digest: b1 b1 e5 a9 16 a5 c2 e9 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 00a8 confounder: 60 6e 77 b0 34 2b 59 f1 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=15 data_len=112 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=15 data_len=112 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 176, data_len 108, ss_len 4 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 176 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 216 bytes. samr_LookupRids: struct samr_LookupRids out: struct samr_LookupRids names : * names: struct lsa_Strings count : 0x00000002 (2) names : * names: ARRAY(2) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'ntadmin' names: struct lsa_String length : 0x0010 (16) size : 0x0010 (16) string : * string : 'Francois' types : * types: struct samr_Ids count : 0x00000002 (2) ids : * ids: ARRAY(2) ids : 0x00000001 (1) ids : 0x00000001 (1) result : NT_STATUS_OK [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(492) refresh_sequence_number: EVENTLAB time ok [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(673) looked up 2 names [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\francois [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(690) buf_len + 18 = 18 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\ntadmin [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(690) buf_len + 17 = 35 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\francois [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(693) appending EVENTLAB\francois at ndx 0 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\ntadmin [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(693) appending EVENTLAB\ntadmin at ndx 18 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(724) num_mem = 2, len = 35, mem = EVENTLAB\francois,EVENTLAB\ntadmin [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(731) fill_grent_mem returning 1 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:winbindd_getgrent(1437) list_len = 0, mem_len = 35 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:winbindd_getgrent(1457) adding group num_entries = 0 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:winbindd_getgrent(1315) entry_index = 1, num_entries = 6 [2009/03/15 12:29:23, 10] winbindd/idmap_util.c:idmap_sid_to_gid(216) idmap_sid_to_gid: sid = [S-1-5-21-3995423019-981377938-2130697332-514], domain = 'EVENTLAB' [2009/03/15 12:29:23, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-21-3995423019-981377938-2130697332-514, value = 20001, timeout = Sun Mar 22 12:21:27 2009 [2009/03/15 12:29:23, 10] winbindd/idmap_util.c:idmap_sid_to_gid(220) idmap_cache_find_sid2gid found 20001 [2009/03/15 12:29:23, 10] winbindd/idmap_util.c:idmap_sid_to_gid(229) Returning positive cache entry [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:winbindd_getgrent(1385) got gid 20001 for group 514 [2009/03/15 12:29:23, 10] winbindd/winbindd_group.c:fill_grent_mem(547) group SID S-1-5-21-3995423019-981377938-2130697332-514 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(492) refresh_sequence_number: EVENTLAB time ok [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:lookup_groupmem(2209) lookup_groupmem: [Cached] - doing backend query for info for domain EVENTLAB [2009/03/15 12:29:23, 10] winbindd/winbindd_rpc.c:lookup_groupmem(756) rpc: lookup_groupmem EVENTLAB sid=S-1-5-21-3995423019-981377938-2130697332-514 [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4113) wcache_tdc_fetch_domain: Searching for domain EVENTLAB [2009/03/15 12:29:23, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4128) wcache_tdc_fetch_domain: Found domain EVENTLAB samr_OpenGroup: struct samr_OpenGroup in: struct samr_OpenGroup domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 access_mask : 0x02000000 (33554432) 0: SAMR_GROUP_ACCESS_LOOKUP_INFO 0: SAMR_GROUP_ACCESS_SET_INFO 0: SAMR_GROUP_ACCESS_ADD_MEMBER 0: SAMR_GROUP_ACCESS_REMOVE_MEMBER 0: SAMR_GROUP_ACCESS_GET_MEMBERS rid : 0x00000202 (514) [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001d [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0013 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=16 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=16 data_len=32 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 seq_num: 5a b4 4f 19 80 aa ec 3e [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 packet_digest: 7c 7e 1e 5a ae 4d eb 28 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 confounder: 04 2d 14 b6 93 dc c5 a7 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=36 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=111 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 20 00 1D 00 00 00 1C .......` . ...... [020] 00 00 00 00 00 13 00 C7 00 9E 05 17 37 16 04 62 ........ ....7..b [030] 65 A1 17 32 22 32 94 F3 2B 2C 88 A5 68 1D 83 3A e..2"2.. +,..h..: [040] 7E B8 70 0A 83 4E 28 44 06 04 00 01 00 00 00 77 ~.p..N(D .......w [050] 00 7A 00 FF FF 00 00 5A B4 4F 19 80 AA EC 3E 7C .z.....Z .O....>| [060] 7E 1E 5A AE 4D EB 28 04 2D 14 B6 93 DC C5 A7 ~.Z.M.(. -...... [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,182) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,182) wrote 182 [2009/03/15 12:29:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=36 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 1D 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 63 6B 20 4C F2 D3 CF ........ .ck L... [020] 2B B9 41 20 F0 94 BD 09 F0 2A CF 46 2C AB E2 90 +.A .... .*.F,... [030] 1C 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 19 7F A8 CE 8C 2E 96 C6 FD 0E C6 24 2F A6 47 ........ ....$/.G [050] B6 06 CB 63 30 DD 4A 7C 36 ...c0.J| 6 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=36 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 1D 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 63 6B 20 4C F2 D3 CF ........ .ck L... [020] 2B B9 41 20 F0 94 BD 09 F0 2A CF 46 2C AB E2 90 +.A .... .*.F,... [030] 1C 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 19 7F A8 CE 8C 2E 96 C6 FD 0E C6 24 2F A6 47 ........ ....$/.G [050] B6 06 CB 63 30 DD 4A 7C 36 ...c0.J| 6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001d [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 19 7f a8 ce 8c 2e 96 c6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: fd 0e c6 24 2f a6 47 b6 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 06 cb 63 30 dd 4a 7c 36 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=17 data_len=24 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=17 data_len=24 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_OpenGroup: struct samr_OpenGroup out: struct samr_OpenGroup group_handle : * group_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-bc49-93e62e030000 result : NT_STATUS_OK samr_QueryGroupMember: struct samr_QueryGroupMember in: struct samr_QueryGroupMember group_handle : * group_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-bc49-93e62e030000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001e [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0019 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:23, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=18 [2009/03/15 12:29:23, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=18 data_len=24 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: a4 b7 99 01 a5 30 e6 70 [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 64 71 0a 8e 3f 6b 53 8e [2009/03/15 12:29:23, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 9b a4 8f ba 8a f7 e6 63 [2009/03/15 12:29:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:23, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:23, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=37 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=103 [2009/03/15 12:29:23, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 20 00 1E 00 00 00 14 .......X . ...... [020] 00 00 00 00 00 19 00 79 1D B2 F9 0A 21 7A CC 29 .......y ....!z.) [030] 0D 0F 45 3A CE 4D C9 3E 86 36 6A 42 7C E4 58 44 ..E:.M.> .6jB|.XD [040] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 A4 .......w .z...... [050] B7 99 01 A5 30 E6 70 64 71 0A 8E 3F 6B 53 8E 9B ....0.pd q..?kS.. [060] A4 8F BA 8A F7 E6 63 ......c [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:23, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 168 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=37 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 70 00 20 00 1E 00 00 ........ .p. .... [010] 00 2C 00 00 00 00 00 00 00 94 35 9E 4B DD 35 11 .,...... ..5.K.5. [020] F4 E9 AF CF 1C 2A 0E BB 46 75 71 C5 51 D3 8B 81 .....*.. Fuq.Q... [030] 1F 97 2C 60 7A FA DC 76 F6 38 F9 06 48 18 99 3F ..,`z..v .8..H..? [040] 66 15 12 E6 71 00 D7 23 D0 44 06 04 00 01 00 00 f...q..# .D...... [050] 00 77 00 7A 00 FF FF 00 00 73 33 E8 0A 2D 78 21 .w.z.... .s3..-x! [060] 81 1F DF 39 11 B2 5E BD FE 45 1B 2E 1B 9E 28 2E ...9..^. .E....(. [070] AE . [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=37 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 70 00 20 00 1E 00 00 ........ .p. .... [010] 00 2C 00 00 00 00 00 00 00 94 35 9E 4B DD 35 11 .,...... ..5.K.5. [020] F4 E9 AF CF 1C 2A 0E BB 46 75 71 C5 51 D3 8B 81 .....*.. Fuq.Q... [030] 1F 97 2C 60 7A FA DC 76 F6 38 F9 06 48 18 99 3F ..,`z..v .8..H..? [040] 66 15 12 E6 71 00 D7 23 D0 44 06 04 00 01 00 00 f...q..# .D...... [050] 00 77 00 7A 00 FF FF 00 00 73 33 E8 0A 2D 78 21 .w.z.... .s3..-x! [060] 81 1F DF 39 11 B2 5E BD FE 45 1B 2E 1B 9E 28 2E ...9..