The Samba-Bugzilla – Attachment 4209 Details for
Bug 6364
Problems joining SLES10 machine running 3.3.4 to join a 2008 domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
New net ads join output - debug 10
netadsjoin.vim (text/plain), 130.31 KB, created by
Alex Green
on 2009-05-27 04:37:29 UTC
(
hide
)
Description:
New net ads join output - debug 10
Filename:
MIME Type:
Creator:
Alex Green
Created:
2009-05-27 04:37:29 UTC
Size:
130.31 KB
patch
obsolete
>[2009/05/27 10:19:30, 5] lib/debug.c:debug_dump_status(407) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > registry: False/0 >[2009/05/27 10:19:30, 3] param/loadparm.c:lp_load_ex(8794) > lp_load_ex: refreshing parameters >[2009/05/27 10:19:30, 3] param/loadparm.c:init_globals(4629) > Initialising global parameters >[2009/05/27 10:19:30, 3] param/params.c:pm_process(569) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2009/05/27 10:19:30, 3] param/loadparm.c:do_section(7457) > Processing section "[global]" > doing parameter server string = HOST-SMB SuSE Samba Server > doing parameter security = ADS > doing parameter realm = DOM.REALM.CO.COM > doing parameter netbios name = HOST-SMB >[2009/05/27 10:19:30, 4] param/loadparm.c:handle_netbios_name(6810) > handle_netbios_name: set global_myname to: HOST-SMB > doing parameter workgroup = DOM > doing parameter use kerberos keytab = No > doing parameter password server = DOM.REALM.CO.COM > doing parameter encrypt passwords = Yes > doing parameter dns proxy = No > doing parameter client use spnego = Yes > doing parameter client ntlmv2 auth = Yes > doing parameter client lanman auth = No > doing parameter client plaintext auth = No > doing parameter use spnego = Yes > doing parameter lanman auth = No > doing parameter ntlm auth = No > doing parameter disable netbios = Yes > doing parameter client schannel = Auto > doing parameter server schannel = Auto > doing parameter client signing = Auto > doing parameter server signing = Auto > doing parameter winbind enum users = No > doing parameter winbind enum groups = No > doing parameter deadtime = 5 > doing parameter hostname lookups = Yes > doing parameter hosts allow = localhost, 10. > doing parameter hosts deny = ALL > doing parameter interfaces = localhost, host-smb.uk.db.com > doing parameter bind interfaces only = Yes > doing parameter log level = 3 > doing parameter log file = /var/log/samba/log.%M > doing parameter max log size = 128 > doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY > doing parameter nis homedir = No > doing parameter hide dot files = Yes > doing parameter include = /opt/DBsamba/etc/smb.conf.standard >[2009/05/27 10:19:30, 3] param/params.c:pm_process(569) > params.c:pm_process() - Processing configuration file "/opt/DBsamba/etc/smb.conf.standard" > doing parameter wide links = No > doing parameter local master = No > doing parameter domain master = No > doing parameter preferred master = No > doing parameter os level = 0 >[2009/05/27 10:19:30, 4] param/loadparm.c:lp_load_ex(8838) > pm_process() returned Yes >[2009/05/27 10:19:30, 7] param/loadparm.c:lp_servicenumber(9043) > lp_servicenumber: couldn't find homes >[2009/05/27 10:19:30, 10] param/loadparm.c:set_server_role(8016) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2LE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2LE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16LE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16LE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2BE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2BE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16BE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16BE >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF8 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF8 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-8 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-8 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ASCII >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset ASCII >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset 646 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset 646 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ISO-8859-1 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset ISO-8859-1 >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS2-HEX >[2009/05/27 10:19:30, 5] lib/iconv.c:smb_register_charset(112) > Registered charset UCS2-HEX >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:30, 5] lib/util.c:init_names(269) > Netbios name list:- > my_netbios_names[0]="HOST-SMB" >[2009/05/27 10:19:30, 2] lib/interface.c:add_interface(340) > added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 >[2009/05/27 10:19:30, 2] lib/interface.c:add_interface(340) > added interface eth0 ip=IPADDRESS bcast=BCAST netmask=255.255.255.0 >[2009/05/27 10:19:33, 1] libnet/libnet_join.c:libnet_Join(1871) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'HOST-SMB' > domain_name : * > domain_name : 'DOM.REALM.CO.COM' > account_ou : 'REG/CN/OU/Services/' > admin_account : 'admuser' > admin_password : * > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) >[2009/05/27 10:19:33, 10] libsmb/dsgetdcname.c:dsgetdcname(1167) > dsgetdcname: domain_name: DOM.REALM.CO.COM, domain_guid: (null), site_name: (null), flags: 0x40001011 >[2009/05/27 10:19:33, 10] libsmb/dsgetdcname.c:debug_dsdcinfo_flags(46) > debug_dsdcinfo_flags: 0x40001011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME >[2009/05/27 10:19:33, 5] lib/gencache.c:gencache_init(61) > Opening cache file at /var/lib/samba/gencache.tdb >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 06:28:15 2106 >[2009/05/27 10:19:33, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for DOM.REALM.CO.COM: "Default-First-Site-Name" >[2009/05/27 10:19:33, 10] libsmb/dsgetdcname.c:dsgetdcname_rediscover(1080) > dsgetdcname_rediscover >[2009/05/27 10:19:33, 