[2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 769 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 13 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 1028 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 1027 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 1029 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 1280 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 1033 - private_data=(nil) [2009/06/25 21:42:32, 5] lib/messages.c:messaging_deregister(321) Deregistering messaging pointer for type 1 - private_data=(nil) [2009/06/25 21:42:32, 10] lib/events.c:timed_event_destructor(55) Destroying timed event 804f2a40 "check_domain_online_handler" [2009/06/25 21:42:32, 10] winbindd/winbindd_cm.c:set_domain_online_request(479) set_domain_online_request: called for domain MUC [2009/06/25 21:42:32, 10] winbindd/winbindd_cm.c:set_domain_online_request(508) set_domain_online_request: domain MUC was globally offline. [2009/06/25 21:42:32, 10] lib/events.c:_event_add_timed(120) Added timed event "check_domain_online_handler": 804f29f8 [2009/06/25 21:42:32, 10] winbindd/winbindd_dual.c:calculate_next_machine_pwd_change(906) machine password still valid until: Fri, 26 Jun 2009 14:43:39 CEST [2009/06/25 21:42:32, 10] lib/events.c:_event_add_timed(120) Added timed event "machine_password_change_handler": 804f0980 [2009/06/25 21:42:32, 10] lib/events.c:get_timed_events_timeout(277) timed_events_timeout: 5/0 [2009/06/25 21:42:32, 4] winbindd/winbindd_dual.c:fork_domain_child(1439) child daemon request 48 [2009/06/25 21:42:32, 10] winbindd/winbindd_dual.c:child_process_request(452) child_process_request: request fn INIT_CONNECTION [2009/06/25 21:42:32, 8] winbindd/winbindd_cm.c:connection_ok(1580) connection_ok: Connection to for domain MUC has NULL cli! [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = SAFJOIN/DOMAIN/MUC couldn't be found [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = SAF/DOMAIN/MUC, value = GENOME, timeout = Thu Jun 25 11:18:11 2009 [2009/06/25 21:42:32, 5] libsmb/namequery.c:saf_fetch(197) saf_fetch: failed to find server for "MUC" domain [2009/06/25 21:42:32, 10] winbindd/winbindd_cm.c:cm_open_connection(1453) cm_open_connection: dcname is '' for domain MUC [2009/06/25 21:42:32, 8] libsmb/namequery.c:get_sorted_dc_list(2155) get_sorted_dc_list: attempting lookup for name MUC (sitename NULL) using [lmhosts wins host bcast] [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = SAFJOIN/DOMAIN/MUC couldn't be found [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = SAF/DOMAIN/MUC couldn't be found [2009/06/25 21:42:32, 5] libsmb/namequery.c:saf_fetch(197) saf_fetch: failed to find server for "MUC" domain [2009/06/25 21:42:32, 3] libsmb/namequery.c:get_dc_list(1971) get_dc_list: preferred server list: ", Genome" [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found [2009/06/25 21:42:32, 5] libads/dns.c:sitename_fetch(814) sitename_fetch: No stored sitename for [2009/06/25 21:42:32, 10] libsmb/namequery.c:internal_resolve_name(1505) internal_resolve_name: looking up Genome#20 (sitename (null)) [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = NBT/GENOME#20, value = 192.168.29.4:0, timeout = Thu Jun 25 11:13:16 2009 [2009/06/25 21:42:32, 5] libsmb/namecache.c:namecache_fetch(229) no entry for Genome#20 found. [2009/06/25 21:42:32, 3] libsmb/namequery.c:resolve_lmhosts(1224) resolve_lmhosts: Attempting lmhosts lookup for name Genome<0x20> [2009/06/25 21:42:32, 4] libsmb/namequery.c:getlmhostsent(908) getlmhostsent: lmhost entry: 127.0.0.1 localhost [2009/06/25 21:42:32, 3] libsmb/namequery.c:resolve_wins(1088) resolve_wins: Attempting wins lookup for name Genome<0x20> [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = WINS_SRV_DEAD/192.168.29.4,0.0.0.0 couldn't be found [2009/06/25 21:42:32, 4] lib/wins_srv.c:wins_srv_is_dead(108) wins_srv_is_dead: 192.168.29.4 is alive [2009/06/25 21:42:32, 6] lib/wins_srv.c:wins_srv_ip_tag(312) Current wins server for tag '*' with source 0.0.0.0 is 192.168.29.4 [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = WINS_SRV_DEAD/192.168.29.4,0.0.0.0 couldn't be found [2009/06/25 21:42:32, 4] lib/wins_srv.c:wins_srv_is_dead(108) wins_srv_is_dead: 192.168.29.4 is alive [2009/06/25 21:42:32, 3] libsmb/namequery.c:resolve_wins(1146) resolve_wins: using WINS server 192.168.29.4 and tag '*' [2009/06/25 21:42:32, 10] lib/util_sock.c:open_socket_in(1349) bind succeeded on port 0 [2009/06/25 21:42:32, 5] libsmb/nmblib.c:send_udp(824) Sending a packet of len 50 to (192.168.29.4) on port 137 [2009/06/25 21:42:32, 10] lib/util_sock.c:read_udp_v4_socket(889) read_udp_v4_socket: ip 192.168.29.4 port 35072 read: 68 [2009/06/25 21:42:32, 10] libsmb/nmblib.c:parse_nmb(535) parse_nmb: packet id = 16561 [2009/06/25 21:42:32, 5] libsmb/nmblib.c:read_packet(802) Received a packet of len 68 from (192.168.29.4) port 137 [2009/06/25 21:42:32, 4] libsmb/nmblib.c:debug_nmb_packet(109) nmb packet from 192.168.29.4(137) header: id=16561 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=GENOME<20> rr_type=32 rr_class=1 ttl=259196 answers 0 char `.....`..... hex 6000C0A81D046000C0A81D04 [2009/06/25 21:42:32, 2] libsmb/namequery.c:name_query(778) Got a positive name query response from 192.168.29.4 ( 192.168.29.4 192.168.29.4 ) [2009/06/25 21:42:32, 10] libsmb/namequery.c:remove_duplicate_addrs2(582) remove_duplicate_addrs2: looking for duplicate address/port pairs [2009/06/25 21:42:32, 5] libsmb/namecache.c:namecache_store(143) namecache_store: storing 1 address for Genome#20: 192.168.29.4 [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = NBT/GENOME#20; value = 192.168.29.4:0 and timeout = Thu Jun 25 21:53:32 2009 (660 seconds ahead) [2009/06/25 21:42:32, 10] libsmb/namequery.c:internal_resolve_name(1652) internal_resolve_name: returning 1 addresses: 192.168.29.4:0 [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = NEG_CONN_CACHE/MUC,192.168.29.4 couldn't be found [2009/06/25 21:42:32, 9] libsmb/conncache.c:check_negative_conn_cache(150) check_negative_conn_cache returning result 0 for domain MUC server 192.168.29.4 [2009/06/25 21:42:32, 10] libsmb/namequery.c:remove_duplicate_addrs2(582) remove_duplicate_addrs2: looking for duplicate address/port pairs [2009/06/25 21:42:32, 4] libsmb/namequery.c:get_dc_list(2104) get_dc_list: returning 1 ip addresses in an ordered list [2009/06/25 21:42:32, 4] libsmb/namequery.c:get_dc_list(2105) get_dc_list: 192.168.29.4:0 [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_get(194) Cache entry with key = NEG_CONN_CACHE/MUC,192.168.29.4 couldn't be found [2009/06/25 21:42:32, 9] libsmb/conncache.c:check_negative_conn_cache(150) check_negative_conn_cache returning result 0 for domain MUC server 192.168.29.4 &packet: struct nbt_netlogon_packet command : LOGON_SAM_LOGON_REQUEST (18) req : union nbt_netlogon_request(case 18) logon: struct NETLOGON_SAM_LOGON_REQUEST request_count : 0x0000 (0) computer_name : 'NUCLEUS' user_name : 'NUCLEUS$' mailslot_name : '\MAILSLOT\NET\GETDC41DA8C0' acct_control : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD sid_size : 0x00000000 (0) _pad : DATA_BLOB length=0 sid : S-1-5-21-1362721961-1801182073-732966438 nt_version : 0x00000001 (1) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 0: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2009/06/25 21:42:32, 8] lib/util.c:fcntl_lock(2024) fcntl_lock fd=18 op=13 offset=0 count=1 type=0 [2009/06/25 21:42:32, 3] lib/util.c:fcntl_lock(2037) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2009/06/25 21:42:32, 4] libsmb/clidgram.c:cli_send_mailslot(112) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from NUCLEUS<00> to MUC<1c> IP 192.168.29.4 [2009/06/25 21:42:32, 10] lib/messages_local.c:messaging_tdb_store(215) messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SEND_PACKET (259) dest: struct server_id id : 0x00007d20 (32032) src: struct server_id id : 0x00007d27 (32039) buf : DATA_BLOB length=812 [2009/06/25 21:42:32, 10] lib/util.c:dump_data(2233) [000] 00 00 00 00 00 00 00 00 00 00 00 00 C0 A8 1D 04 ........ ........ [010] 00 00 00 00 00 00 00 00 28 D3 43 4A 01 00 00 00 ........ (.CJ.... [020] 11 00 00 00 02 00 00 00 01 00 00 00 D7 67 00 00 ........ .....g.. [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 4E 55 43 4C 45 55 53 00 00 00 00 00 00 00 00 00 NUCLEUS. ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 4D 55 43 00 00 00 00 00 00 00 00 00 ....MUC. ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 1C 00 00 00 C7 00 00 00 FF 53 4D 42 ........ .....SMB [0F0] 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %....... ........ [100] 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 6C ........ .......l [110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [120] 00 00 00 6C 00 5B 00 03 00 01 00 00 00 02 00 82 ...l.[.. ........ [130] 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 54 5C 4E .\MAILSL OT\NET\N [140] 54 4C 4F 47 4F 4E 00 12 00 00 00 4E 00 55 00 43 TLOGON.. ...N.U.C [150] 00 4C 00 45 00 55 00 53 00 00 00 4E 00 55 00 43 .L.E.U.S ...N.U.C [160] 00 4C 00 45 00 55 00 53 00 24 00 00 00 5C 4D 41 .L.E.U.S .$...\MA [170] 49 4C 53 4C 4F 54 5C 4E 45 54 5C 47 45 54 44 43 ILSLOT\N ET\GETDC [180] 34 31 44 41 38 43 30 00 80 00 00 00 18 00 00 00 41DA8C0. ........ [190] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 A9 ........ ........ [1A0] 7C 39 51 79 DB 5B 6B 26 2E B0 2B 01 00 00 00 FF |9Qy.[k& ..+..... [1B0] FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [320] 00 00 00 00 00 00 00 00 00 00 00 00 ........ .... [2009/06/25 21:42:32, 5] libsmb/clidgram.c:receive_getdc_response(234) Received packet for \MAILSLOT\NET\GETDC41DA8C0 &p: struct dgram_smb_packet smb_command : SMB_TRANSACTION (0x25) err_class : 0x00 (0) pad : 0x00 (0) err_code : 0x0000 (0) flags : 0x00 (0) flags2 : 0x0000 (0) pid_high : 0x0000 (0) signature : 0000000000000000 reserved : 0x0000 (0) tid : 0x0000 (0) pid : 0x0000 (0) vuid : 0x0000 (0) mid : 0x0000 (0) body : union smb_body(case 0x25) trans: struct smb_trans_body wct : 0x11 (17) total_param_count : 0x0000 (0) total_data_count : 0x0034 (52) max_param_count : 0x0000 (0) max_data_count : 0x0000 (0) max_setup_count : 0x00 (0) pad : 0x00 (0) trans_flags : 0x0000 (0) timeout : 0x00000000 (0) reserved : 0x0000 (0) param_count : 0x0000 (0) param_offset : 0x0000 (0) data_count : 0x0034 (52) data_offset : 0x0060 (96) setup_count : 0x03 (3) pad2 : 0x00 (0) opcode : 0x0001 (1) priority : 0x0001 (1) _class : 0x0002 (2) byte_count : 0x004f (79) mailslot_name : '\MAILSLOT\NET\GETDC41DA8C0' data : DATA_BLOB length=52 [2009/06/25 21:42:32, 10] lib/util.c:dump_data(2233) [000] 13 00 5C 00 5C 00 47 00 45 00 4E 00 4F 00 4D 00 ..\.\.G. E.N.O.M. [010] 45 00 00 00 00 55 00 43 00 4C 00 45 00 55 00 53 E....U.C .L.E.U.S [020] 00 24 00 00 4D 00 55 00 43 00 00 00 01 00 00 00 .$..M.U. C....... [030] FF FF FF FF .... &response->data.nt4: struct NETLOGON_SAM_LOGON_RESPONSE_NT40 command : LOGON_SAM_LOGON_RESPONSE (19) server : '\\GENOME' user_name : '唀䌀䰀䔀唀匀␀' domain : 'MUC' nt_version : 0x00000001 (1) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 0: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2009/06/25 21:42:32, 10] libsmb/clidgram.c:receive_getdc_response(308) GetDC gave name GENOME for domain MUC [2009/06/25 21:42:32, 5] libsmb/namecache.c:namecache_store(143) namecache_store: storing 1 address for GENOME#20: 192.168.29.4 [2009/06/25 21:42:32, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = NBT/GENOME#20; value = 192.168.29.4:0 and timeout = Thu Jun 25 21:53:32 2009 (660 seconds ahead) [2009/06/25 21:42:32, 10] winbindd/winbindd_cm.c:cm_prepare_connection(774) cm_prepare_connection: connecting to DC GENOME for domain MUC [2009/06/25 21:42:32, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,194) [2009/06/25 21:42:32, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,194) wrote 194 [2009/06/25 21:42:32, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 127 [2009/06/25 21:42:32, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:32, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=32039 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 1536 (0x600) smb_vwv[ 8]= 67 (0x43) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=41348 (0xA184) smb_vwv[13]=52500 (0xCD14) smb_vwv[14]=51701 (0xC9F5) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2009/06/25 21:42:32, 10] lib/util.c:dump_data(2233) [000] 67 65 6E 6F 6D 65 00 00 00 00 00 00 00 00 00 00 genome.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2009/06/25 21:42:32, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:32, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=32039 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 1536 (0x600) smb_vwv[ 8]= 67 (0x43) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=41348 (0xA184) smb_vwv[13]=52500 (0xCD14) smb_vwv[14]=51701 (0xC9F5) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2009/06/25 21:42:32, 10] lib/util.c:dump_data(2233) [000] 67 65 6E 6F 6D 65 00 00 00 00 00 00 00 00 00 00 genome.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2009/06/25 21:42:32, 5] winbindd/winbindd_cm.c:cm_prepare_connection(880) connecting to GENOME from NUCLEUS with username [MUC]\[NUCLEUS$] [2009/06/25 21:42:32, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) Doing spnego session setup (blob length=58) [2009/06/25 21:42:32, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 3 6 1 4 1 311 2 2 10 [2009/06/25 21:42:32, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) got principal=NONE [2009/06/25 21:42:32, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,162) [2009/06/25 21:42:32, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,162) wrote 162 [2009/06/25 21:42:32, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 262 [2009/06/25 21:42:32, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:32, 5] lib/util.c:show_msg(655) size=262 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=32039 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 177 (0xB1) smb_bcc=219 [2009/06/25 21:42:32, 10] lib/util.c:dump_data(2233) [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 C0 56 47 EA 0F 8C 6C 89 00 ......`. VG...l.. [040] 00 00 00 00 00 00 00 5C 00 5C 00 36 00 00 00 4D .......\ .\.6...M [050] 00 55 00 43 00 02 00 06 00 4D 00 55 00 43 00 01 .U.C.... .M.U.C.. [060] 00 0C 00 47 00 45 00 4E 00 4F 00 4D 00 45 00 04 ...G.E.N .O.M.E.. [070] 00 14 00 6D 00 72 00 2E 00 6C 00 66 00 6D 00 67 ...m.r.. .l.f.m.g [080] 00 2E 00 64 00 65 00 03 00 22 00 67 00 65 00 6E ...d.e.. .".g.e.n [090] 00 6F 00 6D 00 65 00 2E 00 6D 00 72 00 2E 00 6C .o.m.e.. .m.r...l [0A0] 00 66 00 6D 00 67 00 2E 00 64 00 65 00 00 00 00 .f.m.g.. .d.e.... [0B0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [0C0] 00 62 00 61 00 20 00 33 00 2E 00 33 00 2E 00 36 .b.a. .3 ...3...6 [0D0] 00 00 00 4D 00 55 00 43 00 00 00 ...M.U.C ... [2009/06/25 21:42:32, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:32, 5] lib/util.c:show_msg(655) size=262 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=32039 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 177 (0xB1) smb_bcc=219 [2009/06/25 21:42:32, 10] lib/util.c:dump_data(2233) [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 C0 56 47 EA 0F 8C 6C 89 00 ......`. VG...l.. [040] 00 00 00 00 00 00 00 5C 00 5C 00 36 00 00 00 4D .......\ .