^. .E....(. [070] AE . [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0070 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001e [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 seq_num: 73 33 e8 0a 2d 78 21 81 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 packet_digest: 1f df 39 11 b2 5e bd fe [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 confounder: 45 1b 2e 1b 9e 28 2e ae [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=19 data_len=48 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=19 data_len=48 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 112, data_len 44, ss_len 4 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 112 at offset 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 88 bytes. samr_QueryGroupMember: struct samr_QueryGroupMember out: struct samr_QueryGroupMember rids : * rids : * rids: struct samr_RidTypeArray count : 0x00000002 (2) rids : * rids: ARRAY(2) rids : 0x000003ed (1005) rids : 0x000001f5 (501) types : * types: ARRAY(2) types : 0x00000001 (1) types : 0x00000001 (1) result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-bc49-93e62e030000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001f [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=20 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=20 data_len=24 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 02 a8 be 9f 6d 41 d6 71 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 28 b2 45 3f 5c 4a 53 30 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 29 17 ca 4d 4b 13 b6 6e [2009/03/15 12:29:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=38 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=103 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 20 00 1F 00 00 00 14 .......X . ...... [020] 00 00 00 00 00 01 00 CF B3 4F 79 BA F1 95 0B 69 ........ .Oy....i [030] BB 38 55 FF 32 2F B2 93 A0 C2 A8 B0 39 BB 8A 44 .8U.2/.. ....9..D [040] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 02 .......w .z...... [050] A8 BE 9F 6D 41 D6 71 28 B2 45 3F 5C 4A 53 30 29 ...mA.q( .E?\JS0) [060] 17 CA 4D 4B 13 B6 6E ..MK..n [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=38 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 1F 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 59 38 49 BE E0 2E 4D ........ .Y8I...M [020] 0F 93 04 68 52 B6 6E 49 09 ED 0B C7 1E 88 F9 B6 ...hR.nI ........ [030] B5 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 D8 72 CB 39 4C 36 D8 B7 63 40 8A 1B 19 D6 C8 ..r.9L6. .c@..... [050] C5 AD DB FF CF B0 94 3B D3 .......; . [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=38 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 1F 00 00 ........ .X. .... [010] 00 18 00 00 00 00 00 00 00 59 38 49 BE E0 2E 4D ........ .Y8I...M [020] 0F 93 04 68 52 B6 6E 49 09 ED 0B C7 1E 88 F9 B6 ...hR.nI ........ [030] B5 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 D8 72 CB 39 4C 36 D8 B7 63 40 8A 1B 19 D6 C8 ..r.9L6. .c@..... [050] C5 AD DB FF CF B0 94 3B D3 .......; . [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001f [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: d8 72 cb 39 4c 36 d8 b7 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 63 40 8a 1b 19 d6 c8 c5 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: ad db ff cf b0 94 3b d3 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=21 data_len=24 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=21 data_len=24 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_LookupRids: struct samr_LookupRids in: struct samr_LookupRids domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 num_rids : 0x00000002 (2) rids: ARRAY(2) rids : 0x000003ed (1005) rids : 0x000001f5 (501) [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0070 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0012 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=22 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=22 data_len=48 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 seq_num: 77 c0 8a 6b 54 e9 d0 d1 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 packet_digest: cf 36 b1 15 d0 57 fc 94 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 confounder: 42 33 a1 9d e2 c4 64 bd [2009/03/15 12:29:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=194 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=39 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=127 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 70 00 20 00 20 00 00 00 2C .......p . . ..., [020] 00 00 00 00 00 12 00 8A 66 22 7A 9B 0D B4 61 C3 ........ f"z...a. [030] 87 D1 22 09 70 00 C1 11 56 ED F4 4C C0 AC 1F 3D ..".p... V..L...