The Samba-Bugzilla – Attachment 5006 Details for
Bug 6563
ntlm_auth returns invalid NT_KEY
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
winbind 3.3.2 failue log
winbind-3.3.2-failure-log.txt (text/plain), 411.56 KB, created by
Rajesh Kumar G
on 2009-11-25 07:19:40 UTC
(
hide
)
Description:
winbind 3.3.2 failue log
Filename:
MIME Type:
Creator:
Rajesh Kumar G
Created:
2009-11-25 07:19:40 UTC
Size:
411.56 KB
patch
obsolete
>winbindd version 3.3.2-1.33 started. >Copyright Andrew Tridgell and the Samba Team 1992-2009 >lp_load_ex: refreshing parameters >Initialising global parameters >params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >Processing section "[global]" >doing parameter realm = CHILD03.EIGHTAD6.TESTING.COM >doing parameter workgroup = CHILD03 >doing parameter server string = Samba Server Version %v >doing parameter log file = /var/log/samba/log.%m >doing parameter max log size = 50 >doing parameter security = ads >doing parameter passdb backend = tdbsam >doing parameter client ntlmv2 auth = yes >doing parameter load printers = yes >doing parameter cups options = raw >pm_process() returned Yes >lp_servicenumber: couldn't find homes >set_server_role: role = ROLE_DOMAIN_MEMBER >Attempting to register new charset UCS-2LE >Registered charset UCS-2LE >Attempting to register new charset UTF-16LE >Registered charset UTF-16LE >Attempting to register new charset UCS-2BE >Registered charset UCS-2BE >Attempting to register new charset UTF-16BE >Registered charset UTF-16BE >Attempting to register new charset UTF8 >Registered charset UTF8 >Attempting to register new charset UTF-8 >Registered charset UTF-8 >Attempting to register new charset ASCII >Registered charset ASCII >Attempting to register new charset 646 >Registered charset 646 >Attempting to register new charset ISO-8859-1 >Registered charset ISO-8859-1 >Attempting to register new charset UCS2-HEX >Registered charset UCS2-HEX >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >lp_load_ex: refreshing parameters >Initialising global parameters >params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >Processing section "[global]" >doing parameter realm = CHILD03.EIGHTAD6.TESTING.COM >doing parameter workgroup = CHILD03 >doing parameter server string = Samba Server Version %v >doing parameter log file = /var/log/samba/log.%m >doing parameter max log size = 50 >doing parameter security = ads >doing parameter passdb backend = tdbsam >doing parameter client ntlmv2 auth = yes >doing parameter load printers = yes >doing parameter cups options = raw >Processing section "[homes]" >add_a_service: Creating snum = 0 for homes >hash_a_service: creating servicehash >hash_a_service: hashing index 0 for service name homes >doing parameter comment = Home Directories >doing parameter browseable = no >doing parameter writable = yes >Processing section "[printers]" >add_a_service: Creating snum = 1 for printers >hash_a_service: hashing index 1 for service name printers >doing parameter comment = All Printers >doing parameter path = /var/spool/samba >doing parameter browseable = no >doing parameter guest ok = no >doing parameter writable = no >doing parameter printable = yes >pm_process() returned Yes >add_a_service: Creating snum = 2 for IPC$ >hash_a_service: hashing index 2 for service name IPC$ >adding IPC service >set_server_role: role = ROLE_DOMAIN_MEMBER >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >added interface eth0 ip=fe80::230:48ff:fe57:b116%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >added interface eth1 ip=fe80::230:48ff:fe57:b117%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: >added interface eth1 ip=192.168.12.81 bcast=192.168.12.255 netmask=255.255.255.0 >added interface eth0 ip=192.168.152.81 bcast=192.168.152.255 netmask=255.255.255.0 >Netbios name list:- >my_netbios_names[0]="ALTAIR" >added interface eth0 ip=fe80::230:48ff:fe57:b116%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >added interface eth1 ip=fe80::230:48ff:fe57:b117%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: >added interface eth1 ip=192.168.12.81 bcast=192.168.12.255 netmask=255.255.255.0 >added interface eth0 ip=192.168.152.81 bcast=192.168.152.255 netmask=255.255.255.0 >Opening cache file at /var/lib/samba/gencache.tdb >namecache_enable: enabling netbios namecache, timeout 660 seconds >fcntl_lock fd=7 op=6 offset=0 count=1 type=1 >fcntl_lock: Lock call successful >TimeInit: Serverzone is -19800 >initialize_winbindd_cache: clearing cache and re-creating with version number 1 >claiming [] >Locking key 79260000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 >Allocated locked data 0x0x2ab26bad4ce0 >Unlocking key 79260000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 >Overriding messaging pointer for type 1 - private_data=(nil) >wcache_tdc_add_domain: Adding domain BUILTIN (), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 1 trusted domains >pack_tdc_domains: Packing domain BUILTIN () >idmap config BUILTIN : range = not defined >Added domain BUILTIN S-1-5-32 >wcache_tdc_add_domain: Adding domain ALTAIR (), SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attributes = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >pack_tdc_domains: Packing 2 trusted domains >pack_tdc_domains: Packing domain BUILTIN () >pack_tdc_domains: Packing domain ALTAIR () >idmap config ALTAIR : range = not defined >Added domain ALTAIR S-1-5-21-981045367-1446913133-3103150389 >wcache_tdc_add_domain: Adding domain CHILD03 (CHILD03.EIGHTAD6.TESTING.COM), SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x0, attributes = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >pack_tdc_domains: Packing 3 trusted domains >pack_tdc_domains: Packing domain BUILTIN () >pack_tdc_domains: Packing domain ALTAIR () >pack_tdc_domains: Packing domain CHILD03 (CHILD03.EIGHTAD6.TESTING.COM) >idmap config CHILD03 : range = not defined >Added domain CHILD03 CHILD03.EIGHTAD6.TESTING.COM S-1-5-21-1527705246-3463401961-2594329352 >set_domain_online_request: called for domain CHILD03 >set_domain_online_request: domain CHILD03 was globally offline. >Added timed event "check_domain_online_handler": 2ab26bad70a0 >open_winbindd_socket: opened socket fd 11 >open_winbindd_priv_socket: opened socket fd 12 >Sending request to child pid 0 (domain=CHILD03) >fork_domain_child called for domain 'CHILD03' >Child process 9850 >Deregistering messaging pointer for type 769 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >timed_events_timeout: 4/999019 >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Added timed event "async_request_timeout_handler": 2ab26ba8e520 >timed_events_timeout: 4/998782 >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Destroying timed event 2ab26bad70a0 "check_domain_online_handler" >set_domain_online_request: called for domain CHILD03 >set_domain_online_request: domain CHILD03 was globally offline. >Added timed event "check_domain_online_handler": 2ab26bad6040 >machine password still valid until: Wed, 02 Dec 2009 18:29:39 IST >Added timed event "machine_password_change_handler": 2ab26bad4ce0 >timed_events_timeout: 4/999651 >select will use timeout of 4.999651 seconds >child daemon request 48 >child_process_request: request fn INIT_CONNECTION >connection_ok: Connection to for domain CHILD03 has NULL cli! >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "CHILD03" domain >Cache entry with key = NEG_CONN_CACHE/CHILD03,norma.child03.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain CHILD03 server norma.child03.eightad6.testing.com >cm_open_connection: saf_servername is 'norma.child03.eightad6.testing.com' for domain CHILD03 >cm_open_connection: dcname is 'norma.child03.eightad6.testing.com' for domain CHILD03 >Cache entry with key = NEG_CONN_CACHE/CHILD03,norma.child03.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain CHILD03 server norma.child03.eightad6.testing.com >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning expired cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:31:20 2009 >no entry for norma.child03.eightad6.testing.com#20 found. >resolve_lmhosts: Attempting lmhosts lookup for name norma.child03.eightad6.testing.com<0x20> >getlmhostsent: lmhost entry: 127.0.0.1 localhost >resolve_wins: Attempting wins lookup for name norma.child03.eightad6.testing.com<0x20> >resolve_wins: WINS server resolution selected and no WINS servers listed. >resolve_hosts: Attempting host lookup for name norma.child03.eightad6.testing.com<0x20> >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 1 address for norma.child03.eightad6.testing.com#20: 192.168.12.172 >Adding cache entry with key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20; value = 192.168.12.172:0 and timeout = Wed Nov 25 18:42:25 2009 > (660 seconds ahead) >internal_resolve_name: returning 1 addresses: 192.168.12.172:0 >cm_prepare_connection: connecting to DC norma.child03.eightad6.testing.com for domain CHILD03 >write_socket(16,194) >write_socket(16,194) wrote 194 >got smb length of 192 >size=192 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9850 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=27264 (0x6A80) >smb_vwv[12]=54963 (0xD6B3) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=123 >[000] ED A7 B6 66 44 4A 8A 42 B4 A2 4E A1 30 18 17 60 ...fDJ.B ..N.0..` >[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 6D 61 24 40 43 .)0'.%.# norma$@C >[060] 48 49 4C 44 30 33 2E 45 49 47 48 54 41 44 36 2E HILD03.E IGHTAD6. >[070] 54 45 53 54 49 4E 47 2E 43 4F 4D TESTING. COM >size=192 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9850 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=27264 (0x6A80) >smb_vwv[12]=54963 (0xD6B3) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=123 >[000] ED A7 B6 66 44 4A 8A 42 B4 A2 4E A1 30 18 17 60 ...fDJ.B ..N.0..` >[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 6D 61 24 40 43 .)0'.%.# norma$@C >[060] 48 49 4C 44 30 33 2E 45 49 47 48 54 41 44 36 2E HILD03.E IGHTAD6. >[070] 54 45 53 54 49 4E 47 2E 43 4F 4D TESTING. COM >connecting to norma.child03.eightad6.testing.com from ALTAIR with kerberos principal [ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM] and realm [CHILD03.EIGHTAD6.TESTING.COM] >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Doing spnego session setup (blob length=123) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=norma$@CHILD03.EIGHTAD6.TESTING.COM >kerberos_kinit_password: as ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM using [MEMORY:cliconnect] as ccache and config [(null)] >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Doing kerberos session setup >ads_krb5_mk_req: Advancing clock by 3 seconds to cope with clock skew >ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 26 Nov 2009 04:31:28 IST >ads_krb5_mk_req: Ticket (norma$@CHILD03.EIGHTAD6.TESTING.COM) in ccache (MEMORY:cliconnect) is valid until: (Thu, 26 Nov 2009 04:31:28 IST - 1259190088) >ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >Got KRB5 session key of length 16 >cli_session_setup_blob: Remaining (0) sending (2550) current (2550) >write_socket(16,2636) >write_socket(16,2636) wrote 2636 >got smb length of 197 >size=197 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9850 >smb_uid=10242 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 197 (0xC5) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=154 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 ED 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e >[050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a >[060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n >[070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >size=197 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9850 >smb_uid=10242 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 197 (0xC5) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=154 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 ED 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e >[050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a >[060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n >[070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >Mandatory SMB signing enabled! >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 10 65 20 28 A6 F2 C5 B1 86 2B B0 A6 9E 70 D2 D9 .e (.... .+...p.. >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 74 B6 4F C5 AE C9 43 3C t.O...C< >store_sequence_for_reply: stored seq = 1 mid = 2 >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 58 09 F5 9A 5E D7 7C 11 X...^.