4] libads/dns.c:ads_dns_lookup_srv(432) > ads_dns_lookup_srv: 2 records returned in the answer section. >[2009/05/27 10:19:33, 10] libads/dns.c:ads_dns_parse_rr_srv(213) > ads_dns_parse_rr_srv: Parsed dc1.dom.realm.co.com [0, 100, 389] >[2009/05/27 10:19:33, 10] libads/dns.c:ads_dns_parse_rr_srv(213) > ads_dns_parse_rr_srv: Parsed dc2.dom.realm.co.com [0, 100, 389] >[2009/05/27 10:19:33, 10] libsmb/dsgetdcname.c:process_dc_dns(894) > LDAP ping to dc1.dom.realm.co.com > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000011fd (4605) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 7edaa194-dc63-4f64-989e-10fbaa0a1c76 > forest : 'realm.co.com' > dns_domain : 'dom.realm.co.com' > pdc_dns_name : 'dc1.dom.realm.co.com' > domain : 'DOM' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_set_data_blob(374) > Adding cache entry with key = DSGETDCNAME/DOMAIN/DOM; blob size = 155 and timeout = Wed May 27 10:34:33 2009 > (900 seconds ahead) >[2009/05/27 10:19:33, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [DOM], sitename = [Default-First-Site-Name], expire = [4294967295] >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/DOM; value = Default-First-Site-Name and timeout = (null) (-1243415974 seconds ahead) >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_set_data_blob(374) > Adding cache entry with key = DSGETDCNAME/DOMAIN/DOM.REALM.CO.COM; blob size = 155 and timeout = Wed May 27 10:34:33 2009 > (900 seconds ahead) >[2009/05/27 10:19:33, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [dom.realm.co.com], sitename = [Default-First-Site-Name], expire = [4294967295] >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM; value = Default-First-Site-Name and timeout = (null) (-1243415974 seconds ahead) >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_start_connection(1649) > Connecting to host=dc1.dom.realm.co.com >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_get(208) > Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 06:28:15 2106 >[2009/05/27 10:19:33, 5] libads/dns.c:sitename_fetch(817) > sitename_fetch: Returning sitename for DOM.REALM.CO.COM: "Default-First-Site-Name" >[2009/05/27 10:19:33, 10] libsmb/namequery.c:internal_resolve_name(1505) > internal_resolve_name: looking up dc1.dom.realm.co.com#20 (sitename Default-First-Site-Name) >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_get(208) > Returning expired cache entry: key = NBT/DC1.DOM.REALM.CO.COM#20, value = 1.1.1.1:0, timeout = Wed May 27 10:13:46 2009 >[2009/05/27 10:19:33, 5] libsmb/namecache.c:namecache_fetch(229) > no entry for dc1.dom.realm.co.com#20 found. >[2009/05/27 10:19:33, 3] libsmb/namequery.c:resolve_lmhosts(1224) > resolve_lmhosts: Attempting lmhosts lookup for name dc1.dom.realm.co.com<0x20> >[2009/05/27 10:19:33, 4] libsmb/namequery.c:getlmhostsent(908) > getlmhostsent: lmhost entry: 127.0.0.1 localhost >[2009/05/27 10:19:33, 5] libsmb/namequery.c:resolve_wins(1080) > resolve_wins(dc1.dom.realm.co.com#20): netbios is disabled >[2009/05/27 10:19:33, 3] libsmb/namequery.c:resolve_hosts(1306) > resolve_hosts: Attempting host lookup for name dc1.dom.realm.co.com<0x20> >[2009/05/27 10:19:33, 10] libsmb/namequery.c:remove_duplicate_addrs2(582) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2009/05/27 10:19:33, 5] libsmb/namecache.c:namecache_store(143) > namecache_store: storing 1 address for dc1.dom.realm.co.com#20: 1.1.1.1 >[2009/05/27 10:19:33, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = NBT/DC1.DOM.REALM.CO.COM#20; value = 1.1.1.1:0 and timeout = Wed May 27 10:30:33 2009 > (660 seconds ahead) >[2009/05/27 10:19:33, 10] libsmb/namequery.c:internal_resolve_name(1652) > internal_resolve_name: returning 1 addresses: 1.1.1.1:0 >[2009/05/27 10:19:33, 3] lib/util_sock.c:open_socket_out(1400) > Connecting to 1.1.1.1 at port 445 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_KEEPALIVE = 0 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_REUSEADDR = 0 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_BROADCAST = 0 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_NODELAY = 1 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPCNT = 9 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPIDLE = 7200 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option TCP_KEEPINTVL = 75 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_LOWDELAY = 16 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option IPTOS_THROUGHPUT = 16 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDBUF = 16384 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVBUF = 87380 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDLOWAT = 1 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVLOWAT = 1 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_SNDTIMEO = 0 >[2009/05/27 10:19:33, 5] lib/util_sock.c:print_socket_options(781) > socket option SO_RCVTIMEO = 0 >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'UTF-8' for LOCALE >[2009/05/27 10:19:33, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,194) >[2009/05/27 10:19:33, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,194) wrote 194 >[2009/05/27 10:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 193 >[2009/05/27 10:19:33, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:33, 5] lib/util.c:show_msg(655) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6165 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=51584 (0xC980) > smb_vwv[12]=29960 (0x7508) > smb_vwv[13]=44125 (0xAC5D) > smb_vwv[14]=51678 (0xC9DE) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2009/05/27 10:19:33, 10] lib/util.c:dump_data(2233) > [000] F0 84 18 33 3D 77 DF 47 AB 2D 04 E4 A0 55 69 D4 ...3=w.G .