= [040] 7D 30 30 07 03 35 B2 93 48 B8 D5 66 0F B7 A6 6C }00..5.. H..f...l [050] 8D B0 4F 9C C3 93 FD 44 06 04 00 01 00 00 00 77 ..O....D .......w [060] 00 7A 00 FF FF 00 00 77 C0 8A 6B 54 E9 D0 D1 CF .z.....w ..kT.... [070] 36 B1 15 D0 57 FC 94 42 33 A1 9D E2 C4 64 BD 6...W..B 3....d. [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,198) [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,198) wrote 198 [2009/03/15 12:29:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 224 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=39 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 A8 00 20 00 20 00 00 ........ ... . .. [010] 00 68 00 00 00 00 00 00 00 57 B5 D8 EF 4D 25 41 .h...... .W...M%A [020] 8B 06 DA 9D A5 20 D5 A7 A0 0A D3 9F 3F FB 2F 9F ..... .. ....?./. [030] B4 30 89 F7 25 35 38 68 CB A9 D3 E7 63 CD D2 11 .0..%58h ....c... [040] A3 4D 1E C2 BA E6 FC EC A4 10 48 A7 02 BE 4F 49 .M...... ..H...OI [050] 00 29 83 A3 10 F3 40 38 03 52 1C 03 20 48 B5 E3 .)....@8 .R.. H.. [060] A3 FA C2 60 22 BB C0 FC 96 3C E4 14 C5 0F C9 22 ...`"... .<....." [070] 0B EE 99 7E E0 A6 AF 57 2F 20 C2 25 C3 F9 6E 6B ...~...W / .%..nk [080] 27 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 'D...... .w.z.... [090] 00 9F 27 36 97 C2 1D AC CC 33 41 8F D0 91 84 46 ..'6.... .3A....F [0A0] 19 BC F3 FE 08 7A 04 1E 3C .....z.. < [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=39 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 A8 00 20 00 20 00 00 ........ ... . .. [010] 00 68 00 00 00 00 00 00 00 57 B5 D8 EF 4D 25 41 .h...... .W...M%A [020] 8B 06 DA 9D A5 20 D5 A7 A0 0A D3 9F 3F FB 2F 9F ..... .. ....?./. [030] B4 30 89 F7 25 35 38 68 CB A9 D3 E7 63 CD D2 11 .0..%58h ....c... [040] A3 4D 1E C2 BA E6 FC EC A4 10 48 A7 02 BE 4F 49 .M...... ..H...OI [050] 00 29 83 A3 10 F3 40 38 03 52 1C 03 20 48 B5 E3 .)....@8 .R.. H.. [060] A3 FA C2 60 22 BB C0 FC 96 3C E4 14 C5 0F C9 22 ...`"... .<....." [070] 0B EE 99 7E E0 A6 AF 57 2F 20 C2 25 C3 F9 6E 6B ...~...W / .%..nk [080] 27 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 'D...... .w.z.... [090] 00 9F 27 36 97 C2 1D AC CC 33 41 8F D0 91 84 46 ..'6.... .3A....F [0A0] 19 BC F3 FE 08 7A 04 1E 3C .....z.. < [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a8 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000068 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000080 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0080 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0081 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0082 auth_pad_len : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0083 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0084 auth_context_id: 00000001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000088 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0088 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0090 seq_num: 9f 27 36 97 c2 1d ac cc [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0098 packet_digest: 33 41 8f d0 91 84 46 19 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 00a0 confounder: bc f3 fe 08 7a 04 1e 3c [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=23 data_len=104 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=23 data_len=104 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 168, data_len 104, ss_len 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 168 at offset 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 208 bytes. samr_LookupRids: struct samr_LookupRids out: struct samr_LookupRids names : * names: struct lsa_Strings count : 0x00000002 (2) names : * names: ARRAY(2) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'Jacques' names: struct lsa_String length : 0x000c (12) size : 0x000c (12) string : * string : 'nobody' types : * types: struct samr_Ids count : 0x00000002 (2) ids : * ids: ARRAY(2) ids : 0x00000001 (1) ids : 0x00000001 (1) result : NT_STATUS_OK [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:refresh_sequence_number(492) refresh_sequence_number: EVENTLAB time ok [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(673) looked up 2 names [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\jacques [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(690) buf_len + 17 = 17 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\nobody [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(690) buf_len + 16 = 33 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\jacques [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(693) appending EVENTLAB\jacques at ndx 0 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(681) processing name EVENTLAB\nobody [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(693) appending EVENTLAB\nobody at ndx 17 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(724) num_mem = 2, len = 