|. >cli_init_creds: user ALTAIR$ domain CHILD03 >saf_store: domain = [CHILD03], server = [norma.child03.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/CHILD03; value = norma.child03.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >saf_store: domain = [CHILD03.EIGHTAD6.TESTING.COM], server = [norma.child03.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = norma.child03.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 01 6E 62 4D 40 3F 9B BF .nbM@?.. >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 56 >size=56 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=3 >smt_wct=7 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 511 (0x1FF) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 511 (0x1FF) >smb_vwv[ 6]= 0 (0x0) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 3C A6 BB 34 CF 02 96 5F <..4..._ >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >set_global_winbindd_state_online: online requested. >set_global_winbindd_state_online: rejecting. >set_domain_online: called for domain CHILD03 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Destroying timed event 2ab26bad6040 "check_domain_online_handler" >set_dc_type_and_flags: setting up flags for primary domain >set_dc_type_and_flags_connect: domain CHILD03 >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 94 AE CF B7 FD 4C 09 90 .....L.. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] EC F9 F2 19 76 28 7E D9 ....v(~. >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] 9D D3 AA 4B 39 FD 9A 9A ...K9... >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(16,158) >write_socket(16,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... >[010] 00 B8 10 B8 10 99 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 7 mid = 5 >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] F8 8C AD F1 2D 63 46 BB ....-cF. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... >[010] 00 B8 10 B8 10 99 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 7 mid = 5 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c returned 68 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00007099 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine norma.child03.eightad6.testing.com and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000002 > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32780 (0x800C) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ >[020] 00 00 00 00 00 00 00 01 00 ........ . >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] D8 B1 4C 71 6E 01 36 90 ..Lqn.6. >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(16,112) >write_socket(16,112) wrote 112 >got smb length of 284 >size=284 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 228 (0xE4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 228 (0xE4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=229 >[000] 1A 05 00 02 03 10 00 00 00 E4 00 00 00 02 00 00 ........ ........ >[010] 00 CC 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ >[030] 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 42 87 55 7B ........ ....B.U{ >[040] C9 B4 D4 8A F3 08 00 00 00 00 00 00 00 08 00 00 ........ ........ >[050] 00 43 00 48 00 49 00 4C 00 44 00 30 00 33 00 00 .C.H.I.L .D.0.3.. >[060] 00 1D 00 00 00 00 00 00 00 1D 00 00 00 63 00 68 ........ .....c.h >[070] 00 69 00 6C 00 64 00 30 00 33 00 2E 00 65 00 69 .i.l.d.0 .3...e.i >[080] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[090] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[0A0] 00 6F 00 6D 00 00 00 63 00 15 00 00 00 00 00 00 .o.m...c ........ >[0B0] 00 15 00 00 00 65 00 69 00 67 00 68 00 74 00 61 .....e.i .g.h.t.a >[0C0] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0D0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 00 6E .n.g...c .o.m...n >[0E0] 00 00 00 00 00 ..... >get_sequence_for_reply: found seq = 9 mid = 6 >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 03 66 E6 18 25 E8 36 73 .f..%.6s >size=284 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 228 (0xE4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 228 (0xE4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=229 >[000] 1A 05 00 02 03 10 00 00 00 E4 00 00 00 02 00 00 ........ ........ >[010] 00 CC 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ >[030] 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 42 87 55 7B ........ ....B.U{ >[040] C9 B4 D4 8A F3 08 00 00 00 00 00 00 00 08 00 00 ........ ........ >[050] 00 43 00 48 00 49 00 4C 00 44 00 30 00 33 00 00 .C.H.I.L .D.0.3.. >[060] 00 1D 00 00 00 00 00 00 00 1D 00 00 00 63 00 68 ........ .....c.h >[070] 00 69 00 6C 00 64 00 30 00 33 00 2E 00 65 00 69 .i.l.d.0 .3...e.i >[080] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[090] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[0A0] 00 6F 00 6D 00 00 00 63 00 15 00 00 00 00 00 00 .o.m...c ........ >[0B0] 00 15 00 00 00 65 00 69 00 67 00 68 00 74 00 61 .....e.i .g.h.t.a >[0C0] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0D0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 00 6E .n.g...c .o.m...n >[0E0] 00 00 00 00 00 ..... >get_sequence_for_reply: found seq = 9 mid = 6 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00e4 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000cc > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 228, data_len 204, ss_len 0 >rpc_api_pipe: got PDU len of 228 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c returned 408 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000001 (16777217) > 1: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'CHILD03' > dns_domain : * > dns_domain : 'child03.eightad6.testing.com' > forest : * > forest : 'eightad6.testing.com' > domain_guid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > result : WERR_OK >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] A9 8B 56 6A 2E 07 C9 FC ..Vj.... >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=7 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 11 mid = 7 >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] 67 C2 9B A3 2F 7C 4B E5 g.../|K. >rpc_pipe_destructor: closed host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800c >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] B9 94 84 05 57 45 6E CA ....WEn. >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3328 (0xD00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] C5 8F 31 D6 C7 9A D2 B2 ..1..... >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32781 (0x800D) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] 29 A4 84 A2 69 DF 05 0C )...i... >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(16,158) >write_socket(16,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9A 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 15 mid = 9 >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 5D 79 A4 9B 6C 3E 23 A8 ]y..l>#. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9A 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 15 mid = 9 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d returned 68 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0000709a > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine norma.child03.eightad6.testing.com and bound anonymously. >init_lsa_sec_qos >init_lsa_obj_attr > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\NORMA.CHILD03.EIGHTAD6.TESTING.COM' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0098 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000080 > 0014 context_id: 0000 > 0016 opnum : 002c >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d >size=234 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 152 (0x98) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 152 (0x98) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32781 (0x800D) >smb_bcc=167 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 98 00 00 00 04 00 00 00 80 ........ ........ >[020] 00 00 00 00 00 2C 00 00 00 02 00 25 00 00 00 00 .....,.. ...%.... >[030] 00 00 00 25 00 00 00 5C 00 5C 00 4E 00 4F 00 52 ...%...\ .\.N.O.R >[040] 00 4D 00 41 00 2E 00 43 00 48 00 49 00 4C 00 44 .M.A...C .H.I.L.D >[050] 00 30 00 33 00 2E 00 45 00 49 00 47 00 48 00 54 .0.3...E .I.G.H.T >[060] 00 41 00 44 00 36 00 2E 00 54 00 45 00 53 00 54 .A.D.6.. .T.E.S.T >[070] 00 49 00 4E 00 47 00 2E 00 43 00 4F 00 4D 00 00 .I.N.G.. .C.O.M.. >[080] 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[090] 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 ........ ........ >[0A0] 00 01 00 00 00 00 02 ....... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] 5C 42 C2 ED FD A5 AF FF \B...... >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(16,238) >write_socket(16,238) wrote 238 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 98 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 DB B7 8E ........ ........ >[020] CF 25 ED 16 4D 9A D1 80 15 10 B0 9C 36 00 00 00 .%..M... ....6... >[030] 00 . >get_sequence_for_reply: found seq = 17 mid = 10 >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] D1 57 6C 66 68 8A D9 92 .Wlfh... >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 98 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 DB B7 8E ........ ........ >[020] CF 25 ED 16 4D 9A D1 80 15 10 B0 9C 36 00 00 00 .%..M... ....6... >[030] 00 . >get_sequence_for_reply: found seq = 17 mid = 10 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got PDU len of 48 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d returned 48 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : cf8eb7db-ed25-4d16-9ad1-801510b09c36 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : cf8eb7db-ed25-4d16-9ad1-801510b09c36 > level : LSA_POLICY_INFO_DNS (12) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000016 > 0014 context_id: 0000 > 0016 opnum : 002e >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32781 (0x800D) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ >[020] 00 00 00 00 00 2E 00 00 00 00 00 DB B7 8E CF 25 ........ .......% >[030] ED 16 4D 9A D1 80 15 10 B0 9C 36 0C 00 ..M..... ..6.. >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] 5C 13 DA 96 6C CF 84 91 \...l... >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(16,132) >write_socket(16,132) wrote 132 >got smb length of 312 >size=312 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 256 (0x100) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=257 >[000] 2E 05 00 02 03 10 00 00 00 00 01 00 00 05 00 00 ........ ........ >[010] 00 E8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ >[020] 00 0E 00 10 00 04 00 02 00 38 00 3A 00 08 00 02 ........ .8.:.... >[030] 00 28 00 2A 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 .(.*.... ........ >[040] 42 87 55 7B C9 B4 D4 8A F3 10 00 02 00 08 00 00 B.U{.... ........ >[050] 00 00 00 00 00 07 00 00 00 43 00 48 00 49 00 4C ........ .C.H.I.L >[060] 00 44 00 30 00 33 00 23 B6 1D 00 00 00 00 00 00 .D.0.3.# ........ >[070] 00 1C 00 00 00 63 00 68 00 69 00 6C 00 64 00 30 .....c.h .i.l.d.0 >[080] 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 00 61 .3...e.i .g.h.t.a >[090] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0A0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 15 00 00 .n.g...c .o.m.... >[0B0] 00 00 00 00 00 14 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0C0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0D0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0E0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0F0] 00 9E EE 0E 5B E9 51 6F CE 08 53 A2 9A 00 00 00 ....[.Qo ..S..... >[100] 00 . >get_sequence_for_reply: found seq = 19 mid = 11 >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 9E 33 67 BE 88 7C F0 36 .3g..|.6 >size=312 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 256 (0x100) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=257 >[000] 2E 05 00 02 03 10 00 00 00 00 01 00 00 05 00 00 ........ ........ >[010] 00 E8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ >[020] 00 0E 00 10 00 04 00 02 00 38 00 3A 00 08 00 02 ........ .8.:.... >[030] 00 28 00 2A 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 .(.*.... ........ >[040] 42 87 55 7B C9 B4 D4 8A F3 10 00 02 00 08 00 00 B.U{.... ........ >[050] 00 00 00 00 00 07 00 00 00 43 00 48 00 49 00 4C ........ .C.H.I.L >[060] 00 44 00 30 00 33 00 23 B6 1D 00 00 00 00 00 00 .D.0.3.# ........ >[070] 00 1C 00 00 00 63 00 68 00 69 00 6C 00 64 00 30 .....c.h .i.l.d.0 >[080] 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 00 61 .3...e.i .g.h.t.a >[090] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0A0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 15 00 00 .n.g...c .o.m.... >[0B0] 00 00 00 00 00 14 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0C0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0D0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0E0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0F0] 00 9E EE 0E 5B E9 51 6F CE 08 53 A2 9A 00 00 00 ....