-...Ui. > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2009/05/27 10:19:33, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:33, 5] lib/util.c:show_msg(655) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6165 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=51584 (0xC980) > smb_vwv[12]=29960 (0x7508) > smb_vwv[13]=44125 (0xAC5D) > smb_vwv[14]=51678 (0xC9DE) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2009/05/27 10:19:33, 10] lib/util.c:dump_data(2233) > [000] F0 84 18 33 3D 77 DF 47 AB 2D 04 E4 A0 55 69 D4 ...3=w.G .-...Ui. > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) > Doing spnego session setup (blob length=124) >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 2 840 48018 1 2 2 >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 2 840 113554 1 2 2 >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 2 840 113554 1 2 2 3 >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) > got OID=1 3 6 1 4 1 311 2 2 10 >[2009/05/27 10:19:33, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) > got principal=not_defined_in_RFC4178@please_ignore >[2009/05/27 10:19:33, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,166) >[2009/05/27 10:19:33, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,166) wrote 166 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 588 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=588 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6165 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 588 (0x24C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 293 (0x125) > smb_bcc=545 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] A1 82 01 21 30 82 01 1D A0 03 0A 01 01 A1 0C 06 ...!0... ........ > [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 06 04 .+.....7 ........ > [020] 82 01 02 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A ...NTLMS SP...... > [030] 00 0A 00 38 00 00 00 15 82 89 62 AF 8C 6F 6E 21 ...8.... ..b..on! > [040] 75 56 84 00 00 00 00 00 00 00 00 C0 00 C0 00 42 uV...... .......B > [050] 00 00 00 06 00 71 17 00 00 00 0F 5A 00 57 00 44 .....q.. ...Z.W.D > [060] 00 42 00 47 00 02 00 0A 00 5A 00 57 00 44 00 42 .B.G.... .Z.W.D.B > [070] 00 47 00 01 00 18 00 45 00 53 00 42 00 41 00 44 .G.....E .S.B.A.D > [080] 00 45 00 4E 00 47 00 57 00 56 00 4D 00 32 00 04 .E.N.G.W .V.M.2.. > [090] 00 24 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A .$.z.w.d .b.g...z > [0A0] 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E .w.a.d.s ...d.b.. > [0B0] 00 63 00 6F 00 6D 00 03 00 3E 00 65 00 73 00 62 .c.o.m.. .>.e.s.b > [0C0] 00 61 00 64 00 65 00 6E 00 67 00 77 00 76 00 6D .a.d.e.n .g.w.v.m > [0D0] 00 32 00 2E 00 7A 00 77 00 64 00 62 00 67 00 2E .2...z.w .d.b.g.. > [0E0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b > [0F0] 00 2E 00 63 00 6F 00 6D 00 05 00 18 00 7A 00 77 ...c.o.m .....z.w > [100] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c > [110] 00 6F 00 6D 00 07 00 08 00 55 CD 79 5D AC DE C9 .o.m.... .U.y]... > [120] 01 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .....W.i .n.d.o.w > [130] 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 .s. .S.e .r.v.e.r > [140] 00 20 00 28 00 52 00 29 00 20 00 32 00 30 00 30 . .(.R.) . .2.0.0 > [150] 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 .8. .E.n .t.e.r.p > [160] 00 72 00 69 00 73 00 65 00 20 00 77 00 69 00 74 .r.i.s.e . .w.i.t > [170] 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 00 70 .h.o.u.t . .H.y.p > [180] 00 65 00 72 00 2D 00 56 00 20 00 36 00 30 00 30 .e.r.-.V . .6.0.0 > [190] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c > [1A0] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 > [1B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s > [1C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. > [1D0] 00 28 00 52 00 29 00 20 00 32 00 30 00 30 00 38 .(.R.). .2.0.0.8 > [1E0] 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 . .E.n.t .e.r.p.r > [1F0] 00 69 00 73 00 65 00 20 00 77 00 69 00 74 00 68 .i.s.e. .w.i.t.h >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=588 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6165 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 588 (0x24C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 293 (0x125) > smb_bcc=545 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] A1 82 01 21 30 82 01 1D A0 03 0A 01 01 A1 0C 06 ...!0... ........ > [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 06 04 .+.....7 ........ > [020] 82 01 02 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A ...NTLMS SP...... > [030] 00 0A 00 38 00 00 00 15 82 89 62 AF 8C 6F 6E 21 ...8.... ..b..on! > [040] 75 56 84 00 00 00 00 00 00 00 00 C0 00 C0 00 42 uV...... .......B > [050] 00 00 00 06 00 71 17 00 00 00 0F 5A 00 57 00 44 .....q.. ...Z.W.D > [060] 00 42 00 47 00 02 00 0A 00 5A 00 57 00 44 00 42 .B.G.... .Z.W.D.B > [070] 00 47 00 01 00 18 00 45 00 53 00 42 00 41 00 44 .G.....E .S.B.A.D > [080] 00 45 00 4E 00 47 00 57 00 56 00 4D 00 32 00 04 .E.N.G.W .V.M.2.. > [090] 00 24 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A .$.z.w.d .b.g...z > [0A0] 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E .w.a.d.s ...d.b.. > [0B0] 00 63 00 6F 00 6D 00 03 00 3E 00 65 00 73 00 62 .c.o.m.. .>.e.s.b > [0C0] 00 61 00 64 00 65 00 6E 00 67 00 77 00 76 00 6D .a.d.e.n .g.w.v.m > [0D0] 00 32 00 2E 00 7A 00 77 00 64 00 62 00 67 00 2E .2...z.w .d.b.g.. > [0E0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b > [0F0] 00 2E 00 63 00 6F 00 6D 00 05 00 18 00 7A 00 77 ...c.o.m .....z.w > [100] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c > [110] 00 6F 00 6D 00 07 00 08 00 55 CD 79 5D AC DE C9 .o.m.... .U.y]... > [120] 01 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .....W.i .n.d.o.w > [130] 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 .s. .S.e .r.v.e.r > [140] 00 20 00 28 00 52 00 29 00 20 00 32 00 30 00 30 . .(.R.) . .2.0.0 > [150] 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 .8. .E.n .t.e.r.p > [160] 00 72 00 69 00 73 00 65 00 20 00 77 00 69 00 74 .r.i.s.e . .w.i.t > [170] 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 00 70 .h.o.u.t . .H.y.p > [180] 00 65 00 72 00 2D 00 56 00 20 00 36 00 30 00 30 .e.r.