33, mem = EVENTLAB\jacques,EVENTLAB\nobody [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(731) fill_grent_mem returning 1 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:winbindd_getgrent(1437) list_len = 35, mem_len = 33 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:winbindd_getgrent(1457) adding group num_entries = 1 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:winbindd_getgrent(1315) entry_index = 2, num_entries = 6 [2009/03/15 12:29:24, 10] winbindd/idmap_util.c:idmap_sid_to_gid(216) idmap_sid_to_gid: sid = [S-1-5-21-3995423019-981377938-2130697332-513], domain = 'EVENTLAB' [2009/03/15 12:29:24, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-21-3995423019-981377938-2130697332-513, value = 20002, timeout = Sun Mar 22 12:21:27 2009 [2009/03/15 12:29:24, 10] winbindd/idmap_util.c:idmap_sid_to_gid(220) idmap_cache_find_sid2gid found 20002 [2009/03/15 12:29:24, 10] winbindd/idmap_util.c:idmap_sid_to_gid(229) Returning positive cache entry [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:winbindd_getgrent(1385) got gid 20002 for group 513 [2009/03/15 12:29:24, 10] winbindd/winbindd_group.c:fill_grent_mem(547) group SID S-1-5-21-3995423019-981377938-2130697332-513 [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:refresh_sequence_number(492) refresh_sequence_number: EVENTLAB time ok [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:refresh_sequence_number(537) refresh_sequence_number: EVENTLAB seq number is now 1237116563 [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:lookup_groupmem(2209) lookup_groupmem: [Cached] - doing backend query for info for domain EVENTLAB [2009/03/15 12:29:24, 10] winbindd/winbindd_rpc.c:lookup_groupmem(756) rpc: lookup_groupmem EVENTLAB sid=S-1-5-21-3995423019-981377938-2130697332-513 [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4113) wcache_tdc_fetch_domain: Searching for domain EVENTLAB [2009/03/15 12:29:24, 10] winbindd/winbindd_cache.c:wcache_tdc_fetch_domain(4128) wcache_tdc_fetch_domain: Found domain EVENTLAB samr_OpenGroup: struct samr_OpenGroup in: struct samr_OpenGroup domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 access_mask : 0x02000000 (33554432) 0: SAMR_GROUP_ACCESS_LOOKUP_INFO 0: SAMR_GROUP_ACCESS_SET_INFO 0: SAMR_GROUP_ACCESS_ADD_MEMBER 0: SAMR_GROUP_ACCESS_REMOVE_MEMBER 0: SAMR_GROUP_ACCESS_GET_MEMBERS rid : 0x00000201 (513) [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000021 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0013 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=24 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=24 data_len=32 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 seq_num: e1 5d 95 65 d9 6a fa 0f [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 packet_digest: 93 ab aa 41 8d 2e 91 a8 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 confounder: 40 ea cb 41 e2 1f e3 ea [2009/03/15 12:29:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=40 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=111 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 20 00 21 00 00 00 1C .......` . .!.... [020] 00 00 00 00 00 13 00 46 5D 8B 39 D7 CC 80 17 66 .......F ].9....f [030] 7E 8E FB 3C 71 FC FC 28 F1 18 0B 87 55 4B D3 68 ~..P.G [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 192 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=41 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 136 (0x88) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=137 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 88 00 20 00 22 00 00 ........ ... .".. [010] 00 44 00 00 00 00 00 00 00 BB 9A BA 0A 90 FD 4B .D...... .......K [020] AA 20 AD 01 C8 0C DC 40 A7 85 92 7C D8 1A 76 D2 . .....@ ...|..v. [030] 1D 78 F6 D2 37 53 12 71 DA EF 68 CF E5 7E 07 BB .x..7S.q ..h..~.. [040] 3C 7C 8F 73 D2 63 39 FA 39 82 1A 7F CA F9 14 0D <|.s.c9. 9....... [050] ED D7 6A F5 17 5E E3 78 D3 44 E0 5D BF 29 43 F9 ..j..^.x .D.].)C. [060] E8 44 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [070] 00 E9 8C 1C 80 53 90 F0 0E 67 7F A9 E2 5E D9 12 .....S.. .g...^.. [080] 83 1C 03 A5 57 64 7D 68 1E ....Wd}h . [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=41 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 136 (0x88) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=137 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 88 00 20 00 22 00 00 ........ ... .".. [010] 00 44 00 00 00 00 00 00 00 BB 9A BA 0A 90 FD 4B .D...... .......K [020] AA 20 AD 01 C8 0C DC 40 A7 85 92 7C D8 1A 76 D2 . .....@ ...|..v. [030] 1D 78 F6 D2 37 53 12 71 DA EF 68 CF E5 7E 07 BB .x..7S.q ..h..~.. [040] 3C 7C 8F 73 D2 63 39 FA 39 82 1A 7F CA F9 14 0D <|.s.c9. 9....... [050] ED D7 6A F5 17 5E E3 78 D3 44 E0 5D BF 29 43 F9 ..j..