[.Qo ..S..... >[100] 00 . >get_sequence_for_reply: found seq = 19 mid = 11 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0100 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000e8 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 256, data_len 232, ss_len 0 >rpc_api_pipe: got PDU len of 256 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d returned 464 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'CHILD03' > dns_domain: struct lsa_StringLarge > length : 0x0038 (56) > size : 0x003a (58) > string : * > string : 'child03.eightad6.testing.com' > dns_forest: struct lsa_StringLarge > length : 0x0028 (40) > size : 0x002a (42) > string : * > string : 'eightad6.testing.com' > domain_guid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > sid : * > sid : S-1-5-21-1527705246-3463401961-2594329352 > result : NT_STATUS_OK >set_dc_type_and_flags_connect: domain CHILD03 is in native mode. >set_dc_type_and_flags_connect: domain CHILD03 is running active directory. >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 0F 09 8F 3F 64 C8 31 D5 ...?d.1. >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] DC B3 C6 84 37 C8 1A 7C ....7..| >rpc_pipe_destructor: closed host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0x800d >Storing response for pid 9850, len 3496 >timed_events_timeout: 604693/600737 >select will use timeout of 604693.600737 seconds >Destroying timed event 2ab26ba8e520 "async_request_timeout_handler" >Retrieving response for pid 9850 >Received child initialization response for domain CHILD03 >connection_ok: Connection to for domain CHILD03 has NULL cli! >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "CHILD03" domain >Cache entry with key = NEG_CONN_CACHE/CHILD03,norma.child03.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain CHILD03 server norma.child03.eightad6.testing.com >cm_open_connection: saf_servername is 'norma.child03.eightad6.testing.com' for domain CHILD03 >cm_open_connection: dcname is 'norma.child03.eightad6.testing.com' for domain CHILD03 >Cache entry with key = NEG_CONN_CACHE/CHILD03,norma.child03.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain CHILD03 server norma.child03.eightad6.testing.com >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >cm_prepare_connection: connecting to DC norma.child03.eightad6.testing.com for domain CHILD03 >write_socket(16,194) >write_socket(16,194) wrote 194 >got smb length of 192 >size=192 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9849 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=47744 (0xBA80) >smb_vwv[12]=57398 (0xE036) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=123 >[000] ED A7 B6 66 44 4A 8A 42 B4 A2 4E A1 30 18 17 60 ...fDJ.B ..N.0..` >[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 6D 61 24 40 43 .)0'.%.# norma$@C >[060] 48 49 4C 44 30 33 2E 45 49 47 48 54 41 44 36 2E HILD03.E IGHTAD6. >[070] 54 45 53 54 49 4E 47 2E 43 4F 4D TESTING. COM >size=192 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9849 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 17 (0x11) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=47744 (0xBA80) >smb_vwv[12]=57398 (0xE036) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=123 >[000] ED A7 B6 66 44 4A 8A 42 B4 A2 4E A1 30 18 17 60 ...fDJ.B ..N.0..` >[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 6D 61 24 40 43 .)0'.%.# norma$@C >[060] 48 49 4C 44 30 33 2E 45 49 47 48 54 41 44 36 2E HILD03.E IGHTAD6. >[070] 54 45 53 54 49 4E 47 2E 43 4F 4D TESTING. COM >connecting to norma.child03.eightad6.testing.com from ALTAIR with kerberos principal [ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM] and realm [child03.eightad6.testing.com] >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Doing spnego session setup (blob length=123) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=norma$@CHILD03.EIGHTAD6.TESTING.COM >kerberos_kinit_password: as ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM using [MEMORY:cliconnect] as ccache and config [(null)] >Doing kerberos session setup >ads_krb5_mk_req: Advancing clock by 3 seconds to cope with clock skew >ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 26 Nov 2009 04:31:28 IST >ads_krb5_mk_req: Ticket (norma$@CHILD03.EIGHTAD6.TESTING.COM) in ccache (MEMORY:cliconnect) is valid until: (Thu, 26 Nov 2009 04:31:28 IST - 1259190088) >ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >Got KRB5 session key of length 16 >cli_session_setup_blob: Remaining (0) sending (2550) current (2550) >write_socket(16,2636) >write_socket(16,2636) wrote 2636 >got smb length of 197 >size=197 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9849 >smb_uid=10242 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 197 (0xC5) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=154 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e >[050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a >[060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n >[070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >size=197 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9849 >smb_uid=10242 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 197 (0xC5) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=154 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e >[050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a >[060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n >[070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r >[080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 >[090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. >Mandatory SMB signing enabled! >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 8C 37 3D 59 3A FD A4 77 99 1F BE AE 91 8B 14 36 .7=Y:..w .......6 >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 06 AB C8 A6 A8 AF 97 14 ........ >store_sequence_for_reply: stored seq = 1 mid = 2 >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 2A F8 E2 C4 E1 E0 F8 CE *....... >cli_init_creds: user ALTAIR$ domain CHILD03 >saf_store: domain = [CHILD03], server = [norma.child03.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/CHILD03; value = norma.child03.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >saf_store: domain = [child03.eightad6.testing.com], server = [norma.child03.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = norma.child03.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 7F C7 48 DF 28 B3 CA E3 ..H.(... >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(16,136) >write_socket(16,136) wrote 136 >got smb length of 56 >size=56 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=3 >smt_wct=7 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]= 511 (0x1FF) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 511 (0x1FF) >smb_vwv[ 6]= 0 (0x0) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 65 81 86 6C 15 5A EA 36 e..l.Z.6 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >set_global_winbindd_state_online: online requested. >set_global_winbindd_state_online: rejecting. >set_domain_online: called for domain CHILD03 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Destroying timed event 2ab26bad70a0 "check_domain_online_handler" >set_dc_type_and_flags: setting up flags for primary domain >set_dc_type_and_flags_connect: domain CHILD03 >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 41 31 EB 43 C4 43 06 E6 A1.C.C.. >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 448 (0x1C0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] C5 55 D5 F4 57 81 AE 8D .U..W... >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49156 (0xC004) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] 30 C9 96 4E 03 C8 6B 8E 0..N..k. >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(16,158) >write_socket(16,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9B 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 80 15 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 7 mid = 5 >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] 3B A4 B7 5B D9 B9 9B 4F ;..[...O >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9B 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 80 15 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 7 mid = 5 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 returned 68 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0000709b > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine norma.child03.eightad6.testing.com and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000002 > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49156 (0xC004) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ >[020] 00 00 00 00 00 00 00 01 00 ........ . >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 41 47 C7 74 FB 6F F6 D4 AG.t.o.. >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(16,112) >write_socket(16,112) wrote 112 >got smb length of 284 >size=284 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 228 (0xE4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 228 (0xE4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=229 >[000] 1A 05 00 02 03 10 00 00 00 E4 00 00 00 02 00 00 ........ ........ >[010] 00 CC 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ >[030] 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 42 87 55 7B ........ ....B.U{ >[040] C9 B4 D4 8A F3 08 00 00 00 00 00 00 00 08 00 00 ........ ........ >[050] 00 43 00 48 00 49 00 4C 00 44 00 30 00 33 00 00 .C.H.I.L .D.0.3.. >[060] 00 1D 00 00 00 00 00 00 00 1D 00 00 00 63 00 68 ........ .....c.h >[070] 00 69 00 6C 00 64 00 30 00 33 00 2E 00 65 00 69 .i.l.d.0 .3...e.i >[080] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[090] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[0A0] 00 6F 00 6D 00 00 00 63 00 15 00 00 00 00 00 00 .o.m...c ........ >[0B0] 00 15 00 00 00 65 00 69 00 67 00 68 00 74 00 61 .....e.i .g.h.t.a >[0C0] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0D0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 00 6E .n.g...c .o.m...n >[0E0] 00 00 00 00 00 ..... >get_sequence_for_reply: found seq = 9 mid = 6 >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 54 F0 BB E5 08 8E 2A C5 T.....*. >size=284 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 228 (0xE4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 228 (0xE4) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=229 >[000] 1A 05 00 02 03 10 00 00 00 E4 00 00 00 02 00 00 ........ ........ >[010] 00 CC 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ >[030] 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 42 87 55 7B ........ ....B.U{ >[040] C9 B4 D4 8A F3 08 00 00 00 00 00 00 00 08 00 00 ........ ........ >[050] 00 43 00 48 00 49 00 4C 00 44 00 30 00 33 00 00 .C.H.I.L .D.0.3.. >[060] 00 1D 00 00 00 00 00 00 00 1D 00 00 00 63 00 68 ........ .....c.h >[070] 00 69 00 6C 00 64 00 30 00 33 00 2E 00 65 00 69 .i.l.d.0 .3...e.i >[080] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[090] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[0A0] 00 6F 00 6D 00 00 00 63 00 15 00 00 00 00 00 00 .o.m...c ........ >[0B0] 00 15 00 00 00 65 00 69 00 67 00 68 00 74 00 61 .....e.i .g.h.t.a >[0C0] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0D0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 00 6E .n.g...c .o.m...n >[0E0] 00 00 00 00 00 ..... >get_sequence_for_reply: found seq = 9 mid = 6 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00e4 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000cc > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 228, data_len 204, ss_len 0 >rpc_api_pipe: got PDU len of 228 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 returned 408 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000001 (16777217) > 1: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'CHILD03' > dns_domain : * > dns_domain : 'child03.eightad6.testing.com' > forest : * > forest : 'eightad6.testing.com' > domain_guid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > result : WERR_OK >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] D0 7E 72 29 35 8C 6E 4F .~r)5.nO >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=7 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 11 mid = 7 >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] 12 8F 6C 98 34 BD 5E 66 ..l.4.