\.6...M [050] 00 55 00 43 00 02 00 06 00 4D 00 55 00 43 00 01 .U.C.... .M.U.C.. [060] 00 0C 00 47 00 45 00 4E 00 4F 00 4D 00 45 00 04 ...G.E.N .O.M.E.. [070] 00 14 00 6D 00 72 00 2E 00 6C 00 66 00 6D 00 67 ...m.r.. .l.f.m.g [080] 00 2E 00 64 00 65 00 03 00 22 00 67 00 65 00 6E ...d.e.. .".g.e.n [090] 00 6F 00 6D 00 65 00 2E 00 6D 00 72 00 2E 00 6C .o.m.e.. .m.r...l [0A0] 00 66 00 6D 00 67 00 2E 00 64 00 65 00 00 00 00 .f.m.g.. .d.e.... [0B0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [0C0] 00 62 00 61 00 20 00 33 00 2E 00 33 00 2E 00 36 .b.a. .3 ...3...6 [0D0] 00 00 00 4D 00 55 00 43 00 00 00 ...M.U.C ... [2009/06/25 21:42:32, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) Got challenge flags: [2009/06/25 21:42:32, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:32, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) NTLMSSP: Set final flags: [2009/06/25 21:42:32, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:32, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1123) NTLMSSP challenge set by NTLM2 [2009/06/25 21:42:32, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1124) challenge is: [2009/06/25 21:42:32, 5] lib/util.c:dump_data(2233) [000] 48 58 3F 3F 67 22 BA E0 HX??g".. [2009/06/25 21:42:32, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/06/25 21:42:32, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:32, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,262) [2009/06/25 21:42:32, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,262) wrote 262 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 94 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=94 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=32039 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=51 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 33 00 2E 00 36 00 00 00 4D 00 55 00 43 ...3...6 ...M.U.C [030] 00 00 00 ... [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=94 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=32039 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=51 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 33 00 2E 00 36 00 00 00 4D 00 55 00 43 ...3...6 ...M.U.C [030] 00 00 00 ... [2009/06/25 21:42:33, 10] libsmb/clientgen.c:cli_init_creds(415) cli_init_creds: user NUCLEUS$ domain MUC [2009/06/25 21:42:33, 10] libsmb/namequery.c:saf_store(86) saf_store: domain = [MUC], server = [GENOME], expire = [1245959853] [2009/06/25 21:42:33, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/MUC; value = GENOME and timeout = Thu Jun 25 21:57:33 2009 (900 seconds ahead) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,80) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,80) wrote 80 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 56 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 49 50 43 00 00 00 00 IPC.... [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(3063) set_global_winbindd_state_online: online requested. [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(3066) set_global_winbindd_state_online: rejecting. [2009/06/25 21:42:33, 10] winbindd/winbindd_cm.c:set_domain_online(402) set_domain_online: called for domain MUC [2009/06/25 21:42:33, 10] lib/events.c:timed_event_destructor(55) Destroying timed event 804f29f8 "check_domain_online_handler" [2009/06/25 21:42:33, 10] winbindd/winbindd_cm.c:set_dc_type_and_flags(1936) set_dc_type_and_flags: setting up flags for primary domain [2009/06/25 21:42:33, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1782) set_dc_type_and_flags_connect: domain MUC [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,104) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,104) wrote 104 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=12032 (0x2F00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host GENOME, pipe \lsarpc, fnum 0x702f auth_type 0, auth_level 0 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 3919286a [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : b10c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11d0 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9b a8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 00 c0 4f d9 2e f5 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x702f [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28719 (0x702F) smb_bcc=87 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,158) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,158) wrote 158 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 124 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 64 73 73 65 74 75 70 00 01 00 00 00 00 00 00 \dssetup ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 64 73 73 65 74 75 70 00 01 00 00 00 00 00 00 \dssetup ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 68 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x702f returned 68 bytes. [2009/06/25 21:42:33, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host GENOME, pipe \lsarpc, fnum 0x702f bind request returned ok. [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000e [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\dssetup. [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000028 smb_io_rpc_results [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine GENOME and bound anonymously. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001a [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000002 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0000 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x702f [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28719 (0x702F) smb_bcc=41 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,112) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,112) wrote 112 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 148 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 02 00 00 ........ .\...... [010] 00 44 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .D...... ........ [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ [030] 00 00 00 00 00 0A 3E 42 B4 78 90 0C 49 A2 AD 48 ......>B .x..I..H [040] AB AD B8 33 B3 04 00 00 00 00 00 00 00 04 00 00 ...3.... ........ [050] 00 4D 00 55 00 43 00 00 00 00 00 00 00 .M.U.C.. ..... [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 02 00 00 ........ .\...... [010] 00 44 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .D...... ........ [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ [030] 00 00 00 00 00 0A 3E 42 B4 78 90 0C 49 A2 AD 48 ......>B .x..I..H [040] AB AD B8 33 B3 04 00 00 00 00 00 00 00 04 00 00 ...3.... ........ [050] 00 4D 00 55 00 43 00 00 00 00 00 00 00 .M.U.C.. ..... [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 005c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000044 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 92, data_len 68, ss_len 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 92 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x702f returned 136 bytes. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_PRIMARY_DC (5) flags : 0x01000000 (16777216) 0: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'MUC' dns_domain : NULL forest : NULL domain_guid : b4423e0a-9078-490c-a2ad-48abadb833b3 result : WERR_OK [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,45) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,45) wrote 45 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=8 smt_wct=0 smb_bcc=0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host GENOME, pipe \lsarpc, fnum 0x702f [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,104) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,104) wrote 104 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=12288 (0x3000) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host GENOME, pipe \lsarpc, fnum 0x7030 auth_type 0, auth_level 0 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28720 (0x7030) smb_bcc=87 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,158) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,158) wrote 158 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 124 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 68 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 returned 68 bytes. [2009/06/25 21:42:33, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host GENOME, pipe \lsarpc, fnum 0x7030 bind request returned ok. [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000d [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsarpc. [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000027 smb_io_rpc_results [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine GENOME and bound anonymously. [2009/06/25 21:42:33, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2009/06/25 21:42:33, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\GENOME' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002c [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28720 (0x7030) smb_bcc=111 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 04 00 00 00 48 .......