-.V . .6.0.0 > [190] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c > [1A0] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 > [1B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s > [1C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. > [1D0] 00 28 00 52 00 29 00 20 00 32 00 30 00 30 00 38 .(.R.). .2.0.0.8 > [1E0] 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 . .E.n.t .e.r.p.r > [1F0] 00 69 00 73 00 65 00 20 00 77 00 69 00 74 00 68 .i.s.e. .w.i.t.h >[2009/05/27 10:19:34, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) > Got challenge flags: >[2009/05/27 10:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/05/27 10:19:34, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) > NTLMSSP: Set final flags: >[2009/05/27 10:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/05/27 10:19:34, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2009/05/27 10:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,478) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,478) wrote 478 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 304 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=304 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6165 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 304 (0x130) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=261 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e > [040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 77 .r.p.r.i .s.e. .w > [050] 00 69 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 .i.t.h.o .u.t. .H > [060] 00 79 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 .y.p.e.r .-.V. .6 > [070] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v > [080] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k > [090] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o > [0A0] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e > [0B0] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 > [0C0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r > [0D0] 00 70 00 72 00 69 00 73 00 65 00 20 00 77 00 69 .p.r.i.s .e. .w.i > [0E0] 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 .t.h.o.u .t. .H.y > [0F0] 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 00 2E .p.e.r.- .V. .6.. > [100] 00 30 00 00 00 .0... >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=304 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6165 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 304 (0x130) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=261 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e > [040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 77 .r.p.r.i .s.e. .w > [050] 00 69 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 .i.t.h.o .u.t. .H > [060] 00 79 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 .y.p.e.r .-.V. .6 > [070] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v > [080] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k > [090] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o > [0A0] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e > [0B0] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 > [0C0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r > [0D0] 00 70 00 72 00 69 00 73 00 65 00 20 00 77 00 69 .p.r.i.s .e. .w.i > [0E0] 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 .t.h.o.u .t. .H.y > [0F0] 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 00 2E .p.e.r.- .V. .6.. > [100] 00 30 00 00 00 .0... >[2009/05/27 10:19:34, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) > SMB signing enabled! >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) > cli_simple_set_signing: user_session_key >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 3A B2 7B 08 7A C2 73 97 66 51 2B F5 DC C4 97 B6 :.{.z.s. fQ+..... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) > cli_simple_set_signing: NULL response_data >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 0 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 8F D1 A0 39 A3 6D CC 1B ...9.m.. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 1 mid = 3 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 1 mid = 3 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 1 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 1: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 51 8C 13 5A 83 EA 5E 53 Q..Z..^S >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 2 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] E7 2A EE 70 51 58 21 B9 .*.pQX!. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 3 mid = 4 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,130) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,130) wrote 130 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 56 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 31 (0x1F) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 49 50 43 00 00 00 00 IPC.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 3 mid = 4 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 3 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 3: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 5C 98 3B F0 FD A4 69 CD \.;...i. >[2009/05/27 10:19:34, 10] libsmb/clientgen.c:cli_init_creds(415) > cli_init_creds: user admuser domain >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 4 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 90 08 73 2F 30 BF 47 AD ..s/0.G. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 5 mid = 5 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,104) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,104) wrote 104 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2304 (0x900) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 5 mid = 5 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 5 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 5: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 3E 15 C4 6E 50 D5 9C D6 >..nP... >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) > Bind RPC Pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 auth_type 0, auth_level 0 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/05/27 10:19:34, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/05/27 10:19:34, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=87 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 6 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 7F A7 C4 DE 06 0A 53 50 ......SP >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 7 mid = 6 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,158) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,158) wrote 158 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 124 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 DF C2 01 00 0C 00 5C 70 69 70 65 ........ ...\pipe > [020] 5C 6C 73 61 73 73 00 88 8A 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 6 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 7 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 7: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] C0 34 45 B9 62 73 41 F8 .4E.bsA. >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 DF C2 01 00 0C 00 5C 70 69 70 65 ........ ...\pipe > [020] 5C 6C 73 61 73 73 00 88 8A 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 6 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 returned 68 bytes. >[2009/05/27 10:19:34, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) > rpc_pipe_bind: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 bind request returned ok. >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 0001c2df >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/05/27 10:19:34, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:check_bind_response(1845) > check_bind_response: accepted! >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine dc1.dom.realm.co.com and bound anonymously. >[2009/05/27 10:19:34, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) > init_lsa_sec_qos >[2009/05/27 10:19:34, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) > init_lsa_obj_attr > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=83 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 8 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 2D 3D AF C6 02 C9 43 68 -=....Ch >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 9 mid = 7 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,154) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,154) wrote 154 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BC D2 15 ........ ........ > [020] BD 2A 60 3B 41 96 38 57 B2 67 B4 5E 94 00 00 00 .*`;A.8W .g.^.... > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 7 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 9 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 9: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] F6 CD 23 B2 72 A4 00 1B ..#.r... >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BC D2 15 ........ ........ > [020] BD 2A 60 3B 41 96 38 57 B2 67 B4 5E 94 00 00 00 .*`;A.8W .g.^.... > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 7 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 returned 48 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : bd15d2bc-602a-413b-9638-57b267b45e94 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : bd15d2bc-602a-413b-9638-57b267b45e94 > level : LSA_POLICY_INFO_DNS (12) >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 002e >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=61 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 BC D2 15 BD 2A ........ .......* > [030] 60 3B 41 96 38 57 B2 67 B4 5E 94 0C 00 `;A.8W.g .^... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 10 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] D3 2C DB 32 98 60 C6 F1 .,.2.`.. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 11 mid = 8 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,132) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,132) wrote 132 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 272 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=272 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 216 (0xD8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 216 (0xD8) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=217 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 03 00 00 ........ ........ > [010] 00 C0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ > [020] 00 0A 00 0C 00 04 00 02 00 24 00 26 00 08 00 02 ........ .$.&.... > [030] 00 18 00 1A 00 0C 00 02 00 94 A1 DA 7E 63 DC 64 ........ ....~c.d > [040] 4F 98 9E 10 FB AA 0A 1C 76 10 00 02 00 06 00 00 O....... v....... > [050] 00 00 00 00 00 05 00 00 00 5A 00 57 00 44 00 42 ........ .Z.W.D.B > [060] 00 47 00 00 00 13 00 00 00 00 00 00 00 12 00 00 .G...... ........ > [070] 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A 00 77 .z.w.d.b .g...z.w > [080] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c > [090] 00 6F 00 6D 00 0D 00 00 00 00 00 00 00 0C 00 00 .o.m.... ........ > [0A0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b > [0B0] 00 2E 00 63 00 6F 00 6D 00 04 00 00 00 01 04 00 ...c.o.m ........ > [0C0] 00 00 00 00 05 15 00 00 00 36 89 AE 48 D5 01 B6 ........ .6..H... > [0D0] 69 5E 05 C3 2F 00 00 00 00 i^../... . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 8 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 11 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 11: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 02 B3 A1 B4 D7 9E 4F E4 ......O. >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=272 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 216 (0xD8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 216 (0xD8) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=217 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 03 00 00 ........ ........ > [010] 00 C0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ > [020] 00 0A 00 0C 00 04 00 02 00 24 00 26 00 08 00 02 ........ .$.&.... > [030] 00 18 00 1A 00 0C 00 02 00 94 A1 DA 7E 63 DC 64 ........ ....~c.d > [040] 4F 98 9E 10 FB AA 0A 1C 76 10 00 02 00 06 00 00 O....... v....... > [050] 00 00 00 00 00 05 00 00 00 5A 00 57 00 44 00 42 ........ .Z.W.D.B > [060] 00 47 00 00 00 13 00 00 00 00 00 00 00 12 00 00 .G...... ........ > [070] 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A 00 77 .z.w.d.b .g...z.w > [080] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c > [090] 00 6F 00 6D 00 0D 00 00 00 00 00 00 00 0C 00 00 .o.m.... ........ > [0A0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b > [0B0] 00 2E 00 63 00 6F 00 6D 00 04 00 00 00 01 04 00 ...c.o.m ........ > [0C0] 00 00 00 00 05 15 00 00 00 36 89 AE 48 D5 01 B6 ........ .6..H... > [0D0] 69 5E 05 C3 2F 00 00 00 00 i^../... . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 00d8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 000000c0 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) > cli_pipe_validate_current_pdu: got pdu len 216, data_len 192, ss_len 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 216 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 returned 384 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x000a (10) > size : 0x000c (12) > string : * > string : 'DOM' > dns_domain: struct lsa_StringLarge > length : 0x0024 (36) > size : 0x0026 (38) > string : * > string : 'dom.realm.co.com' > dns_forest: struct lsa_StringLarge > length : 0x0018 (24) > size : 0x001a (26) > string : * > string : 'realm.co.com' > domain_guid : 7edaa194-dc63-4f64-989e-10fbaa0a1c76 > sid : * > sid : S-1-5-21-1219397942-1773535701-801310046 > result : NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : bd15d2bc-602a-413b-9638-57b267b45e94 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49161 (0xC009) > smb_bcc=59 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 BC D2 15 BD 2A ........ .......* > [030] 60 3B 41 96 38 57 B2 67 B4 5E 94 `;A.8W.g .^. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 12 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] E3 00 CC 70 D6 4F 07 85 ...p.O.. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 13 mid = 9 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,130) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,130) wrote 130 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 9 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 13 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 13: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 0C 91 5D 7A AA 5B F8 D5 ..]z.[.. >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 9 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 returned 48 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 14 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] DE EA 32 9A F9 90 2D 8A ..2...-. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 15 mid = 10 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,45) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,45) wrote 45 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 35 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 10 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 15 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 15: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] E0 17 FD AF E9 50 B1 A7 .....P.. >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) > rpc_pipe_destructor: closed host dc1.dom.realm.co.com, pipe \lsarpc, fnum 0xc009 >[2009/05/27 10:19:34, 5] libads/ldap.c:ads_try_connect(203) > ads_try_connect: sending CLDAP request to dc1.dom.realm.co.com (realm: dom.realm.co.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000011fd (4605) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 7edaa194-dc63-4f64-989e-10fbaa0a1c76 > forest : 'realm.co.com' > dns_domain : 'dom.realm.co.com' > pdc_dns_name : 'dc1.dom.realm.co.com' > domain : 'DOM' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2009/05/27 10:19:34, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [DOM], sitename = [Default-First-Site-Name], expire = [4294967295] >[2009/05/27 10:19:34, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/DOM; value = Default-First-Site-Name and timeout = (null) (-1243415975 seconds ahead) >[2009/05/27 10:19:34, 10] libads/dns.c:sitename_store(778) > sitename_store: realm = [dom.realm.co.com], sitename = [Default-First-Site-Name], expire = [4294967295] >[2009/05/27 10:19:34, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM; value = Default-First-Site-Name and timeout = (null) (-1243415975 seconds ahead) >[2009/05/27 10:19:34, 3] libads/ldap.c:ads_connect(621) > Successfully contacted LDAP server 1.1.1.1 >[2009/05/27 10:19:34, 10] libads/ldap.c:ldap_open_with_timeout(62) > Opening connection to LDAP server 'dc1.dom.realm.co.com:389', timeout 15 seconds >[2009/05/27 10:19:34, 10] libads/ldap.c:ldap_open_with_timeout(76) > Connected to LDAP server 'dc1.dom.realm.co.com:389' >[2009/05/27 10:19:34, 3] libads/ldap.c:ads_connect(675) > Connected to LDAP server dc1.dom.realm.co.com >[2009/05/27 10:19:34, 10] libads/ldap.c:ads_closest_dc(165) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2009/05/27 10:19:34, 10] libsmb/namequery.c:saf_store(86) > saf_store: domain = [DOM], server = [dc1.dom.realm.co.com], expire = [1243416874] >[2009/05/27 10:19:34, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/DOM; value = dc1.dom.realm.co.com and timeout = Wed May 27 10:34:34 2009 > (900 seconds ahead) >[2009/05/27 10:19:34, 10] libsmb/namequery.c:saf_store(86) > saf_store: domain = [dom.realm.co.com], server = [dc1.dom.realm.co.com], expire = [1243416874] >[2009/05/27 10:19:34, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/DOM.REALM.CO.COM; value = dc1.dom.realm.co.com and timeout = Wed May 27 10:34:34 2009 > (900 seconds ahead) >[2009/05/27 10:19:34, 4] libads/ldap.c:ads_current_time(2860) > time