^.x .D.].)C. [060] E8 44 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [070] 00 E9 8C 1C 80 53 90 F0 0E 67 7F A9 E2 5E D9 12 .....S.. .g...^.. [080] 83 1C 03 A5 57 64 7D 68 1E ....Wd}h . [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0088 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000022 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000044 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000060 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0060 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0061 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0062 auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0063 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0064 auth_context_id: 00000001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000068 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0070 seq_num: e9 8c 1c 80 53 90 f0 0e [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0078 packet_digest: 67 7f a9 e2 5e d9 12 83 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0080 confounder: 1c 03 a5 57 64 7d 68 1e [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=27 data_len=72 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=27 data_len=72 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 136, data_len 68, ss_len 4 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 136 at offset 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 136 bytes. samr_QueryGroupMember: struct samr_QueryGroupMember out: struct samr_QueryGroupMember rids : * rids : * rids: struct samr_RidTypeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids : 0x000001f4 (500) rids : 0x00000bbc (3004) rids : 0x000003ec (1004) rids : 0x000003ef (1007) rids : 0x000003eb (1003) types : * types: ARRAY(5) types : 0x00000001 (1) types : 0x00000001 (1) types : 0x00000001 (1) types : 0x00000001 (1) types : 0x00000001 (1) result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-bc49-94e62e030000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000023 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=28 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=28 data_len=24 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 98 e6 7e f1 a9 f5 69 74 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: 86 fb ab a8 00 a6 1b 3c [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: 25 59 89 d1 08 30 fa 1b [2009/03/15 12:29:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=42 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=103 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 20 00 23 00 00 00 14 .......X . .#.... [020] 00 00 00 00 00 01 00 FB B2 6F 6B C6 DF ED C9 14 ........ .ok..... [030] AC 55 BA 51 F8 3F 45 F1 83 81 54 69 36 6F 66 44 .U.Q.?E. ..Ti6ofD [040] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 98 .......w .z...... [050] E6 7E F1 A9 F5 69 74 86 FB AB A8 00 A6 1B 3C 25 .~...it. ......<% [060] 59 89 D1 08 30 FA 1B Y...0.. [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,174) [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,174) wrote 174 [2009/03/15 12:29:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 144 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=42 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 23 00 00 ........ .X. .#.. [010] 00 18 00 00 00 00 00 00 00 11 17 D1 85 E4 99 64 ........ .......d [020] D6 26 59 5F FE C2 7F 1E 09 53 9A F0 E0 C1 DF EA .&Y_.... .S...... [030] 84 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 7A FA 5A 20 AF 6F C4 94 FD D7 B4 BA CA 9E 0E .z.Z .o. ........ [050] C6 E9 03 74 48 A9 E7 BC B4 ...tH... . [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=42 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 58 00 20 00 23 00 00 ........ .X. .#.. [010] 00 18 00 00 00 00 00 00 00 11 17 D1 85 E4 99 64 ........ .......d [020] D6 26 59 5F FE C2 7F 1E 09 53 9A F0 E0 C1 DF EA .&Y_.... .S...... [030] 84 44 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [040] 00 7A FA 5A 20 AF 6F C4 94 FD D7 B4 BA CA 9E 0E .z.Z .o. ........ [050] C6 E9 03 74 48 A9 E7 BC B4 ...tH... . [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000023 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0040 seq_num: 7a fa 5a 20 af 6f c4 94 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0048 packet_digest: fd d7 b4 ba ca 9e 0e c6 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0050 confounder: e9 03 74 48 a9 e7 bc b4 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=29 data_len=24 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=29 data_len=24 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 88, data_len 24, ss_len 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 88 at offset 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 48 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_LookupRids: struct samr_LookupRids in: struct samr_LookupRids domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-bc49-93e62e030000 num_rids : 0x00000005 (5) rids: ARRAY(5) rids : 0x000001f4 (500) rids : 0x00000bbc (3004) rids : 0x000003ec (1004) rids : 0x000003ef (1007) rids : 0x000003eb (1003) [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000024 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000038 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0012 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0050 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0051 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0052 auth_pad_len : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0053 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 auth_context_id: 00000001 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1515) add_schannel_auth_footer: SCHANNEL seq_num=30 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=30 data_len=56 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000058 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 seq_num: d2 11 f6 5f 57 72 f6 4f [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 packet_digest: d8 a5 35 ad 52 12 f2 cc [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0070 confounder: b9 91 77 f9 67 80 db 6f [2009/03/15 12:29:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=43 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30148 (0x75C4) smb_bcc=135 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 20 00 24 00 00 00 38 .......x . .$...8 [020] 00 00 00 00 00 12 00 65 DC 34 4E 53 FF 74 BE 43 .......e .4NS.t.C [030] F2 F9 82 BF 7F B6 42 90 92 35 FD 9A 36 2A 95 C9 ......B. .5..6*.. [040] 5E 60 65 1A B2 D9 19 2F 5D BC D3 96 DB 82 50 90 ^`e..../ ].....P. [050] BA 14 97 77 36 43 38 4A 6A 04 54 1A 7F 97 65 44 ...w6C8J j.T...eD [060] 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 00 D2 .......w .z...... [070] 11 F6 5F 57 72 F6 4F D8 A5 35 AD 52 12 F2 CC B9 .._Wr.O. .5.R.... [080] 91 77 F9 67 80 DB 6F .w.g..o [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,206) [2009/03/15 12:29:24, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,206) wrote 206 [2009/03/15 12:29:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 320 [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=320 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=43 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 264 (0x108) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=265 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 08 01 20 00 24 00 00 ........ ... .$.. [010] 00 C4 00 00 00 00 00 00 00 47 D5 0C A6 EB 1E 69 ........ .G.....i [020] 58 E9 E3 E3 1F D0 74 38 9A 7E CD F6 08 46 73 A4 X.....t8 .~...Fs. [030] 71 9E 77 1E A4 0A EE 88 F9 EC FC 53 82 E8 5A E1 q.w..... ...S..Z. [040] 56 7F 49 76 B0 E4 FB 6E EE F1 86 F1 74 13 A0 58 V.Iv...n ....t..X [050] FC FE 5C EF AE 06 9F 03 0B 1C 66 C9 54 8B 34 47 ..\..... ..f.T.4G [060] CA DA B7 84 87 DD 6C 84 48 D9 2D BD 89 B2 5D 63 ......l. H.-...]c [070] 96 44 91 C2 E0 EF CC 7F 6B 66 30 CD 23 AA B3 4A .D...... kf0.#..J [080] D3 CD 77 43 32 94 69 BE B9 AA C1 63 87 F4 B8 A8 ..wC2.i. ...c.... [090] 23 89 2F 0A 05 A3 9D 85 DA CD 84 1D F5 6E 85 B0 #./..... .....n.. [0A0] A0 1E 20 47 77 A8 F0 D5 B4 04 98 93 34 C1 58 56 .. Gw... ....4.XV [0B0] B5 8D DB 4F D9 2B 50 32 C4 33 31 A5 04 1B 4A 79 ...O.+P2 .31...Jy [0C0] FB 7C D4 17 B9 01 ED B2 D4 DD CC F3 75 D3 DF 45 .|...... ....u..E [0D0] 3C 0C 04 BB 73 59 4F 0F 39 7C 2E FD C8 1D 12 2D <...sYO. 9|.....- [0E0] BF 44 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [0F0] 00 1B 3A EA 23 8F 95 18 63 FA C2 0C C5 96 DF CA ..:.#... c....... [100] 70 19 B4 DE 84 4A 8D 1B 1F p....J.. . [2009/03/15 12:29:24, 5] lib/util.c:show_msg(645) [2009/03/15 12:29:24, 5] lib/util.c:show_msg(655) size=320 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=1 smb_pid=4790 smb_uid=100 smb_mid=43 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 264 (0x108) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=265 [2009/03/15 12:29:24, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 08 01 20 00 24 00 00 ........ ... .$.. [010] 00 C4 00 00 00 00 00 00 00 47 D5 0C A6 EB 1E 69 ........ .G.....i [020] 58 E9 E3 E3 1F D0 74 38 9A 7E CD F6 08 46 73 A4 X.....t8 .~...Fs. [030] 71 9E 77 1E A4 0A EE 88 F9 EC FC 53 82 E8 5A E1 q.w..... ...S..Z. [040] 56 7F 49 76 B0 E4 FB 6E EE F1 86 F1 74 13 A0 58 V.Iv...n ....t..X [050] FC FE 5C EF AE 06 9F 03 0B 1C 66 C9 54 8B 34 47 ..\..... ..f.T.4G [060] CA DA B7 84 87 DD 6C 84 48 D9 2D BD 89 B2 5D 63 ......l. H.-...]c [070] 96 44 91 C2 E0 EF CC 7F 6B 66 30 CD 23 AA B3 4A .D...... kf0.