` .......H [020] 00 00 00 00 00 2C 00 00 00 02 00 09 00 00 00 00 .....,.. ........ [030] 00 00 00 09 00 00 00 5C 00 5C 00 47 00 45 00 4E .......\ .\.G.E.N [040] 00 4F 00 4D 00 45 00 00 00 00 00 18 00 00 00 00 .O.M.E.. ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ [060] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,182) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,182) wrote 182 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 104 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 43 4A 29 D3 06 43 00 00 00 00 00 .....CJ) ..C..... [030] 00 . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 43 4A 29 D3 06 43 00 00 00 00 00 .....CJ) ..C..... [030] 00 . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 48 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 returned 48 bytes. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-434a-29d306430000 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-434a-29d306430000 level : LSA_POLICY_INFO_DNS (12) [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002e [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28720 (0x7030) smb_bcc=61 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 43 4A 29 D3 06 43 00 00 0C 00 ...CJ).. C.... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,132) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,132) wrote 132 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 88 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 23 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0020 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_hdr_fault fault [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c reserved: 00000000 [2009/06/25 21:42:33, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host GENOME, pipe \lsarpc, fnum 0x7030! [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 32 at offset 0 [2009/06/25 21:42:33, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2009/06/25 21:42:33, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0006 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28720 (0x7030) smb_bcc=83 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,154) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,154) wrote 154 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 104 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 43 4A 29 D3 06 43 00 00 00 00 00 .....CJ) ..C..... [030] 00 . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 43 4A 29 D3 06 43 00 00 00 00 00 .....CJ) ..C..... [030] 00 . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 48 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 returned 48 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-434a-29d306430000 result : NT_STATUS_OK lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-434a-29d306430000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0007 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28720 (0x7030) smb_bcc=61 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 43 4A 29 D3 06 43 00 00 05 00 ...CJ).. C.... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,132) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,132) wrote 132 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 152 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 07 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .H...... ........ [020] 00 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [030] 00 00 00 00 00 03 00 00 00 4D 00 55 00 43 00 00 ........ .M.U.C.. [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 A9 7C 39 51 79 DB 5B 6B 26 2E B0 2B 00 00 00 ..|9Qy.[ k&..+... [060] 00 . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 07 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .H...... ........ [020] 00 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [030] 00 00 00 00 00 03 00 00 00 4D 00 55 00 43 00 00 ........ .M.U.C.. [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 A9 7C 39 51 79 DB 5B 6B 26 2E B0 2B 00 00 00 ..|9Qy.[ k&..+... [060] 00 . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 96 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7030 returned 144 bytes. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'MUC' sid : * sid : S-1-5-21-1362721961-1801182073-732966438 result : NT_STATUS_OK [2009/06/25 21:42:33, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1914) set_dc_type_and_flags_connect: domain MUC is NOT in native mode. [2009/06/25 21:42:33, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1917) set_dc_type_and_flags_connect: domain MUC is NOT running active directory. [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,45) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,45) wrote 45 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=15 smt_wct=0 smb_bcc=0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host GENOME, pipe \lsarpc, fnum 0x7030 [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:cache_store_response(2626) Storing response for pid 32039, len 3496 [2009/06/25 21:42:33, 10] lib/events.c:get_timed_events_timeout(277) timed_events_timeout: 61265/411671 [2009/06/25 21:42:33, 4] winbindd/winbindd_dual.c:fork_domain_child(1439) child daemon request 19 [2009/06/25 21:42:33, 10] winbindd/winbindd_dual.c:child_process_request(452) child_process_request: request fn LIST_TRUSTDOM [2009/06/25 21:42:33, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(359) [32038]: list trusted domains [2009/06/25 21:42:33, 5] winbindd/winbindd_cache.c:get_cache(181) get_cache: Setting MS-RPC methods for domain MUC [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(404) fetch_cache_seqnum: invalid data size key [SEQNUM/MUC] [2009/06/25 21:42:33, 10] winbindd/winbindd_rpc.c:sequence_number(958) rpc: fetch sequence_number for MUC [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,100) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,100) wrote 100 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=16 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=12544 (0x3100) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host GENOME, pipe \samr, fnum 0x7031 auth_type 3, auth_level 6 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1133) create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1156) create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: [2009/06/25 21:42:33, 5] lib/util.c:dump_data(2233) [000] 60 4A 06 06 2B 06 01 05 05 02 A0 40 30 3E A0 0E `J..+... ...@0>.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2C 0...+... ..7...., [020] 04 2A 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 .*NTLMSS P.....5. [030] 08 60 03 00 03 00 20 00 00 00 07 00 07 00 23 00 .`.... . ......#. [040] 00 00 4D 55 43 4E 55 43 4C 45 55 53 ..MUCNUC LEUS [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 004c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ac [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=238 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 156 (0x9C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28721 (0x7031) smb_bcc=171 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 9C 00 4C 00 08 00 00 00 B8 ........ .L...... [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 4A 06 06 2B 06 01 05 05 02 A0 40 30 3E A0 0E 30 J..+.... ..@0>..0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2C 04 ...+.... .7....,. [080] 2A 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 *NTLMSSP .....5.. [090] 60 03 00 03 00 20 00 00 00 07 00 07 00 23 00 00 `.... .. .....