offset is 50 seconds >[2009/05/27 10:19:34, 4] libads/sasl.c:ads_sasl_bind(1112) > Found SASL mechanism GSS-SPNEGO >[2009/05/27 10:19:34, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >[2009/05/27 10:19:34, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >[2009/05/27 10:19:34, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >[2009/05/27 10:19:34, 3] libads/sasl.c:ads_sasl_spnego_bind(780) > ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >[2009/05/27 10:19:34, 3] libads/sasl.c:ads_sasl_spnego_bind(789) > ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore >[2009/05/27 10:19:34, 3] libsmb/clikrb5.c:ads_krb5_mk_req(677) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2009/05/27 10:19:34, 10] libads/sasl.c:ads_sasl_spnego_bind(810) > ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >[2009/05/27 10:19:34, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) > kerberos_kinit_password: as admuser@DOM.REALM.CO.COM using [MEMORY:net_ads] as ccache and config [(null)] >[2009/05/27 10:19:34, 4] libsmb/clikrb5.c:ads_krb5_mk_req(694) > ads_krb5_mk_req: Advancing clock by 50 seconds to cope with clock skew >[2009/05/27 10:19:34, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(610) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Wed, 27 May 2009 20:20:24 BST >[2009/05/27 10:19:34, 10] libsmb/clikrb5.c:ads_krb5_mk_req(708) > ads_krb5_mk_req: Ticket (ldap/dc1.dom.realm.co.com@DOM.REALM.CO.COM) in ccache (MEMORY:net_ads) is valid until: (Wed, 27 May 2009 20:20:24 BST - 1243452024) >[2009/05/27 10:19:34, 3] libsmb/clikrb5.c:ads_krb5_mk_req(719) > ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >[2009/05/27 10:19:34, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(886) > Got KRB5 session key of length 16 >[2009/05/27 10:19:34, 1] libnet/libnet_join.c:libnet_join_precreate_machine_acct(229) > machine account creation created >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 16 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] B1 4F DA EA 0B 3C ED 31 .O...<.1 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 17 mid = 11 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,100) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,100) wrote 100 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 103 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1024 (0x400) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 17 mid = 11 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 17 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 17: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] BB EA 7F 26 96 2F 14 97 ...&./.. >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) > Bind RPC Pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 auth_type 0, auth_level 0 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2009/05/27 10:19:34, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2009/05/27 10:19:34, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49156 (0xC004) > smb_bcc=87 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 18 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] C7 51 67 E1 84 12 65 20 .Qg...e >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 19 mid = 12 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,158) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,158) wrote 158 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 124 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 E0 C2 01 00 0C 00 5C 70 69 70 65 ........ ...\pipe > [020] 5C 6C 73 61 73 73 00 E5 10 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 12 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 19 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 19: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 8C 46 69 0B A3 D5 1C F1 .Fi..... >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 E0 C2 01 00 0C 00 5C 70 69 70 65 ........ ...\pipe > [020] 5C 6C 73 61 73 73 00 E5 10 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 12 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 returned 68 bytes. >[2009/05/27 10:19:34, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) > rpc_pipe_bind: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 bind request returned ok. >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 0001c2e0 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2009/05/27 10:19:34, 6] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2009/05/27 10:19:34, 7] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:check_bind_response(1845) > check_bind_response: accepted! >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) > cli_rpc_pipe_open_noauth: opened pipe \samr to machine dc1.dom.realm.co.com and bound anonymously. > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'dc1.dom.realm.co.com' > access_mask : 0x00000030 (48) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 1: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 006c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000054 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0039 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=190 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 108 (0x6C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 108 (0x6C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49156 (0xC004) > smb_bcc=123 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 6C 00 00 00 06 00 00 00 54 .......l .......T > [020] 00 00 00 00 00 39 00 00 00 02 00 20 00 00 00 00 .....9.. ... .... > [030] 00 00 00 20 00 00 00 65 00 73 00 62 00 61 00 64 ... ...e .s.b.a.d > [040] 00 65 00 6E 00 67 00 77 00 76 00 6D 00 32 00 2E .e.n.g.w .v.m.2.. > [050] 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A 00 77 .z.w.d.b .g...z.w > [060] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c > [070] 00 6F 00 6D 00 00 00 30 00 00 00 .o.m...0 ... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 20 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 6A 72 2E 97 90 6D 0F D4 jr...m.. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 21 mid = 13 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,194) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,194) wrote 194 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 97 EF 3D ........ .......= > [020] F8 FE 31 AD 49 97 CA C9 8D 7E D4 1B 6E 00 00 00 ..1.I... .~..n... > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 21 mid = 13 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 21 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 21: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 03 86 3E C1 CE 98 6B A9 ..>...k. >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 97 EF 3D ........ .......= > [020] F8 FE 31 AD 49 97 CA C9 8D 7E D4 1B 6E 00 00 00 ..1.I... .~..n... > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 21 mid = 13 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 returned 48 bytes. > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : f83def97-31fe-49ad-97ca-c98d7ed41b6e > result : NT_STATUS_OK > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : f83def97-31fe-49ad-97ca-c98d7ed41b6e > access_mask : 0x00000211 (529) > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 1: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-1219397942-1773535701-801310046 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 004c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49156 (0xC004) > smb_bcc=91 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 > [020] 00 00 00 00 00 07 00 00 00 00 00 97 EF 3D F8 FE ........ .....=.. > [030] 31 AD 49 97 CA C9 8D 7E D4 1B 6E 11 02 00 00 04 1.I....~ ..n..... > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 36 ........ .......6 > [050] 89 AE 48 D5 01 B6 69 5E 05 C3 2F ..H...i^ ../ >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 22 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 64 C8 A0 78 DF 69 17 86 d..x.i.. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 23 mid = 14 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,162) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,162) wrote 162 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 104 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2D A8 A5 ........ .....-.. > [020] D0 E1 3C 95 47 BD 6B 3A 4D 8C 94 97 65 00 00 00 ..<.G.k: M...e... > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 23 mid = 14 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 23 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 23: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 34 3B 0B F5 C4 1B F6 E7 4;...... >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2D A8 A5 ........ .....-.. > [020] D0 E1 3C 95 47 BD 6B 3A 4D 8C 94 97 65 00 00 00 ..<.G.k: M...e... > [030] 00 . >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 23 mid = 14 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2009/05/27 10:19:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 returned 48 bytes. > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d0a5a82d-3ce1-4795-bd6b-3a4d8c949765 > result : NT_STATUS_OK > samr_LookupNames: struct samr_LookupNames > in: struct samr_LookupNames > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d0a5a82d-3ce1-4795-bd6b-3a4d8c949765 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x0014 (20) > size : 0x0014 (20) > string : * > string : 'host-smb$' >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0064 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000004c >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2009/05/27 10:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0011 >[2009/05/27 10:19:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) > rpc_api_pipe: host dc1.dom.realm.co.com, pipe \samr, fnum 0xc004 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=182 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49156 (0xC004) > smb_bcc=115 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 64 00 00 00 08 00 00 00 4C .......d .......L > [020] 00 00 00 00 00 11 00 00 00 00 00 2D A8 A5 D0 E1 ........ ...-.... > [030] 3C 95 47 BD 6B 3A 4D 8C 94 97 65 01 00 00 00 E8 <.G.k:M. ..e..... > [040] 03 00 00 00 00 00 00 01 00 00 00 14 00 14 00 00 ........ ........ > [050] 00 02 00 0A 00 00 00 00 00 00 00 0A 00 00 00 76 ........ .......v > [060] 00 73 00 67 00 64 00 39 00 2D 00 73 00 6D 00 62 .s.g.d.9 .-.s.m.b > [070] 00 24 00 .$. >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 24 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) > client_sign_outgoing_message: sent SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 22 BB 73 8D E7 4C DF 5B ".s..L.[ >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 25 mid = 15 >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(236) > write_socket(6,186) >[2009/05/27 10:19:34, 6] libsmb/clientgen.c:write_socket(239) > write_socket(6,186) wrote 186 >[2009/05/27 10:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) > got smb length of 116 >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(645) >[2009/05/27 10:19:34, 5] lib/util.c:show_msg(655) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6165 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 08 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 5E 04 00 00 01 00 00 00 04 00 02 .....^.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 25 mid = 15 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:simple_packet_signature(285) > simple_packet_signature: sequence number 25 >[2009/05/27 10:19:34, 10] libsmb/smb_signing.c:client_check_incoming_message(434) > client_check_incoming_message: seq 25: got good SMB signature of >[2009/05/27 10:19:34, 10] lib/util.c:dump_data(2233) > [000] 0F 68 54 4E B2 B4 89 88 .hTN.... >Using short domain name -- DOM >Joined 'HOST-SMB' to realm 'dom.realm.co.com'
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6364
:
4161
| 4209 |
5901
|
5902