#..J [080] D3 CD 77 43 32 94 69 BE B9 AA C1 63 87 F4 B8 A8 ..wC2.i. ...c.... [090] 23 89 2F 0A 05 A3 9D 85 DA CD 84 1D F5 6E 85 B0 #./..... .....n.. [0A0] A0 1E 20 47 77 A8 F0 D5 B4 04 98 93 34 C1 58 56 .. Gw... ....4.XV [0B0] B5 8D DB 4F D9 2B 50 32 C4 33 31 A5 04 1B 4A 79 ...O.+P2 .31...Jy [0C0] FB 7C D4 17 B9 01 ED B2 D4 DD CC F3 75 D3 DF 45 .|...... ....u..E [0D0] 3C 0C 04 BB 73 59 4F 0F 39 7C 2E FD C8 1D 12 2D <...sYO. 9|.....- [0E0] BF 44 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 .D...... .w.z.... [0F0] 00 1B 3A EA 23 8F 95 18 63 FA C2 0C C5 96 DF CA ..:.#... c....... [100] 70 19 B4 DE 84 4A 8D 1B 1F p....J.. . [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0108 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000024 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 000000c4 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 0000e0 smb_io_rpc_hdr_auth hdr_auth [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00e0 auth_type : 44 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00e1 auth_level : 06 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00e2 auth_pad_len : 04 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00e3 auth_reserved: 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint32(718) 00e4 auth_context_id: 00000001 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_debug(88) 0000e8 smb_io_rpc_auth_schannel_chk [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 00e8 sig : 77 00 7a 00 ff ff 00 00 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 00f0 seq_num: 1b 3a ea 23 8f 95 18 63 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 00f8 packet_digest: fa c2 0c c5 96 df ca 70 [2009/03/15 12:29:24, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0100 confounder: 19 b4 de 84 4a 8d 1b 1f [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=31 data_len=200 [2009/03/15 12:29:24, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=31 data_len=200 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 264, data_len 196, ss_len 4 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 264 at offset 0 [2009/03/15 12:29:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host TLS-SRV-01, pipe \samr, fnum 0x75c4 returned 392 bytes. samr_LookupRids: struct samr_LookupRids out: struct samr_LookupRids names : * names: struct lsa_Strings count : 0x00000005 (5) names : * names: ARRAY(5) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'ntadmin' names: struct lsa_String length : 0x0010 (16) size : 0x0010 (16) string : * string : 'Francois' names: struct lsa_String length : 0x000c (12) size : 0x000c (12) string : * string : 'Thomas' names: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL names: struct lsa_String length : 0x0010 (16) size : 0x0010 (16) string : * string : 'Delphine' types : * types: struct samr_Ids count : 0x00000005 (5) ids : * ids: ARRAY(5) ids : 0x00000001 (1) ids : 0x00000001 (1) ids : 0x00000001 (1) ids : 0x00000008 (8) ids : 0x00000001 (1) result : STATUS_SOME_UNMAPPED [2009/03/15 12:29:24, 0] lib/fault.c:fault_report(40) =============================================================== [2009/03/15 12:29:24, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 4790 (3.3.0) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/03/15 12:29:24, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/03/15 12:29:24, 0] lib/fault.c:fault_report(44) =============================================================== [2009/03/15 12:29:24, 0] lib/util.c:smb_panic(1673) PANIC (pid 4790): internal error [2009/03/15 12:29:24, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 18 stack frames: #0 /usr/local/samba/sbin/winbindd(log_stack_trace+0x1a) [0x7f35cdde92a7] #1 /usr/local/samba/sbin/winbindd(smb_panic+0x5b) [0x7f35cdde93b7] #2 /usr/local/samba/sbin/winbindd [0x7f35cddd6414] #3 /lib/libc.so.6 [0x7f35cc6d8f60] #4 /usr/local/samba/sbin/winbindd(strlower_m+0xd) [0x7f35cdddfdca] #5 /usr/local/samba/sbin/winbindd(fill_domain_username_talloc+0x33) [0x7f35cdd4ad78] #6 /usr/local/samba/sbin/winbindd [0x7f35cdd69088] #7 /usr/local/samba/sbin/winbindd [0x7f35cdd6b471] #8 /usr/local/samba/sbin/winbindd [0x7f35cdd5442a] #9 /usr/local/samba/sbin/winbindd [0x7f35cdd466d6] #10 /usr/local/samba/sbin/winbindd [0x7f35cdd47a39] #11 /usr/local/samba/sbin/winbindd(winbindd_getgrent+0x799) [0x7f35cdd49255] #12 /usr/local/samba/sbin/winbindd [0x7f35cdd41395] #13 /usr/local/samba/sbin/winbindd [0x7f35cdd4148a] #14 /usr/local/samba/sbin/winbindd [0x7f35cdd41ce8] #15 /usr/local/samba/sbin/winbindd(main+0xd9e) [0x7f35cdd42b84] #16 /lib/libc.so.6(__libc_start_main+0xe6) [0x7f35cc6c51a6] #17 /usr/local/samba/sbin/winbindd [0x7f35cdd4077a] [2009/03/15 12:29:24, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/winbindd