#.. [0A0] 00 4D 55 43 4E 55 43 4C 45 55 53 .MUCNUCL EUS [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,242) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,242) wrote 242 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 309 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=309 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 253 (0xFD) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=254 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 FD 00 B1 00 08 00 00 ........ ........ [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 AE `....... ........ [050] 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 95 04 81 92 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 06 00 06 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 CC 2A 0C 8C 16 05 56 94 00 00 00 00 5..`.*.. ..V..... [090] 00 00 00 00 5C 00 5C 00 36 00 00 00 4D 00 55 00 ....\.\. 6...M.U. [0A0] 43 00 02 00 06 00 4D 00 55 00 43 00 01 00 0C 00 C.....M. U.C..... [0B0] 47 00 45 00 4E 00 4F 00 4D 00 45 00 04 00 14 00 G.E.N.O. M.E..... [0C0] 6D 00 72 00 2E 00 6C 00 66 00 6D 00 67 00 2E 00 m.r...l. f.m.g... [0D0] 64 00 65 00 03 00 22 00 67 00 65 00 6E 00 6F 00 d.e...". g.e.n.o. [0E0] 6D 00 65 00 2E 00 6D 00 72 00 2E 00 6C 00 66 00 m.e...m. r...l.f. [0F0] 6D 00 67 00 2E 00 64 00 65 00 00 00 00 00 m.g...d. e..... [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=309 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 253 (0xFD) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=254 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 FD 00 B1 00 08 00 00 ........ ........ [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 AE `....... ........ [050] 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 95 04 81 92 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 06 00 06 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 CC 2A 0C 8C 16 05 56 94 00 00 00 00 5..`.*.. ..V..... [090] 00 00 00 00 5C 00 5C 00 36 00 00 00 4D 00 55 00 ....\.\. 6...M.U. [0A0] 43 00 02 00 06 00 4D 00 55 00 43 00 01 00 0C 00 C.....M. U.C..... [0B0] 47 00 45 00 4E 00 4F 00 4D 00 45 00 04 00 14 00 G.E.N.O. M.E..... [0C0] 6D 00 72 00 2E 00 6C 00 66 00 6D 00 67 00 2E 00 m.r...l. f.m.g... [0D0] 64 00 65 00 03 00 22 00 67 00 65 00 6E 00 6F 00 d.e...". g.e.n.o. [0E0] 6D 00 65 00 2E 00 6D 00 72 00 2E 00 6C 00 66 00 m.e...m. r...l.f. [0F0] 6D 00 67 00 2E 00 64 00 65 00 00 00 00 00 m.g...d. e..... [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00fd [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b1 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 253 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 returned 253 bytes. [2009/06/25 21:42:33, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host GENOME, pipe \samr, fnum 0x7031 bind request returned ok. [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00fd [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b1 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\samr. [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000025 smb_io_rpc_results [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 auth_pad_len : 08 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0048 auth_context_id: 00000001 [2009/06/25 21:42:33, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) Got challenge flags: [2009/06/25 21:42:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:33, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) NTLMSSP: Set final flags: [2009/06/25 21:42:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:33, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1123) NTLMSSP challenge set by NTLM2 [2009/06/25 21:42:33, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1124) challenge is: [2009/06/25 21:42:33, 5] lib/util.c:dump_data(2233) [000] 5E 11 66 7E FC 30 A2 83 ^.f~.0.. [2009/06/25 21:42:33, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/06/25 21:42:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0100 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b0 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ac [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=338 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 256 (0x100) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 256 (0x100) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28721 (0x7031) smb_bcc=271 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 00 01 B0 00 08 00 00 00 B8 ........ ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ [060] 81 AD 30 81 AA A2 81 A7 04 81 A4 4E 54 4C 4D 53 ..0..... ...NTLMS [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... [080] 00 18 00 58 00 00 00 06 00 06 00 70 00 00 00 10 ...X.... ...p.... [090] 00 10 00 76 00 00 00 0E 00 0E 00 86 00 00 00 10 ...v.... ........ [0A0] 00 10 00 94 00 00 00 35 82 08 60 F9 D8 AD CA 84 .......5 ..`..... [0B0] 71 D9 96 00 00 00 00 00 00 00 00 00 00 00 00 00 q....... ........ [0C0] 00 00 00 D3 65 CE FC 56 06 8C 4B 3E 61 5C F9 57 ....e..V ..K>a\.W [0D0] A2 2A A5 98 A4 20 73 73 BC 7A 85 4D 00 55 00 43 .*... ss .z.M.U.C [0E0] 00 4E 00 55 00 43 00 4C 00 45 00 55 00 53 00 24 .N.U.C.L .E.U.S.$ [0F0] 00 4E 00 55 00 43 00 4C 00 45 00 55 00 53 00 89 .N.U.C.L .E.U.S.. [100] 76 BE 5A 9A B1 D8 8D DC AA EB FA 1E 0F 2E 38 v.Z..... ......8 [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,342) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,342) wrote 342 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 143 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 87 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 returned 87 bytes. [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 08 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2179) rpc_finish_spnego_ntlmssp_bind: alter context request to host GENOME, pipe \samr, fnum 0x7031. [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(3058) cli_rpc_pipe_open_ntlmssp_internal: opened pipe \samr to machine GENOME and bound NTLMSSP as user MUC\NUCLEUS$. [2009/06/25 21:42:33, 10] winbindd/winbindd_cm.c:cm_connect_sam(2059) cm_connect_sam: connected to SAMR pipe for domain MUC using NTLMSSP authenticated pipe: user MUC\NUCLEUS$ samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'GENOME' access_mask : 0x02000000 (33554432) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_LOOKUP_DOMAIN [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000024 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0039 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0040 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0041 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0042 auth_pad_len : 04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0043 auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 auth_context_id: 00000001 [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28721 (0x7031) smb_bcc=103 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 10 00 09 00 00 00 24 .......X .......$ [020] 00 00 00 00 00 39 00 9F A4 74 A9 C6 EE 97 10 FB .....9.. .t...... [030] 45 AF 44 CB 34 EB 78 44 40 BE 1E D7 56 CE AA 6C E.D.4.xD @...V..l [040] 9F AC 48 F4 30 C9 A1 D1 D6 47 F9 05 41 DE 4E 09 ..H.0... .G..A.N. [050] 06 04 00 01 00 00 00 01 00 00 00 67 B1 38 F4 39 ........ ...g.8.9 [060] F4 FD 85 00 00 00 00 ....... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,174) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,174) wrote 174 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 E6 32 4A 4C F5 62 22 ........ ..2JL.b" [020] 17 DC E9 02 4B 0C 0F C3 E0 33 4C 8F E7 AA 11 BE ....K... .3L..... [030] DB 09 06 00 00 01 00 00 00 01 00 00 00 A0 EC C8 ........ ........ [040] 4A B0 C6 B7 4C 00 00 00 00 J...L... . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 E6 32 4A 4C F5 62 22 ........ ..2JL.b" [020] 17 DC E9 02 4B 0C 0F C3 E0 33 4C 8F E7 AA 11 BE ....K... .3L..... [030] DB 09 06 00 00 01 00 00 00 01 00 00 00 A0 EC C8 ........ ........ [040] 4A B0 C6 B7 4C 00 00 00 00 J...L... . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 72 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 returned 48 bytes. samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-434a-29d306430000 result : NT_STATUS_OK samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-434a-29d306430000 access_mask : 0x02000000 (33554432) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-1362721961-1801182073-732966438 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000034 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0007 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0050 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0051 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0052 auth_pad_len : 04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0053 auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 auth_context_id: 00000001 [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28721 (0x7031) smb_bcc=119 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 10 00 0A 00 00 00 34 .......h .......4 [020] 00 00 00 00 00 07 00 72 AA 37 95 CE FD A5 76 A7 .......r .7....v. [030] 51 2B F8 20 B3 81 A3 35 E6 08 76 A3 78 C8 76 44 Q+. ...5 ..v.x.vD [040] BD 9F 13 42 FA 9D A1 AE 06 B5 0D ED 26 FF 60 BD ...B.... ....&.`. [050] D0 4E DE 09 80 F7 93 9B 0C FB 03 D0 79 AF DB 09 .N...... ....y... [060] 06 04 00 01 00 00 00 01 00 00 00 B5 25 2D 97 E7 ........ ....%-.. [070] F0 37 49 01 00 00 00 .7I.... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,190) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,190) wrote 190 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 67 13 BC 82 DA B7 EC ........ .g...... [020] 3F D6 62 64 08 1C F6 20 7E DA 36 D7 25 2B E8 69 ?.bd... ~.6.%+.i [030] 69 09 06 00 00 01 00 00 00 01 00 00 00 5E BD 5A i....... .....^.Z [040] B0 5A 61 2E 7B 01 00 00 00 .Za.{... . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 67 13 BC 82 DA B7 EC ........ .g...... [020] 3F D6 62 64 08 1C F6 20 7E DA 36 D7 25 2B E8 69 ?.bd... ~.6.%+.i [030] 69 09 06 00 00 01 00 00 00 01 00 00 00 5E BD 5A i....... .....^.Z [040] B0 5A 61 2E 7B 01 00 00 00 .Za.{... . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 72 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 returned 48 bytes. samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-434a-29d306430000 result : NT_STATUS_OK samr_QueryDomainInfo: struct samr_QueryDomainInfo in: struct samr_QueryDomainInfo domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-434a-29d306430000 level : 0x0008 (8) [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0008 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28721 (0x7031) smb_bcc=87 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 48 00 10 00 0B 00 00 00 16 .......H ........ [020] 00 00 00 00 00 08 00 8F AF 9F EC 92 DE D1 B3 60 ........ .......` [030] 2A 03 2E 75 6B 3D D6 00 CD 34 51 2F 74 17 15 09 *..uk=.. .4Q/t... [040] 06 02 00 01 00 00 00 01 00 00 00 5A CE 94 B0 32 ........ ...Z...2 [050] D5 ED 92 02 00 00 00 ....... [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,158) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,158) wrote 158 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 136 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 50 00 10 00 0B 00 00 ........ .P...... [010] 00 1C 00 00 00 00 00 00 00 89 2A 63 65 9E 32 31 ........ ..*ce.21 [020] 84 A5 BC F9 19 C5 D5 08 24 2C E8 1B A2 5E B0 7C ........ $,...^.| [030] 24 54 A9 98 6E D4 70 10 C3 09 06 04 00 01 00 00 $T..n.p. ........ [040] 00 01 00 00 00 74 BB C1 04 E2 1B C7 8E 02 00 00 .....t.. ........ [050] 00 . [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2009/06/25 21:42:33, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 50 00 10 00 0B 00 00 ........ .P...... [010] 00 1C 00 00 00 00 00 00 00 89 2A 63 65 9E 32 31 ........ ..*ce.21 [020] 84 A5 BC F9 19 C5 D5 08 24 2C E8 1B A2 5E B0 7C ........ $,...^.| [030] 24 54 A9 98 6E D4 70 10 C3 09 06 04 00 01 00 00 $T..n.p. ........ [040] 00 01 00 00 00 74 BB C1 04 E2 1B C7 8E 02 00 00 .....t.. ........ [050] 00 . [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/06/25 21:42:33, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 80, data_len 28, ss_len 4 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 80 at offset 0 [2009/06/25 21:42:33, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 returned 56 bytes. samr_QueryDomainInfo: struct samr_QueryDomainInfo out: struct samr_QueryDomainInfo info : * info : * info : union samr_DomainInfo(case 8) info8: struct samr_DomInfo8 sequence_num : 0x000000004a43d329 (1245958953) domain_create_time : NTTIME(0) result : NT_STATUS_OK [2009/06/25 21:42:33, 10] winbindd/winbindd_rpc.c:sequence_number(1030) domain_sequence_number: for domain MUC is 1245958953 [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:store_cache_seqnum(455) store_cache_seqnum: success [MUC][1245958953 @ 1245958953] [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:refresh_sequence_number(536) refresh_sequence_number: MUC seq number is now 1245958953 [2009/06/25 21:42:33, 10] winbindd/winbindd_cache.c:trusted_domains(2309) trusted_domains: [Cached] - doing backend query for info for domain MUC [2009/06/25 21:42:33, 3] winbindd/winbindd_rpc.c:trusted_domains(1057) rpc: trusted_domains [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,104) [2009/06/25 21:42:33, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,104) wrote 104 [2009/06/25 21:42:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=22 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=12800 (0x3200) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host GENOME, pipe \lsarpc, fnum 0x7032 auth_type 3, auth_level 6 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1133) create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1156) create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: [2009/06/25 21:42:33, 5] lib/util.c:dump_data(2233) [000] 60 4A 06 06 2B 06 01 05 05 02 A0 40 30 3E A0 0E `J..+... ...@0>.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2C 0...+... ..7...., [020] 04 2A 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 .*NTLMSS P.....5. [030] 08 60 03 00 03 00 20 00 00 00 07 00 07 00 23 00 .`.... . ......#. [040] 00 00 4D 55 43 4E 55 43 4C 45 55 53 ..MUCNUC LEUS [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 004c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/06/25 21:42:33, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/06/25 21:42:33, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/06/25 21:42:33, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/06/25 21:42:33, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 [2009/06/25 21:42:33, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:33, 5] lib/util.c:show_msg(655) size=238 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 156 (0x9C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28722 (0x7032) smb_bcc=171 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 9C 00 4C 00 0C 00 00 00 B8 ........ .L...... [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 4A 06 06 2B 06 01 05 05 02 A0 40 30 3E A0 0E 30 J..+.... ..@0>..0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2C 04 ...+.... .7....,. [080] 2A 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 *NTLMSSP .....5.. [090] 60 03 00 03 00 20 00 00 00 07 00 07 00 23 00 00 `.... .. .....#.. [0A0] 00 4D 55 43 4E 55 43 4C 45 55 53 .MUCNUCL EUS [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,242) [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,242) wrote 242 [2009/06/25 21:42:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 309 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=309 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 253 (0xFD) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=254 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 FD 00 B1 00 0C 00 00 ........ ........ [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 AE `....... ........ [050] 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 95 04 81 92 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 06 00 06 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 78 E5 41 85 39 5A 49 0E 00 00 00 00 5..`x.A. 9ZI..... [090] 00 00 00 00 5C 00 5C 00 36 00 00 00 4D 00 55 00 ....