^f >rpc_pipe_destructor: closed host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc004 >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 1E 95 71 28 37 A3 26 77 ..q(7.&w >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(16,104) >write_socket(16,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1280 (0x500) >smb_vwv[ 3]= 448 (0x1C0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] 6D 89 A8 67 3B 6F 34 D3 m..g;o4. >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49157 (0xC005) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] 03 71 CE 1B C1 08 C4 F4 .q...... >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(16,158) >write_socket(16,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9C 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 15 mid = 9 >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 85 6A 17 DE 44 D8 E0 0A .j..D... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9C 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 15 mid = 9 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 returned 68 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0000709c > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine norma.child03.eightad6.testing.com and bound anonymously. >init_lsa_sec_qos >init_lsa_obj_attr > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\NORMA.CHILD03.EIGHTAD6.TESTING.COM' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0098 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000080 > 0014 context_id: 0000 > 0016 opnum : 002c >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 >size=234 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 152 (0x98) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 152 (0x98) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49157 (0xC005) >smb_bcc=167 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 98 00 00 00 04 00 00 00 80 ........ ........ >[020] 00 00 00 00 00 2C 00 00 00 02 00 25 00 00 00 00 .....,.. ...%.... >[030] 00 00 00 25 00 00 00 5C 00 5C 00 4E 00 4F 00 52 ...%...\ .\.N.O.R >[040] 00 4D 00 41 00 2E 00 43 00 48 00 49 00 4C 00 44 .M.A...C .H.I.L.D >[050] 00 30 00 33 00 2E 00 45 00 49 00 47 00 48 00 54 .0.3...E .I.G.H.T >[060] 00 41 00 44 00 36 00 2E 00 54 00 45 00 53 00 54 .A.D.6.. .T.E.S.T >[070] 00 49 00 4E 00 47 00 2E 00 43 00 4F 00 4D 00 00 .I.N.G.. .C.O.M.. >[080] 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[090] 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 ........ ........ >[0A0] 00 01 00 00 00 00 02 ....... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] BA 2A 12 57 3E 45 42 3B .*.W>EB; >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(16,238) >write_socket(16,238) wrote 238 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 98 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 87 8C 5C ........ .......\ >[020] 99 FA A0 09 46 94 94 E4 AE C7 FE C4 D6 00 00 00 ....F... ........ >[030] 00 . >get_sequence_for_reply: found seq = 17 mid = 10 >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] 38 30 74 29 AA 33 21 09 80t).3!. >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 98 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 87 8C 5C ........ .......\ >[020] 99 FA A0 09 46 94 94 E4 AE C7 FE C4 D6 00 00 00 ....F... ........ >[030] 00 . >get_sequence_for_reply: found seq = 17 mid = 10 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got PDU len of 48 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 returned 48 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 995c8c87-a0fa-4609-9494-e4aec7fec4d6 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 995c8c87-a0fa-4609-9494-e4aec7fec4d6 > level : LSA_POLICY_INFO_DNS (12) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000016 > 0014 context_id: 0000 > 0016 opnum : 002e >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49157 (0xC005) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ >[020] 00 00 00 00 00 2E 00 00 00 00 00 87 8C 5C 99 FA ........ .....\.. >[030] A0 09 46 94 94 E4 AE C7 FE C4 D6 0C 00 ..F..... ..... >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] 0E BF FC 0E AA 29 D6 4E .....).N >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(16,132) >write_socket(16,132) wrote 132 >got smb length of 312 >size=312 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 256 (0x100) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=257 >[000] 2E 05 00 02 03 10 00 00 00 00 01 00 00 05 00 00 ........ ........ >[010] 00 E8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ >[020] 00 0E 00 10 00 04 00 02 00 38 00 3A 00 08 00 02 ........ .8.:.... >[030] 00 28 00 2A 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 .(.*.... ........ >[040] 42 87 55 7B C9 B4 D4 8A F3 10 00 02 00 08 00 00 B.U{.... ........ >[050] 00 00 00 00 00 07 00 00 00 43 00 48 00 49 00 4C ........ .C.H.I.L >[060] 00 44 00 30 00 33 00 67 00 1D 00 00 00 00 00 00 .D.0.3.g ........ >[070] 00 1C 00 00 00 63 00 68 00 69 00 6C 00 64 00 30 .....c.h .i.l.d.0 >[080] 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 00 61 .3...e.i .g.h.t.a >[090] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0A0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 15 00 00 .n.g...c .o.m.... >[0B0] 00 00 00 00 00 14 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0C0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0D0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0E0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0F0] 00 9E EE 0E 5B E9 51 6F CE 08 53 A2 9A 00 00 00 ....[.Qo ..S..... >[100] 00 . >get_sequence_for_reply: found seq = 19 mid = 11 >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 5B C9 2B 9E 5E 43 49 A5 [.+.^CI. >size=312 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 256 (0x100) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=257 >[000] 2E 05 00 02 03 10 00 00 00 00 01 00 00 05 00 00 ........ ........ >[010] 00 E8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ >[020] 00 0E 00 10 00 04 00 02 00 38 00 3A 00 08 00 02 ........ .8.:.... >[030] 00 28 00 2A 00 0C 00 02 00 88 B9 1F 05 9F D9 A3 .(.*.... ........ >[040] 42 87 55 7B C9 B4 D4 8A F3 10 00 02 00 08 00 00 B.U{.... ........ >[050] 00 00 00 00 00 07 00 00 00 43 00 48 00 49 00 4C ........ .C.H.I.L >[060] 00 44 00 30 00 33 00 67 00 1D 00 00 00 00 00 00 .D.0.3.g ........ >[070] 00 1C 00 00 00 63 00 68 00 69 00 6C 00 64 00 30 .....c.h .i.l.d.0 >[080] 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 00 61 .3...e.i .g.h.t.a >[090] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[0A0] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 15 00 00 .n.g...c .o.m.... >[0B0] 00 00 00 00 00 14 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0C0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0D0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0E0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0F0] 00 9E EE 0E 5B E9 51 6F CE 08 53 A2 9A 00 00 00 ....[.Qo ..S..... >[100] 00 . >get_sequence_for_reply: found seq = 19 mid = 11 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0100 > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000e8 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 256, data_len 232, ss_len 0 >rpc_api_pipe: got PDU len of 256 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 returned 464 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'CHILD03' > dns_domain: struct lsa_StringLarge > length : 0x0038 (56) > size : 0x003a (58) > string : * > string : 'child03.eightad6.testing.com' > dns_forest: struct lsa_StringLarge > length : 0x0028 (40) > size : 0x002a (42) > string : * > string : 'eightad6.testing.com' > domain_guid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > sid : * > sid : S-1-5-21-1527705246-3463401961-2594329352 > result : NT_STATUS_OK >set_dc_type_and_flags_connect: domain CHILD03 is in native mode. >set_dc_type_and_flags_connect: domain CHILD03 is running active directory. >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 0B 88 9F 85 C7 F7 8E AD ........ >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] 1E 07 55 42 2F F4 C7 E6 ..UB/... >rpc_pipe_destructor: closed host norma.child03.eightad6.testing.com, pipe \lsarpc, fnum 0xc005 >Sending request to child pid 9850 (domain=CHILD03) >Added timed event "async_request_timeout_handler": 2ab26bafadb0 >timed_events_timeout: 299/999929 >child daemon request 19 >child_process_request: request fn LIST_TRUSTDOM >[ 9849]: list trusted domains >get_cache: Setting ADS methods for domain CHILD03 >fetch_cache_seqnum: invalid data size key [SEQNUM/CHILD03] >ads: fetch sequence_number for CHILD03 >ads_cached_connection >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: domain=CHILD03 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : NULL > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_find_dc: (cldap) looking for realm 'child03.eightad6.testing.com' >get_sorted_dc_list: attempting lookup for name child03.eightad6.testing.com (sitename Default-First-Site-Name) using [ads] >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning expired cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:31:20 2009 >no entry for child03.eightad6.testing.com#1C found. >resolve_ads: Attempting to resolve DCs for child03.eightad6.testing.com using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed norma.child03.eightad6.testing.com [0, 100, 389] >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 1 address for child03.eightad6.testing.com#1c: 192.168.12.172 >Adding cache entry with key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C; value = 192.168.12.172:389 and timeout = Wed Nov 25 18:42:25 2009 > (660 seconds ahead) >internal_resolve_name: returning 1 addresses: 192.168.12.172:389 >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >ads_try_connect: sending CLDAP request to 192.168.12.172 (realm: child03.eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001f9 (505) > 1: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > forest : 'eightad6.testing.com' > dns_domain : 'child03.eightad6.testing.com' > pdc_dns_name : 'norma.child03.eightad6.testing.com' > domain : 'CHILD03' > pdc_name : 'NORMA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [CHILD03], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >sitename_store: realm = [child03.eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >Successfully contacted LDAP server 192.168.12.172 >ads_connect: leaving with: Success > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.172' > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x000001f9 (505) > 1: DS_SERVER_PDC > 0: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > bind_path : 'dc=CHILD03,dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'norma.child03.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : 192.168.12.172 > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.CHILD03, realm = child03.eightad6.testing.com, domain = CHILD03 >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename (null)) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >get_kdc_ip_string: Returning kdc = 192.168.12.172 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.CHILD03 with realm CHILD03.EIGHTAD6.TESTING.COM KDC list = kdc = 192.168.12.172 > >ads_dc_name: using server='NORMA.CHILD03.EIGHTAD6.TESTING.COM' IP=192.168.12.172 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000000 (0) > 0: ADS_AUTH_DISABLE_KERBEROS > 0: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : Sat 31 Jan 1970 05:30:00 AM IST IST > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >ads_find_dc: (ldap) looking for realm 'child03.eightad6.testing.com' >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: domain=CHILD03 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : NULL > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_find_dc: (cldap) looking for realm 'child03.eightad6.testing.com' >get_sorted_dc_list: attempting lookup for name child03.eightad6.testing.com (sitename Default-First-Site-Name) using [ads] >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >ads_try_connect: sending CLDAP request to 192.168.12.172 (realm: child03.eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001f9 (505) > 1: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > forest : 'eightad6.testing.com' > dns_domain : 'child03.eightad6.testing.com' > pdc_dns_name : 'norma.child03.eightad6.testing.com' > domain : 'CHILD03' > pdc_name : 'NORMA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [CHILD03], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >sitename_store: realm = [child03.eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >Successfully contacted LDAP server 192.168.12.172 >ads_connect: leaving with: Success > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.172' > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x000001f9 (505) > 1: DS_SERVER_PDC > 0: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > bind_path : 'dc=CHILD03,dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'norma.child03.