\.\. 6...M.U. [0A0] 43 00 02 00 06 00 4D 00 55 00 43 00 01 00 0C 00 C.....M. U.C..... [0B0] 47 00 45 00 4E 00 4F 00 4D 00 45 00 04 00 14 00 G.E.N.O. M.E..... [0C0] 6D 00 72 00 2E 00 6C 00 66 00 6D 00 67 00 2E 00 m.r...l. f.m.g... [0D0] 64 00 65 00 03 00 22 00 67 00 65 00 6E 00 6F 00 d.e...". g.e.n.o. [0E0] 6D 00 65 00 2E 00 6D 00 72 00 2E 00 6C 00 66 00 m.e...m. r...l.f. [0F0] 6D 00 67 00 2E 00 64 00 65 00 00 00 00 00 m.g...d. e..... [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=309 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 253 (0xFD) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 253 (0xFD) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=254 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 FD 00 B1 00 0C 00 00 ........ ........ [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 AE `....... ........ [050] 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 95 04 81 92 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 06 00 06 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 78 E5 41 85 39 5A 49 0E 00 00 00 00 5..`x.A. 9ZI..... [090] 00 00 00 00 5C 00 5C 00 36 00 00 00 4D 00 55 00 ....\.\. 6...M.U. [0A0] 43 00 02 00 06 00 4D 00 55 00 43 00 01 00 0C 00 C.....M. U.C..... [0B0] 47 00 45 00 4E 00 4F 00 4D 00 45 00 04 00 14 00 G.E.N.O. M.E..... [0C0] 6D 00 72 00 2E 00 6C 00 66 00 6D 00 67 00 2E 00 m.r...l. f.m.g... [0D0] 64 00 65 00 03 00 22 00 67 00 65 00 6E 00 6F 00 d.e...". g.e.n.o. [0E0] 6D 00 65 00 2E 00 6D 00 72 00 2E 00 6C 00 66 00 m.e...m. r...l.f. [0F0] 6D 00 67 00 2E 00 64 00 65 00 00 00 00 00 m.g...d. e..... [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00fd [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b1 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 253 at offset 0 [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 returned 253 bytes. [2009/06/25 21:42:34, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host GENOME, pipe \lsarpc, fnum 0x7032 bind request returned ok. [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00fd [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b1 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 000053f0 [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000d [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsarpc. [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 000027 smb_io_rpc_results [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/06/25 21:42:34, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/06/25 21:42:34, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 auth_pad_len : 08 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0048 auth_context_id: 00000001 [2009/06/25 21:42:34, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) Got challenge flags: [2009/06/25 21:42:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:34, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) NTLMSSP: Set final flags: [2009/06/25 21:42:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:34, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1123) NTLMSSP challenge set by NTLM2 [2009/06/25 21:42:34, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1124) challenge is: [2009/06/25 21:42:34, 5] lib/util.c:dump_data(2233) [000] 81 12 40 7B 96 7A 9C 38 ..@{.z.8 [2009/06/25 21:42:34, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/06/25 21:42:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0100 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b0 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/06/25 21:42:34, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/06/25 21:42:34, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/06/25 21:42:34, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/06/25 21:42:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=338 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 256 (0x100) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 256 (0x100) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28722 (0x7032) smb_bcc=271 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 00 01 B0 00 0C 00 00 00 B8 ........ ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ [060] 81 AD 30 81 AA A2 81 A7 04 81 A4 4E 54 4C 4D 53 ..0..... ...NTLMS [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... [080] 00 18 00 58 00 00 00 06 00 06 00 70 00 00 00 10 ...X.... ...p.... [090] 00 10 00 76 00 00 00 0E 00 0E 00 86 00 00 00 10 ...v.... ........ [0A0] 00 10 00 94 00 00 00 35 82 08 60 0D DA 4A 8A 98 .......5 ..`..J.. [0B0] 19 08 BF 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 04 AD F5 68 6D D8 63 F1 AC 3B 54 39 49 ......hm .c..;T9I [0D0] E3 C1 3E BA 52 32 26 30 ED BC A9 4D 00 55 00 43 ..>.R2&0 ...M.U.C [0E0] 00 4E 00 55 00 43 00 4C 00 45 00 55 00 53 00 24 .N.U.C.L .E.U.S.$ [0F0] 00 4E 00 55 00 43 00 4C 00 45 00 55 00 53 00 80 .N.U.C.L .E.U.S.. [100] CA C0 09 81 95 69 84 4C B1 7B BE 84 BF F0 15 .....i.L .{..... [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,342) [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,342) wrote 342 [2009/06/25 21:42:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 143 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0C 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0C 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 ...0.... ......+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 87 at offset 0 [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 returned 87 bytes. [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 08 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/06/25 21:42:34, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2179) rpc_finish_spnego_ntlmssp_bind: alter context request to host GENOME, pipe \lsarpc, fnum 0x7032. [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(3058) cli_rpc_pipe_open_ntlmssp_internal: opened pipe \lsarpc to machine GENOME and bound NTLMSSP as user MUC\NUCLEUS$. [2009/06/25 21:42:34, 10] winbindd/winbindd_cm.c:cm_connect_lsa(2197) cm_connect_lsa: connected to LSA pipe for domain MUC using NTLMSSP authenticated pipe: user MUC\NUCLEUS$ [2009/06/25 21:42:34, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2009/06/25 21:42:34, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0006 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2009/06/25 21:42:34, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/06/25 21:42:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28722 (0x7032) smb_bcc=111 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 10 00 0D 00 00 00 2C .......` ......., [020] 00 00 00 00 00 06 00 E9 40 84 60 68 A4 65 69 3F ........ @.`h.ei? [030] D1 6C 7C B7 8C 83 2D E6 F2 96 4E B0 F4 A4 6F E5 .l|...-. ..N...o. [040] 23 33 36 16 D1 08 77 2E 62 3D 79 86 2B 39 DD DC #36...w. b=y.+9.. [050] D9 49 B5 DD 34 90 39 09 06 04 00 01 00 00 00 01 .I..4.9. ........ [060] 00 00 00 9C 03 95 84 C1 07 61 5E 00 00 00 00 ........ .a^.... [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,182) [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,182) wrote 182 [2009/06/25 21:42:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0D 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 C6 81 EB 2B 36 64 0F ........ ....+6d. [020] C6 78 47 0D FB 66 82 78 6A DC 9A 4C DC 9E B0 DC .xG..f.x j..L.... [030] 03 09 06 00 00 01 00 00 00 01 00 00 00 33 BF 65 ........ .....3.e [040] 83 FB DA 3D EC 00 00 00 00 ...=.... . [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0D 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 C6 81 EB 2B 36 64 0F ........ ....+6d. [020] C6 78 47 0D FB 66 82 78 6A DC 9A 4C DC 9E B0 DC .xG..f.x j..L.... [030] 03 09 06 00 00 01 00 00 00 01 00 00 00 33 BF 65 ........ .....3.e [040] 83 FB DA 3D EC 00 00 00 00 ...