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : 192.168.12.172 > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.CHILD03, realm = child03.eightad6.testing.com, domain = CHILD03 >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename (null)) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >get_kdc_ip_string: Returning kdc = 192.168.12.172 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.CHILD03 with realm CHILD03.EIGHTAD6.TESTING.COM KDC list = kdc = 192.168.12.172 > >ads_dc_name: using server='NORMA.CHILD03.EIGHTAD6.TESTING.COM' IP=192.168.12.172 >ads_try_connect: sending CLDAP request to NORMA.CHILD03.EIGHTAD6.TESTING.COM (realm: child03.eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001f9 (505) > 1: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > forest : 'eightad6.testing.com' > dns_domain : 'child03.eightad6.testing.com' > pdc_dns_name : 'norma.child03.eightad6.testing.com' > domain : 'CHILD03' > pdc_name : 'NORMA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [CHILD03], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >sitename_store: realm = [child03.eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >Successfully contacted LDAP server 192.168.12.172 >Opening connection to LDAP server 'norma.child03.eightad6.testing.com:389', timeout 15 seconds >Connected to LDAP server 'norma.child03.eightad6.testing.com:389' >Connected to LDAP server norma.child03.eightad6.testing.com >ads_closest_dc: NBT_SERVER_CLOSEST flag set >saf_store: domain = [CHILD03], server = [norma.child03.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/CHILD03; value = norma.child03.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >saf_store: domain = [child03.eightad6.testing.com], server = [norma.child03.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = norma.child03.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >time offset is 3 seconds >Found SASL mechanism GSS-SPNEGO >ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >ads_sasl_spnego_bind: got server principal name = norma$@CHILD03.EIGHTAD6.TESTING.COM >ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >kerberos_kinit_password: as ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM using [MEMORY:winbind_ccache] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.CHILD03] >ads_krb5_mk_req: Advancing clock by 3 seconds to cope with clock skew >ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Thu, 26 Nov 2009 04:31:28 IST >ads_krb5_mk_req: Ticket (norma$@CHILD03.EIGHTAD6.TESTING.COM) in ccache (MEMORY:winbind_ccache) is valid until: (Thu, 26 Nov 2009 04:31:28 IST - 1259190088) >ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >Got KRB5 session key of length 16 >ads_connect: leaving with: Success > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.172' > flags : 0x00000000 (0) > 0: ADS_AUTH_DISABLE_KERBEROS > 0: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000003 (3) > tgt_expire : Thu 26 Nov 2009 04:31:28 AM IST IST > tgs_expire : Thu 26 Nov 2009 04:31:28 AM IST IST > renewable : Sat 31 Jan 1970 05:30:00 AM IST IST > ads: struct config > flags : 0x000001f9 (505) > 1: DS_SERVER_PDC > 0: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > bind_path : 'dc=CHILD03,dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'norma.child03.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : Wed 25 Nov 2009 06:31:28 PM IST IST > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : * > ss : 192.168.12.172 > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : * > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Search for (objectclass=*) in <> gave 1 replies >store_cache_seqnum: success [CHILD03][13991 @ 1259154085] >refresh_sequence_number: CHILD03 seq number is now 13991 >trusted_domains: [Cached] - doing backend query for info for domain CHILD03 >ads: trusted_domains >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] 4A B0 1F B4 AC F3 17 DD J....... >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=13 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] 1F D5 59 B3 E9 0F 48 98 ..Y...H. >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=14 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32782 (0x800E) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 24 >client_sign_outgoing_message: sent SMB signature of >[000] 86 A2 39 F1 CA B4 00 92 ..9..... >store_sequence_for_reply: stored seq = 25 mid = 14 >write_socket(16,158) >write_socket(16,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9D 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 E4 AE 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 25 mid = 14 >simple_packet_signature: sequence number 25 >client_check_incoming_message: seq 25: got good SMB signature of >[000] 29 59 FA BE 7F 9D C7 D7 )Y...... >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9D 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 E4 AE 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 25 mid = 14 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e returned 68 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0000709d > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine norma.child03.eightad6.testing.com and bound anonymously. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > in: struct netr_ServerReqChallenge > server_name : * > server_name : '\\norma.child03.eightad6.testing.com' > computer_name : 'ALTAIR' > credentials : * > credentials: struct netr_Credential > data : d2e637991b3c9a96 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0096 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007e > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=15 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 150 (0x96) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 150 (0x96) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32782 (0x800E) >smb_bcc=165 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 96 00 00 00 07 00 00 00 7E ........ .......~ >[020] 00 00 00 00 00 04 00 00 00 02 00 25 00 00 00 00 ........ ...%.... >[030] 00 00 00 25 00 00 00 5C 00 5C 00 6E 00 6F 00 72 ...%...\ .\.n.o.r >[040] 00 6D 00 61 00 2E 00 63 00 68 00 69 00 6C 00 64 .m.a...c .h.i.l.d >[050] 00 30 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 .0.3...e .i.g.h.t >[060] 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 .a.d.6.. .t.e.s.t >[070] 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 .i.n.g.. .c.o.m.. >[080] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 41 ........ .......A >[090] 00 4C 00 54 00 41 00 49 00 52 00 00 00 D2 E6 37 .L.T.A.I .R.....7 >[0A0] 99 1B 3C 9A 96 ..<.. >simple_packet_signature: sequence number 26 >client_sign_outgoing_message: sent SMB signature of >[000] D6 22 37 FF A7 D9 FF 59 ."7....Y >store_sequence_for_reply: stored seq = 27 mid = 15 >write_socket(16,236) >write_socket(16,236) wrote 236 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 96 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 3F A9 C6 7A 9D D4 75 ........ .?..z..u >[020] 48 00 00 00 00 H.... >get_sequence_for_reply: found seq = 27 mid = 15 >simple_packet_signature: sequence number 27 >client_check_incoming_message: seq 27: got good SMB signature of >[000] 2E 94 EC 5B 84 D7 86 48 ...[...H >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 96 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 3F A9 C6 7A 9D D4 75 ........ .?..z..u >[020] 48 00 00 00 00 H.... >get_sequence_for_reply: found seq = 27 mid = 15 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >rpc_api_pipe: got PDU len of 36 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e returned 24 bytes. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > out: struct netr_ServerReqChallenge > return_credentials : * > return_credentials: struct netr_Credential > data : 3fa9c67a9dd47548 > result : NT_STATUS_OK >creds_client_init: neg_flags : 600fffff >creds_client_init: client chal : D2E637991B3C9A96 >creds_client_init: server chal : 3FA9C67A9DD47548 >creds_init_128 > clnt_chal_in: D2E637991B3C9A96 > srv_chal_in : 3FA9C67A9DD47548 >creds_client_init: clnt : 2329182CB1D52A61 >creds_client_init: server : 0DFDEB3B3DA90ADF >creds_client_init: seed : 2329182CB1D52A61 > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > in: struct netr_ServerAuthenticate2 > server_name : * > server_name : '\\norma.child03.eightad6.testing.com' > account_name : 'ALTAIR$' > secure_channel_type : SEC_CHAN_WKSTA (2) > computer_name : 'ALTAIR' > credentials : * > credentials: struct netr_Credential > data : 2329182cb1d52a61 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00bc > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 000000a4 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e >size=270 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=16 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 188 (0xBC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 188 (0xBC) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32782 (0x800E) >smb_bcc=203 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 BC 00 00 00 08 00 00 00 A4 ........ ........ >[020] 00 00 00 00 00 0F 00 00 00 02 00 25 00 00 00 00 ........ ...%.... >[030] 00 00 00 25 00 00 00 5C 00 5C 00 6E 00 6F 00 72 ...%...\ .\.n.o.r >[040] 00 6D 00 61 00 2E 00 63 00 68 00 69 00 6C 00 64 .m.a...c .h.i.l.d >[050] 00 30 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 .0.3...e .i.g.h.t >[060] 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 .a.d.6.. .t.e.s.t >[070] 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 .i.n.g.. .c.o.m.. >[080] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 41 ........ .......A >[090] 00 4C 00 54 00 41 00 49 00 52 00 24 00 00 00 02 .L.T.A.I .R.$.... >[0A0] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 41 ........ .......A >[0B0] 00 4C 00 54 00 41 00 49 00 52 00 00 00 23 29 18 .L.T.A.I .R...#). >[0C0] 2C B1 D5 2A 61 00 00 FF FF 0F 60 ,..*a... ..` >simple_packet_signature: sequence number 28 >client_sign_outgoing_message: sent SMB signature of >[000] AC 7F CC 4B 9A 0F 7C 1B ...K..|. >store_sequence_for_reply: stored seq = 29 mid = 16 >write_socket(16,274) >write_socket(16,274) wrote 274 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] BC 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 0D FD EB 3B 3D A9 0A ........ ....;=.. >[020] DF FF FF 0F 60 00 00 00 00 ....`... . >get_sequence_for_reply: found seq = 29 mid = 16 >simple_packet_signature: sequence number 29 >client_check_incoming_message: seq 29: got good SMB signature of >[000] 4C 3B F7 20 46 BB F2 BA L;. F... >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] BC 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 0D FD EB 3B 3D A9 0A ........ ....;=.. >[020] DF FF FF 0F 60 00 00 00 00 ....`... . >get_sequence_for_reply: found seq = 29 mid = 16 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >rpc_api_pipe: got PDU len of 40 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e returned 32 bytes. > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > out: struct netr_ServerAuthenticate2 > return_credentials : * > return_credentials: struct netr_Credential > data : 0dfdeb3b3da90adf > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL > result : NT_STATUS_OK >netlogon_creds_client_check: credentials check OK. >rpccli_netlogon_setup_creds: server norma.child03.eightad6.testing.com credential chain established. >simple_packet_signature: sequence number 30 >client_sign_outgoing_message: sent SMB signature of >[000] E7 9E A7 97 BC 42 29 FA .....B). >store_sequence_for_reply: stored seq = 31 mid = 17 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=17 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3840 (0xF00) >smb_vwv[ 3]= 384 (0x180) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 31 mid = 17 >simple_packet_signature: sequence number 31 >client_check_incoming_message: seq 31: got good SMB signature of >[000] 2A D0 22 1A BF 26 90 F7 *."..&.. >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f auth_type 2, auth_level 6 >000000 smb_io_rpc_auth_schannel_neg schannel_neg > 0000 type1: 00000000 > 0004 type2: 00000003 >[000] 43 48 49 4C 44 30 33 CHILD03 >[000] 41 4C 54 41 49 52 ALTAIR >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0067 > 000a auth_len : 0017 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >000048 smb_io_rpc_hdr_auth hdr_auth > 0048 auth_type : 44 > 0049 auth_level : 06 > 004a auth_pad_len : 00 > 004b auth_reserved: 00 > 004c auth_context_id: 00000001 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f >size=185 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=18 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 103 (0x67) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32783 (0x800F) >smb_bcc=118 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 67 00 17 00 09 00 00 00 B8 .......g ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 43 48 49 4C 44 30 33 00 41 .......C HILD03.A >[070] 4C 54 41 49 52 00 LTAIR. >simple_packet_signature: sequence number 32 >client_sign_outgoing_message: sent SMB signature of >[000] C7 1E 13 C7 37 78 99 E9 ....7x.. >store_sequence_for_reply: stored seq = 33 mid = 18 >write_socket(16,189) >write_socket(16,189) wrote 189 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... >[010] 00 B8 10 B8 10 9E 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 E4 AE 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 36 00 .......6 . >get_sequence_for_reply: found seq = 33 mid = 18 >simple_packet_signature: sequence number 33 >client_check_incoming_message: seq 33: got good SMB signature of >[000] 51 71 7B D3 2F 0C 2D 80 Qq{./.-. >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... >[010] 00 B8 10 B8 10 9E 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 E4 AE 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 36 00 .......6 . >get_sequence_for_reply: found seq = 33 mid = 18 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >rpc_api_pipe: got PDU len of 88 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f returned 88 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0000709e > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine norma.child03.eightad6.testing.com for domain CHILD03 and bound using schannel. >simple_packet_signature: sequence number 34 >client_sign_outgoing_message: sent SMB signature of >[000] 42 0F C2 9D B0 5A 44 A9 B....ZD. >store_sequence_for_reply: stored seq = 35 mid = 19 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=19 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 35 mid = 19 >simple_packet_signature: sequence number 35 >client_check_incoming_message: seq 35: got good SMB signature of >[000] 14 39 93 48 1C FF 4C 80 .9.H..L. >rpc_pipe_destructor: closed host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800e > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'norma.child03.eightad6.testing.com' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 opnum : 0028 >000078 smb_io_rpc_hdr_auth hdr_auth > 0078 auth_type : 44 > 0079 auth_level : 06 > 007a auth_pad_len : 04 > 007b auth_reserved: 00 > 007c auth_context_id: 00000001 >add_schannel_auth_footer: SCHANNEL seq_num=0 >SCHANNEL: schannel_encode seq_num=0 data_len=96 >000080 smb_io_rpc_auth_schannel_chk > 0080 sig : 77 00 7a 00 ff ff 00 00 > 0088 seq_num: e8 0a a0 5c b2 9b 73 ed > 0090 packet_digest: 9b 75 44 df 19 2b b7 a4 > 0098 confounder: a1 ea 1d ae ff 31 9e a5 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f >size=242 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=20 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 160 (0xA0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 160 (0xA0) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32783 (0x800F) >smb_bcc=175 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 A0 00 20 00 0A 00 00 00 5C ........ . .....\ >[020] 00 00 00 00 00 28 00 8F A0 48 1C 6F FE F5 6E B9 .....(.. .H.o..n. >[030] B8 DC A4 DD DF 96 D8 1A 58 8B 59 6A F7 C1 60 FB ........ X.Yj..`. >[040] 68 3A 23 F3 96 43 F1 A3 AF E8 D3 92 1C AC 88 B1 h:#..C.. ........ >[050] 7D 3E 08 62 9C E3 EA 14 F1 94 64 D8 2E 12 E5 0D }>.b.... ..d..... >[060] 89 82 71 36 C4 DE 3F B9 72 B9 41 88 5C A0 A3 ED ..q6..?. r.A.\... >[070] 2E 4A 26 95 A9 25 82 24 7A DF F9 E6 3A 15 00 55 .J&..%.$ z...:..U >[080] 30 19 E4 84 AC C6 5A 44 06 04 00 01 00 00 00 77 0.....ZD .......w >[090] 00 7A 00 FF FF 00 00 E8 0A A0 5C B2 9B 73 ED 9B .z...... ..\..s.. >[0A0] 75 44 DF 19 2B B7 A4 A1 EA 1D AE FF 31 9E A5 uD..+... ....1.. >simple_packet_signature: sequence number 36 >client_sign_outgoing_message: sent SMB signature of >[000] F9 BE 26 0B 35 77 2D 9F ..&.5w-. >store_sequence_for_reply: stored seq = 37 mid = 20 >write_socket(16,246) >write_socket(16,246) wrote 246 >got smb length of 472 >size=472 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 416 (0x1A0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 416 (0x1A0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=417 >[000] A0 05 00 02 03 10 00 00 00 A0 01 20 00 0A 00 00 ........ ... .... >[010] 00 5C 01 00 00 00 00 00 00 D0 75 C7 84 52 9A E2 .\...... ..u..R.. >[020] 94 D0 4C 8A 5F F9 04 D6 26 44 A3 21 E3 2C AD 29 ..L._... &D.!.,.) >[030] BD F9 39 7C 67 20 03 C2 C5 5B B0 7C 66 1A DD 36 ..9|g .. .[.|f..6 >[040] C7 1F 8A B3 75 EE EB 47 BD 9E 89 DB 15 1C 18 E2 ....u..G ........ >[050] 08 B5 0B 94 DB 8B E6 74 CD 8A 36 FA 12 B1 50 A2 .......t ..6...P. >[060] 31 4E CF E0 E6 23 0A 6B C7 0E 5E 94 18 69 C0 12 1N...#.k ..^..i.. >[070] 0C D0 3A 3D 85 DA AE 03 64 DB 50 48 8E 27 5C 1E ..:=.... d.PH.'\. >[080] 67 1F 7C DC 7D 44 20 9C 8D 1A 9E 35 D1 54 C5 22 g.|.}D . ...5.T." >[090] E5 57 65 EE F6 FD 40 26 86 C6 40 9E B3 69 81 EA .We...@& ..@..i.. >[0A0] 8C B8 5D 6D 49 4A 4C A8 D7 F9 F1 13 66 76 4F 73 ..]mIJL. ....fvOs >[0B0] 09 34 98 C1 16 84 B9 60 62 14 61 39 C6 1F 59 D4 .4.....` b.a9..Y. >[0C0] 88 E6 34 02 5D AD 12 45 1E 12 D0 A0 02 61 9F 42 ..4.]..E .....a.B >[0D0] DA 44 38 EB 4B 6B D4 BD FF 20 88 26 FD 1E 75 16 .D8.Kk.. . .&..u. >[0E0] 8B D1 19 1B 71 DB 27 D5 C0 EE 61 A4 7F 32 43 1C ....q.'. ..a..2C. >[0F0] 3E 73 ED A0 74 73 01 D0 6B E6 E9 CE 2C F0 B7 09 >s..ts.. k...,... >[100] 98 42 ED 2F 89 D2 56 3C 2A CC EC 08 81 A8 03 E5 .B./..V< *....... >[110] DD 19 23 4F D8 5B 4F 53 55 BF 9B 71 12 02 09 34 ..#O.[OS U..q...4 >[120] 72 24 47 10 3A B8 43 A9 F2 BA 32 E7 3B 0A EE 0D r$G.:.C. ..2.;... >[130] BA 46 90 DF 45 E9 3E BB 0A 0C C1 67 1B 8B C5 68 .F..E.>. ...g...h >[140] 26 B4 74 D7 D0 03 27 A4 8A 73 B9 D2 ED 6B BB E4 &.t...'. .s...k.. >[150] 08 35 BF 19 AD 3F F5 8F 5D 51 92 C3 33 05 5D 04 .5...?.. ]Q..3.]. >[160] F5 6F F9 44 5A BB 38 99 AF 85 3F 3C 3B FC EF DB .o.DZ.8. ..?<;... >[170] 38 BA BA EA 22 46 43 BD 13 44 06 04 00 01 00 00 8..."FC. .D...... >[180] 00 77 00 7A 00 FF FF 00 00 A8 55 DD 69 8F 22 74 .w.z.... ..U.i."t >[190] B6 FC 38 A9 17 26 95 BB 73 CE D3 AE B2 57 52 BF ..8..&.. s....WR. >[1A0] EC . >get_sequence_for_reply: found seq = 37 mid = 20 >simple_packet_signature: sequence number 37 >client_check_incoming_message: seq 37: got good SMB signature of >[000] BE 43 C4 C3 CC 7C 6A 64 .C...|jd >size=472 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 416 (0x1A0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 416 (0x1A0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=417 >[000] A0 05 00 02 03 10 00 00 00 A0 01 20 00 0A 00 00 ........ ... .... >[010] 00 5C 01 00 00 00 00 00 00 D0 75 C7 84 52 9A E2 .\...... ..u..R.. >[020] 94 D0 4C 8A 5F F9 04 D6 26 44 A3 21 E3 2C AD 29 ..L._... &D.!.,.) >[030] BD F9 39 7C 67 20 03 C2 C5 5B B0 7C 66 1A DD 36 ..9|g .. .[.|f..6 >[040] C7 1F 8A B3 75 EE EB 47 BD 9E 89 DB 15 1C 18 E2 ....u..G ........ >[050] 08 B5 0B 94 DB 8B E6 74 CD 8A 36 FA 12 B1 50 A2 .......t ..6...P. >[060] 31 4E CF E0 E6 23 0A 6B C7 0E 5E 94 18 69 C0 12 1N...#.k ..^..i.. >[070] 0C D0 3A 3D 85 DA AE 03 64 DB 50 48 8E 27 5C 1E ..:=.... d.PH.'\. >[080] 67 1F 7C DC 7D 44 20 9C 8D 1A 9E 35 D1 54 C5 22 g.|.}D . ...5.T." >[090] E5 57 65 EE F6 FD 40 26 86 C6 40 9E B3 69 81 EA .We...@& ..@..i.. >[0A0] 8C B8 5D 6D 49 4A 4C A8 D7 F9 F1 13 66 76 4F 73 ..]mIJL. ....fvOs >[0B0] 09 34 98 C1 16 84 B9 60 62 14 61 39 C6 1F 59 D4 .4.....` b.a9..Y. >[0C0] 88 E6 34 02 5D AD 12 45 1E 12 D0 A0 02 61 9F 42 ..4.]..E .....a.B >[0D0] DA 44 38 EB 4B 6B D4 BD FF 20 88 26 FD 1E 75 16 .D8.Kk.. . .&..u. >[0E0] 8B D1 19 1B 71 DB 27 D5 C0 EE 61 A4 7F 32 43 1C ....q.'. ..a..2C. >[0F0] 3E 73 ED A0 74 73 01 D0 6B E6 E9 CE 2C F0 B7 09 >s..ts.. k...,... >[100] 98 42 ED 2F 89 D2 56 3C 2A CC EC 08 81 A8 03 E5 .B./..V< *....... >[110] DD 19 23 4F D8 5B 4F 53 55 BF 9B 71 12 02 09 34 ..#O.[OS U..q...4 >[120] 72 24 47 10 3A B8 43 A9 F2 BA 32 E7 3B 0A EE 0D r$G.:.C. ..2.;... >[130] BA 46 90 DF 45 E9 3E BB 0A 0C C1 67 1B 8B C5 68 .F..E.>. ...g...h >[140] 26 B4 74 D7 D0 03 27 A4 8A 73 B9 D2 ED 6B BB E4 &.t...'. .s...k.. >[150] 08 35 BF 19 AD 3F F5 8F 5D 51 92 C3 33 05 5D 04 .5...?.. ]Q..3.]. >[160] F5 6F F9 44 5A BB 38 99 AF 85 3F 3C 3B FC EF DB .o.DZ.8. ..?<;... >[170] 38 BA BA EA 22 46 43 BD 13 44 06 04 00 01 00 00 8..."FC. .D...... >[180] 00 77 00 7A 00 FF FF 00 00 A8 55 DD 69 8F 22 74 .w.z.... ..U.i."t >[190] B6 FC 38 A9 17 26 95 BB 73 CE D3 AE B2 57 52 BF ..8..&.. s....WR. >[1A0] EC . >get_sequence_for_reply: found seq = 37 mid = 20 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 01a0 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000015c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000178 smb_io_rpc_hdr_auth hdr_auth > 0178 auth_type : 44 > 0179 auth_level : 06 > 017a auth_pad_len : 04 > 017b auth_reserved: 00 > 017c auth_context_id: 00000001 >000180 smb_io_rpc_auth_schannel_chk > 0180 sig : 77 00 7a 00 ff ff 00 00 > 0188 seq_num: a8 55 dd 69 8f 22 74 b6 > 0190 packet_digest: fc 38 a9 17 26 95 bb 73 > 0198 confounder: ce d3 ae b2 57 52 bf ec >SCHANNEL: schannel_decode seq_num=1 data_len=352 >SCHANNEL: schannel_decode seq_num=1 data_len=352 >cli_pipe_validate_current_pdu: got pdu len 416, data_len 348, ss_len 4 >rpc_api_pipe: got PDU len of 416 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f returned 696 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000002 (2) > array : * > array: ARRAY(2) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'EIGHTAD6' > dns_name : * > dns_name : 'eightad6.testing.com' > trust_flags : 0x00000027 (39) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-162008750-1983285441-4146528753 > guid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'CHILD03' > dns_name : * > dns_name : 'child03.eightad6.testing.com' > trust_flags : 0x00000019 (25) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-1527705246-3463401961-2594329352 > guid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > result : WERR_OK >trusted_domains(ads): Searching trusted domain list of CHILD03 and storing trust flags for domain eightad6.testing.com >wcache_tdc_add_domain: Adding domain EIGHTAD6 (eightad6.testing.com), SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attributes = 0x20, type = 0x2 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (CHILD03.EIGHTAD6.TESTING.COM) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x0, attribs = 0x0, type = 0x0 >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN () >pack_tdc_domains: Packing domain ALTAIR () >pack_tdc_domains: Packing domain CHILD03 (CHILD03.EIGHTAD6.TESTING.COM) >pack_tdc_domains: Packing domain EIGHTAD6 (eightad6.testing.com) >trusted_domains(ads): Searching trusted domain list of CHILD03 and storing trust flags for domain child03.eightad6.testing.com >wcache_tdc_add_domain: Adding domain CHILD03 (child03.eightad6.testing.com), SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x19, attributes = 0x0, type = 0x2 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (CHILD03.EIGHTAD6.TESTING.COM) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain EIGHTAD6 (eightad6.testing.com) SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attribs = 0x20, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for CHILD03 >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN () >pack_tdc_domains: Packing domain ALTAIR () >pack_tdc_domains: Packing domain CHILD03 (child03.eightad6.testing.com) >pack_tdc_domains: Packing domain EIGHTAD6 (eightad6.testing.com) >Storing response for pid 9850, len 3646 >Storing extra data: len=150 >timed_events_timeout: 604693/370792 >Destroying timed event 2ab26bafadb0 "async_request_timeout_handler" >select will use timeout of 604693.370792 seconds >Retrieving response for pid 9850 >Retrieving extra data length=150 >[000] 45 49 47 48 54 41 44 36 5C 65 69 67 68 74 61 64 EIGHTAD6 \eightad >[010] 36 2E 74 65 73 74 69 6E 67 2E 63 6F 6D 5C 53 2D 6.testin g.com\S- >[020] 31 2D 35 2D 32 31 2D 31 36 32 30 30 38 37 35 30 1-5-21-1 62008750 >[030] 2D 31 39 38 33 32 38 35 34 34 31 2D 34 31 34 36 -1983285 441-4146 >[040] 35 32 38 37 35 33 0A 43 48 49 4C 44 30 33 5C 63 528753.C HILD03\c >[050] 68 69 6C 64 30 33 2E 65 69 67 68 74 61 64 36 2E hild03.e ightad6. >[060] 74 65 73 74 69 6E 67 2E 63 6F 6D 5C 53 2D 31 2D testing. com\S-1- >[070] 35 2D 32 31 2D 31 35 32 37 37 30 35 32 34 36 2D 5-21-152 7705246- >[080] 33 34 36 33 34 30 31 39 36 31 2D 32 35 39 34 33 34634019 61-25943 >[090] 32 39 33 35 32 00 29352. >wcache_tdc_add_domain: Adding domain EIGHTAD6 (eightad6.testing.com), SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x0, attributes = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (child03.eightad6.testing.com) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x19, attribs = 0x0, type = 0x2 >unpack_tdc_domains: Unpacking domain EIGHTAD6 (eightad6.testing.com) SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attribs = 0x20, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for EIGHTAD6 >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN () >pack_tdc_domains: Packing domain ALTAIR () >pack_tdc_domains: Packing domain CHILD03 (child03.eightad6.testing.com) >pack_tdc_domains: Packing domain EIGHTAD6 (eightad6.testing.com) >idmap config EIGHTAD6 : range = not defined >Added domain EIGHTAD6 eightad6.testing.com S-1-5-21-162008750-1983285441-4146528753 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (child03.eightad6.testing.com) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x19, attribs = 0x0, type = 0x2 >unpack_tdc_domains: Unpacking domain EIGHTAD6 (eightad6.testing.com) SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attribs = 0x20, type = 0x2 >rescan_forest_root_trusts: Following trust path for domain tree root EIGHTAD6 (eightad6.testing.com) >Sending request to child pid 9850 (domain=CHILD03) >Added timed event "async_request_timeout_handler": 2ab26bafadb0 >timed_events_timeout: 299/999957 >child daemon request 38 >child_process_request: request fn GETDCNAME >[ 9849]: Get DC name for EIGHTAD6 > netr_GetAnyDCName: struct netr_GetAnyDCName > in: struct netr_GetAnyDCName > logon_server : * > logon_server : 'norma.child03.eightad6.testing.com' > domainname : * > domainname : 'EIGHTAD6' >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00c0 > 000a auth_len : 0020 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007a > 0014 context_id: 0000 > 0016 opnum : 000d >000098 smb_io_rpc_hdr_auth hdr_auth > 0098 auth_type : 44 > 0099 auth_level : 06 > 009a auth_pad_len : 06 > 009b auth_reserved: 00 > 009c auth_context_id: 00000001 >add_schannel_auth_footer: SCHANNEL seq_num=2 >SCHANNEL: schannel_encode seq_num=2 data_len=128 >0000a0 smb_io_rpc_auth_schannel_chk > 00a0 sig : 77 00 7a 00 ff ff 00 00 > 00a8 seq_num: 6e a8 0e 1f 46 2a 68 b0 > 00b0 packet_digest: 64 81 62 8a 9a d6 5f cd > 00b8 confounder: bd 86 51 3e 30 e2 dc 4b >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f >size=274 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=21 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 192 (0xC0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 192 (0xC0) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32783 (0x800F) >smb_bcc=207 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 C0 00 20 00 0B 00 00 00 7A ........ . .....z >[020] 00 00 00 00 00 0D 00 88 F6 C5 38 3E CA 2C 07 10 ........ ..8>.,.. >[030] 8C BF 34 C7 3B 09 F8 59 61 D2 48 2B 33 E0 28 21 ..4.;..Y a.H+3.(! >[040] B0 F7 97 A1 29 9C BB C1 A6 61 CD CC 99 6C D0 51 ....)... .a...l.Q >[050] D2 E1 74 72 85 A3 18 EB 2E 73 1C F7 D6 01 C5 71 ..tr.... .s.....q >[060] 8A 6D 0F 9E B1 70 9A 44 15 62 55 16 7D B3 93 6F .m...p.D .bU.}..o >[070] 72 0E 11 40 E1 93 09 F8 39 75 64 C9 C8 36 FC 80 r..@.... 9ud..6.. >[080] A6 F3 03 AF B4 2B 98 5F EC 0A 8C FA 77 90 04 60 .....+._ ....w..` >[090] D3 A8 D1 19 41 40 F8 E0 F9 3B 8B CE FD 3E 41 FC ....A@.. .;...>A. >[0A0] 52 C0 4A 75 96 78 48 44 06 06 00 01 00 00 00 77 R.Ju.xHD .......w >[0B0] 00 7A 00 FF FF 00 00 6E A8 0E 1F 46 2A 68 B0 64 .z.....n ...F*h.d >[0C0] 81 62 8A 9A D6 5F CD BD 86 51 3E 30 E2 DC 4B .b..._.. .Q>0..K >simple_packet_signature: sequence number 38 >client_sign_outgoing_message: sent SMB signature of >[000] BA 26 2A 57 D1 E6 8C 58 .&*W...X >store_sequence_for_reply: stored seq = 39 mid = 21 >write_socket(16,278) >write_socket(16,278) wrote 278 >got smb length of 168 >size=168 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 112 (0x70) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] C0 05 00 02 03 10 00 00 00 70 00 20 00 0B 00 00 ........ .p. .... >[010] 00 30 00 00 00 00 00 00 00 BD B2 84 26 69 F3 ED .0...... ....&i.. >[020] 50 3A 83 67 82 57 21 76 F9 C5 49 04 31 64 EB AF P:.g.W!v ..I.1d.. >[030] 6B C7 A9 4B 79 4C 56 0B CC 12 FE 8E E3 C9 C1 62 k..KyLV. .......b >[040] AD ED FF 6A 35 ED 9C 9A 31 44 06 00 00 01 00 00 ...j5... 1D...... >[050] 00 77 00 7A 00 FF FF 00 00 5A 9C 49 B5 04 68 03 .w.z.... .Z.I..h. >[060] C0 D8 7B 2C E2 44 00 F9 7E B7 10 28 22 F7 20 22 ..{,.D.. ~..(". " >[070] 6F o >get_sequence_for_reply: found seq = 39 mid = 21 >simple_packet_signature: sequence number 39 >client_check_incoming_message: seq 39: got good SMB signature of >[000] 2F EA DA C7 25 6C 18 8C /...%l.. >size=168 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 112 (0x70) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=113 >[000] C0 05 00 02 03 10 00 00 00 70 00 20 00 0B 00 00 ........ .p. .... >[010] 00 30 00 00 00 00 00 00 00 BD B2 84 26 69 F3 ED .0...... ....&i.. >[020] 50 3A 83 67 82 57 21 76 F9 C5 49 04 31 64 EB AF P:.g.W!v ..I.1d.. >[030] 6B C7 A9 4B 79 4C 56 0B CC 12 FE 8E E3 C9 C1 62 k..KyLV. .......b >[040] AD ED FF 6A 35 ED 9C 9A 31 44 06 00 00 01 00 00 ...j5... 1D...... >[050] 00 77 00 7A 00 FF FF 00 00 5A 9C 49 B5 04 68 03 .w.z.... .Z.I..h. >[060] C0 D8 7B 2C E2 44 00 F9 7E B7 10 28 22 F7 20 22 ..{,.D.. ~..(". " >[070] 6F o >get_sequence_for_reply: found seq = 39 mid = 21 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0070 > 000a auth_len : 0020 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000030 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000048 smb_io_rpc_hdr_auth hdr_auth > 0048 auth_type : 44 > 0049 auth_level : 06 > 004a auth_pad_len : 00 > 004b auth_reserved: 00 > 004c auth_context_id: 00000001 >000050 smb_io_rpc_auth_schannel_chk > 0050 sig : 77 00 7a 00 ff ff 00 00 > 0058 seq_num: 5a 9c 49 b5 04 68 03 c0 > 0060 packet_digest: d8 7b 2c e2 44 00 f9 7e > 0068 confounder: b7 10 28 22 f7 20 22 6f >SCHANNEL: schannel_decode seq_num=3 data_len=48 >SCHANNEL: schannel_decode seq_num=3 data_len=48 >cli_pipe_validate_current_pdu: got pdu len 112, data_len 48, ss_len 0 >rpc_api_pipe: got PDU len of 112 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f returned 96 bytes. > netr_GetAnyDCName: struct netr_GetAnyDCName > out: struct netr_GetAnyDCName > dcname : * > dcname : * > dcname : '\\EIGHTAD-DC' > result : WERR_OK >Storing response for pid 9850, len 3496 >timed_events_timeout: 604693/265281 >Destroying timed event 2ab26bafadb0 "async_request_timeout_handler" >Retrieving response for pid 9850 >Received getdcname response >Sending request to child pid 0 (domain=EIGHTAD6) >fork_domain_child called for domain 'EIGHTAD6' >select will use timeout of 604693.265281 seconds >Child process 9865 >Deregistering messaging pointer for type 769 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >set_domain_online_request: called for domain EIGHTAD6 >set_domain_online_request: domain EIGHTAD6 was globally offline. >Added timed event "check_domain_online_handler": 2ab26bafab60 >set_domain_online_request: called for domain CHILD03 >set_domain_online_request: domain CHILD03 was globally offline. >Added timed event "check_domain_online_handler": 2ab26bad5650 >timed_events_timeout: 4/999911 >select will use timeout of 4.999911 seconds >Added timed event "async_request_timeout_handler": 2ab26bafadb0 >timed_events_timeout: 299/999963 >child daemon request 48 >child_process_request: request fn INIT_CONNECTION >connection_ok: Connection to EIGHTAD-DC for domain EIGHTAD6 has NULL cli! >Cache entry with key = SAFJOIN/DOMAIN/EIGHTAD6 couldn't be found >Returning valid cache entry: key = SAF/DOMAIN/EIGHTAD6, value = eightad-dc.eightad6.testing.com, timeout = Wed Nov 25 18:45:20 2009 >saf_fetch: Returning "eightad-dc.eightad6.testing.com" for "EIGHTAD6" domain >Cache entry with key = NEG_CONN_CACHE/EIGHTAD6,eightad-dc.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain EIGHTAD6 server eightad-dc.eightad6.testing.com >cm_open_connection: saf_servername is 'eightad-dc.eightad6.testing.com' for domain EIGHTAD6 >cm_open_connection: dcname is 'eightad-dc.eightad6.testing.com' for domain EIGHTAD6 >Cache entry with key = NEG_CONN_CACHE/EIGHTAD6,eightad-dc.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain EIGHTAD6 server eightad-dc.eightad6.testing.com >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up eightad-dc.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning expired cache entry: key = NBT/EIGHTAD-DC.EIGHTAD6.TESTING.COM#20, value = 192.168.12.179:0, timeout = Wed Nov 25 18:31:21 2009 >no entry for eightad-dc.eightad6.testing.com#20 found. >resolve_lmhosts: Attempting lmhosts lookup for name eightad-dc.eightad6.testing.com<0x20> >getlmhostsent: lmhost entry: 127.0.0.1 localhost >resolve_wins: Attempting wins lookup for name eightad-dc.eightad6.testing.com<0x20> >resolve_wins: WINS server resolution selected and no WINS servers listed. >resolve_hosts: Attempting host lookup for name eightad-dc.eightad6.testing.com<0x20> >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 1 address for eightad-dc.eightad6.testing.com#20: 192.168.12.179 >Adding cache entry with key = NBT/EIGHTAD-DC.EIGHTAD6.TESTING.COM#20; value = 192.168.12.179:0 and timeout = Wed Nov 25 18:42:25 2009 > (660 seconds ahead) >internal_resolve_name: returning 1 addresses: 192.168.12.179:0 >cm_prepare_connection: connecting to DC eightad-dc.eightad6.testing.com for domain EIGHTAD6 >write_socket(19,194) >write_socket(19,194) wrote 194 >got smb length of 193 >size=193 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9865 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=29312 (0x7280) >smb_vwv[12]=23307 (0x5B0B) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=124 >[000] B1 33 D1 21 52 B8 4C 49 AF 1D D9 07 4D 97 E2 FA .3.!R.LI ....M... >[010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi >[060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p >[070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >size=193 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9865 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=29312 (0x7280) >smb_vwv[12]=23307 (0x5B0B) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=124 >[000] B1 33 D1 21 52 B8 4C 49 AF 1D D9 07 4D 97 E2 FA .3.!R.LI ....M... >[010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi >[060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p >[070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >connecting to eightad-dc.eightad6.testing.com from ALTAIR with kerberos principal [ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM] and realm [eightad6.testing.com] >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Doing spnego session setup (blob length=124) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=not_defined_in_RFC4178@please_ignore >kerberos_kinit_password: as ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM using [MEMORY:cliconnect] as ccache and config [(null)] >cli_session_setup_spnego: got a bad server principal, trying to guess ... >cli_session_setup_spnego: guessed server principal=eightad-dc$@EIGHTAD6 >Doing kerberos session setup >ads_krb5_mk_req: krb5_get_credentials failed for eightad-dc$@EIGHTAD6 (Cannot find KDC for requested realm) >cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm >failed kerberos session setup with Cannot find KDC for requested realm >connecting to eightad-dc.eightad6.testing.com from ALTAIR with username [CHILD03]\[ALTAIR$] >Doing spnego session setup (blob length=124) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=not_defined_in_RFC4178@please_ignore >write_socket(19,164) >write_socket(19,164) wrote 164 >got smb length of 552 >size=552 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9865 >smb_uid=4097 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 552 (0x228) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 321 (0x141) >smb_bcc=509 >[000] A1 82 01 3D 30 82 01 39 A0 03 0A 01 01 A1 0C 06 ...=0..9 ........ >[010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 22 04 .