=.... . [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/06/25 21:42:34, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/06/25 21:42:34, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 72, data_len 24, ss_len 0 [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 72 at offset 0 [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 returned 48 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-434a-2ad306430000 result : NT_STATUS_OK lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-434a-2ad306430000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000d [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/06/25 21:42:34, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/06/25 21:42:34, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=26 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28722 (0x7032) smb_bcc=95 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 10 00 0E 00 00 00 1C .......P ........ [020] 00 00 00 00 00 0D 00 A4 99 6B D0 18 53 24 B1 51 ........ .k..S$.Q [030] 8F 4A 61 14 3A 9D 25 EE 0A B2 E4 10 99 1F 42 F2 .Ja.:.%. ......B. [040] 3A 06 AC 22 BA F8 2E 09 06 04 00 01 00 00 00 01 :..".... ........ [050] 00 00 00 7E 2C 78 5B 91 A4 15 E0 01 00 00 00 ...~,x[. ....... [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,166) [2009/06/25 21:42:34, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,166) wrote 166 [2009/06/25 21:42:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=26 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0E 00 00 ........ .H...... [010] 00 14 00 00 00 00 00 00 00 CE F2 30 FE BF E9 6A ........ ...0...j [020] 3D A5 27 A9 43 8A 8B BA B0 C8 06 20 E4 38 BD 46 =.'.C... ... .8.F [030] EA 09 06 04 00 01 00 00 00 01 00 00 00 36 42 CE ........ .....6B. [040] 52 E1 A3 DA D0 01 00 00 00 R....... . [2009/06/25 21:42:34, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:34, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=26 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/06/25 21:42:34, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0E 00 00 ........ .H...... [010] 00 14 00 00 00 00 00 00 00 CE F2 30 FE BF E9 6A ........ ...0...j [020] 3D A5 27 A9 43 8A 8B BA B0 C8 06 20 E4 38 BD 46 =.'.C... ... .8.F [030] EA 09 06 04 00 01 00 00 00 01 00 00 00 36 42 CE ........ .....6B. [040] 52 E1 A3 DA D0 01 00 00 00 R....... . [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/06/25 21:42:34, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/06/25 21:42:34, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/06/25 21:42:34, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 72, data_len 20, ss_len 4 [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 72 at offset 0 [2009/06/25 21:42:34, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \lsarpc, fnum 0x7032 returned 40 bytes. lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0xffffffff (4294967295) domains : * domains: struct lsa_DomainList count : 0x00000000 (0) domains : * domains: ARRAY(0) result : NT_STATUS_NO_MORE_ENTRIES [2009/06/25 21:42:34, 10] winbindd/winbindd_cache.c:cache_store_response(2626) Storing response for pid 32039, len 3496 [2009/06/25 21:42:34, 10] lib/events.c:get_timed_events_timeout(277) timed_events_timeout: 61264/575707 [2009/06/25 21:42:35, 4] winbindd/winbindd_dual.c:fork_domain_child(1439) child daemon request 18 [2009/06/25 21:42:35, 10] winbindd/winbindd_dual.c:child_process_request(452) child_process_request: request fn LIST_GROUPS [2009/06/25 21:42:35, 10] winbindd/winbindd_cache.c:refresh_sequence_number(491) refresh_sequence_number: MUC time ok [2009/06/25 21:42:35, 10] winbindd/winbindd_cache.c:refresh_sequence_number(536) refresh_sequence_number: MUC seq number is now 1245958953 [2009/06/25 21:42:35, 10] winbindd/winbindd_cache.c:enum_dom_groups(1496) enum_dom_groups: [Cached] - doing backend query for list for domain MUC [2009/06/25 21:42:35, 3] winbindd/winbindd_rpc.c:enum_dom_groups(141) rpc: enum_dom_groups samr_EnumDomainGroups: struct samr_EnumDomainGroups in: struct samr_EnumDomainGroups domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-434a-29d306430000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0x0000ffff (65535) [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000001c [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000b [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/06/25 21:42:35, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/06/25 21:42:35, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 [2009/06/25 21:42:35, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:35, 5] lib/util.c:show_msg(655) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=27 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28721 (0x7031) smb_bcc=95 [2009/06/25 21:42:35, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 10 00 0F 00 00 00 1C .......P ........ [020] 00 00 00 00 00 0B 00 1D B7 C2 F6 F5 92 5B BA A6 ........ .....[.. [030] 9B 30 A0 05 96 FB B0 E9 93 66 D3 98 BD 34 9E 16 .0...... .f...4.. [040] B9 33 C2 D9 68 1B 79 09 06 04 00 01 00 00 00 01 .3..h.y. ........ [050] 00 00 00 2F B3 CD A2 3D BA 19 8C 03 00 00 00 .../...= ....... [2009/06/25 21:42:35, 6] libsmb/clientgen.c:write_socket(236) write_socket(17,166) [2009/06/25 21:42:35, 6] libsmb/clientgen.c:write_socket(239) write_socket(17,166) wrote 166 [2009/06/25 21:42:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 120 [2009/06/25 21:42:35, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:35, 5] lib/util.c:show_msg(655) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 64 (0x40) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=65 [2009/06/25 21:42:35, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 40 00 10 00 0F 00 00 ........ .@...... [010] 00 10 00 00 00 00 00 00 00 0F C4 47 E4 1C 72 5E ........ ...G..r^ [020] E0 D3 E1 61 74 7B B1 EA 31 09 06 00 00 01 00 00 ...at{.. 1....... [030] 00 01 00 00 00 A8 F5 10 92 A3 7E 72 DC 03 00 00 ........ ..~r.... [040] 00 . [2009/06/25 21:42:35, 5] lib/util.c:show_msg(645) [2009/06/25 21:42:35, 5] lib/util.c:show_msg(655) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=32039 smb_uid=100 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 64 (0x40) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=65 [2009/06/25 21:42:35, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 40 00 10 00 0F 00 00 ........ .@...... [010] 00 10 00 00 00 00 00 00 00 0F C4 47 E4 1C 72 5E ........ ...G..r^ [020] E0 D3 E1 61 74 7B B1 EA 31 09 06 00 00 01 00 00 ...at{.. 1....... [030] 00 01 00 00 00 A8 F5 10 92 A3 7E 72 DC 03 00 00 ........ ..~r.... [040] 00 . [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0040 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_debug(88) 000028 smb_io_rpc_hdr_auth hdr_auth [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 auth_type : 09 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 auth_level : 06 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002a auth_pad_len : 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002b auth_reserved: 00 [2009/06/25 21:42:35, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c auth_context_id: 00000001 [2009/06/25 21:42:35, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/06/25 21:42:35, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/06/25 21:42:35, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 64, data_len 16, ss_len 0 [2009/06/25 21:42:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 64 at offset 0 [2009/06/25 21:42:35, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host GENOME, pipe \samr, fnum 0x7031 returned 32 bytes. samr_EnumDomainGroups: struct samr_EnumDomainGroups out: struct samr_EnumDomainGroups resume_handle : * resume_handle : 0x00000000 (0) sam : * sam : NULL num_entries : * num_entries : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2009/06/25 21:42:35, 10] winbindd/winbindd_cache.c:refresh_sequence_number(491) refresh_sequence_number: MUC time ok [2009/06/25 21:42:35, 10] winbindd/winbindd_cache.c:refresh_sequence_number(536) refresh_sequence_number: MUC seq number is now 1245958953 [2009/06/25 21:42:35, 10] winbindd/winbindd_cache.c:cache_store_response(2626) Storing response for pid 32039, len 3496 [2009/06/25 21:42:35, 10] lib/events.c:get_timed_events_timeout(277) timed_events_timeout: 61263/211766