+.....7 ......". >[020] 82 01 1E 4E 54 4C 4D 53 53 50 00 02 00 00 00 10 ...NTLMS SP...... >[030] 00 10 00 38 00 00 00 15 82 89 62 48 22 78 4F 7A ...8.... ..bH"xOz >[040] 92 ED 3B 00 00 00 00 00 00 00 00 D6 00 D6 00 48 ..;..... .......H >[050] 00 00 00 06 00 71 17 00 00 00 0F 45 00 49 00 47 .....q.. ...E.I.G >[060] 00 48 00 54 00 41 00 44 00 36 00 02 00 10 00 45 .H.T.A.D .6.....E >[070] 00 49 00 47 00 48 00 54 00 41 00 44 00 36 00 01 .I.G.H.T .A.D.6.. >[080] 00 14 00 45 00 49 00 47 00 48 00 54 00 41 00 44 ...E.I.G .H.T.A.D >[090] 00 2D 00 44 00 43 00 04 00 28 00 65 00 69 00 67 .-.D.C.. .(.e.i.g >[0A0] 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 .h.t.a.d .6...t.e >[0B0] 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F .s.t.i.n .g...c.o >[0C0] 00 6D 00 03 00 3E 00 65 00 69 00 67 00 68 00 74 .m...>.e .i.g.h.t >[0D0] 00 61 00 64 00 2D 00 64 00 63 00 2E 00 65 00 69 .a.d.-.d .c...e.i >[0E0] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[0F0] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[100] 00 6F 00 6D 00 05 00 28 00 65 00 69 00 67 00 68 .o.m...( .e.i.g.h >[110] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[120] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[130] 00 07 00 08 00 34 CE 5F 66 CF 6D CA 01 00 00 00 .....4._ f.m..... >[140] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. >[150] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( >[160] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. >[170] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i >[180] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. >[190] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. >[1A0] 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 .P.a.c.k . .1...W >[1B0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 .i.n.d.o .w.s. .S >[1C0] 00 65 00 72 00 76 00 65 00 72 00 20 00 28 00 52 .e.r.v.e .r. .(.R >[1D0] 00 29 00 20 00 32 00 30 00 30 00 38 00 20 00 45 .). .2.0 .0.8. .E >[1E0] 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 00 73 .n.t.e.r .p.r.i.s >[1F0] 00 65 00 20 00 36 00 2E 00 30 00 00 00 .e. .6.. .0... >size=552 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9865 >smb_uid=4097 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 552 (0x228) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 321 (0x141) >smb_bcc=509 >[000] A1 82 01 3D 30 82 01 39 A0 03 0A 01 01 A1 0C 06 ...=0..9 ........ >[010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 22 04 .+.....7 ......". >[020] 82 01 1E 4E 54 4C 4D 53 53 50 00 02 00 00 00 10 ...NTLMS SP...... >[030] 00 10 00 38 00 00 00 15 82 89 62 48 22 78 4F 7A ...8.... ..bH"xOz >[040] 92 ED 3B 00 00 00 00 00 00 00 00 D6 00 D6 00 48 ..;..... .......H >[050] 00 00 00 06 00 71 17 00 00 00 0F 45 00 49 00 47 .....q.. ...E.I.G >[060] 00 48 00 54 00 41 00 44 00 36 00 02 00 10 00 45 .H.T.A.D .6.....E >[070] 00 49 00 47 00 48 00 54 00 41 00 44 00 36 00 01 .I.G.H.T .A.D.6.. >[080] 00 14 00 45 00 49 00 47 00 48 00 54 00 41 00 44 ...E.I.G .H.T.A.D >[090] 00 2D 00 44 00 43 00 04 00 28 00 65 00 69 00 67 .-.D.C.. .(.e.i.g >[0A0] 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 .h.t.a.d .6...t.e >[0B0] 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F .s.t.i.n .g...c.o >[0C0] 00 6D 00 03 00 3E 00 65 00 69 00 67 00 68 00 74 .m...>.e .i.g.h.t >[0D0] 00 61 00 64 00 2D 00 64 00 63 00 2E 00 65 00 69 .a.d.-.d .c...e.i >[0E0] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[0F0] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[100] 00 6F 00 6D 00 05 00 28 00 65 00 69 00 67 00 68 .o.m...( .e.i.g.h >[110] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[120] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[130] 00 07 00 08 00 34 CE 5F 66 CF 6D CA 01 00 00 00 .....4._ f.m..... >[140] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. >[150] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( >[160] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. >[170] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i >[180] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. >[190] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. >[1A0] 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 .P.a.c.k . .1...W >[1B0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 .i.n.d.o .w.s. .S >[1C0] 00 65 00 72 00 76 00 65 00 72 00 20 00 28 00 52 .e.r.v.e .r. .(.R >[1D0] 00 29 00 20 00 32 00 30 00 30 00 38 00 20 00 45 .). .2.0 .0.8. .E >[1E0] 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 00 73 .n.t.e.r .p.r.i.s >[1F0] 00 65 00 20 00 36 00 2E 00 30 00 00 00 .e. .6.. .0... >Got challenge flags: >Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >write_socket(19,504) >write_socket(19,504) wrote 504 >got smb length of 240 >size=240 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9865 >smb_uid=4097 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 240 (0xF0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=197 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v >[020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 >[030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e >[040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 36 .r.p.r.i .s.e. .6 >[050] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v >[060] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[070] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o >[080] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e >[090] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 >[0A0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r >[0B0] 00 70 00 72 00 69 00 73 00 65 00 20 00 36 00 2E .p.r.i.s .e. .6.. >[0C0] 00 30 00 00 00 .0... >size=240 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9865 >smb_uid=4097 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 240 (0xF0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=197 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v >[020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 >[030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e >[040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 36 .r.p.r.i .s.e. .6 >[050] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v >[060] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[070] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o >[080] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e >[090] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 >[0A0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r >[0B0] 00 70 00 72 00 69 00 73 00 65 00 20 00 36 00 2E .p.r.i.s .e. .6.. >[0C0] 00 30 00 00 00 .0... >Mandatory SMB signing enabled! >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 12 69 73 50 7E 33 0D 06 EE 4A 87 F2 D9 AA D4 60 .isP~3.. .J.....` >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 8F 64 07 A6 84 EC B9 93 .d...... >store_sequence_for_reply: stored seq = 1 mid = 3 >get_sequence_for_reply: found seq = 1 mid = 3 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 90 F2 C9 8C 87 63 D7 F7 .....c.. >cli_init_creds: user ALTAIR$ domain CHILD03 >saf_store: domain = [EIGHTAD6], server = [eightad-dc.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/EIGHTAD6; value = eightad-dc.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] A4 32 8A B2 D1 C9 D6 B6 .2...... >store_sequence_for_reply: stored seq = 3 mid = 4 >write_socket(19,130) >write_socket(19,130) wrote 130 >got smb length of 56 >size=56 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=4 >smt_wct=7 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]=65535 (0xFFFF) >smb_vwv[ 4]= 31 (0x1F) >smb_vwv[ 5]=65535 (0xFFFF) >smb_vwv[ 6]= 31 (0x1F) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 4 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] 6B AF 50 39 BF E8 F7 4A k.P9...J >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >set_global_winbindd_state_online: online requested. >set_global_winbindd_state_online: rejecting. >set_domain_online: called for domain EIGHTAD6 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Destroying timed event 2ab26bafab60 "check_domain_online_handler" >set_dc_type_and_flags_trustinfo: domain EIGHTAD6 >connection_ok: Connection to norma.child03.eightad6.testing.com for domain CHILD03 has died or was never started (fd == -1) >set_dc_type_and_flags_trustinfo: No connection to our domain! >set_dc_type_and_flags_connect: domain EIGHTAD6 >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 91 1D B9 8A 42 FB 1C 5F ....B.._ >store_sequence_for_reply: stored seq = 5 mid = 5 >write_socket(19,104) >write_socket(19,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=5 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1024 (0x400) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 5 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] 9C 6F 02 D3 6F 51 7E C0 .o..oQ~. >Bind RPC Pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16388 (0x4004) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] ED 84 60 96 C8 5E A2 0A ..`..^.. >store_sequence_for_reply: stored seq = 7 mid = 6 >write_socket(19,158) >write_socket(19,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... >[010] 00 B8 10 B8 10 9C 4A 00 00 0C 00 5C 70 69 70 65 ......J. ...\pipe >[020] 5C 6C 73 61 73 73 00 98 9A 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 7 mid = 6 >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] F0 74 D4 20 C9 7A 99 74 .t. .z.t >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... >[010] 00 B8 10 B8 10 9C 4A 00 00 0C 00 5C 70 69 70 65 ......J. ...\pipe >[020] 5C 6C 73 61 73 73 00 98 9A 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 7 mid = 6 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 returned 68 bytes. >rpc_pipe_bind: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00004a9c > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \pipe\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine eightad-dc.eightad6.testing.com and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000002 > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=7 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16388 (0x4004) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 07 00 00 00 02 ........ ........ >[020] 00 00 00 00 00 00 00 01 00 ........ . >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] 64 E8 BB 34 99 88 41 F3 d..4..A. >store_sequence_for_reply: stored seq = 9 mid = 7 >write_socket(19,112) >write_socket(19,112) wrote 112 >got smb length of 272 >size=272 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 216 (0xD8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 216 (0xD8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=217 >[000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 07 00 00 ........ ........ >[010] 00 C0 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ >[030] 00 0C 00 02 00 B2 37 C4 3B C5 76 BD 4E B2 C2 BC ......7. ;.v.N... >[040] 53 0C E4 9A 8A 09 00 00 00 00 00 00 00 09 00 00 S....... ........ >[050] 00 45 00 49 00 47 00 48 00 54 00 41 00 44 00 36 .E.I.G.H .T.A.D.6 >[060] 00 00 00 00 00 15 00 00 00 00 00 00 00 15 00 00 ........ ........ >[070] 00 65 00 69 00 67 00 68 00 74 00 61 00 64 00 36 .e.i.g.h .t.a.d.6 >[080] 00 2E 00 74 00 65 00 73 00 74 00 69 00 6E 00 67 ...t.e.s .t.i.n.g >[090] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 15 00 00 ...c.o.m ........ >[0A0] 00 00 00 00 00 15 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0B0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0C0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0D0] 00 00 00 00 00 00 00 00 00 ........ . >get_sequence_for_reply: found seq = 9 mid = 7 >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] 49 D2 22 6B F3 F3 BE D2 I."k.... >size=272 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=7 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 216 (0xD8) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 216 (0xD8) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=217 >[000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 07 00 00 ........ ........ >[010] 00 C0 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ >[020] 00 05 00 00 00 01 00 00 01 04 00 02 00 08 00 02 ........ ........ >[030] 00 0C 00 02 00 B2 37 C4 3B C5 76 BD 4E B2 C2 BC ......7. ;.v.N... >[040] 53 0C E4 9A 8A 09 00 00 00 00 00 00 00 09 00 00 S....... ........ >[050] 00 45 00 49 00 47 00 48 00 54 00 41 00 44 00 36 .E.I.G.H .T.A.D.6 >[060] 00 00 00 00 00 15 00 00 00 00 00 00 00 15 00 00 ........ ........ >[070] 00 65 00 69 00 67 00 68 00 74 00 61 00 64 00 36 .e.i.g.h .t.a.d.6 >[080] 00 2E 00 74 00 65 00 73 00 74 00 69 00 6E 00 67 ...t.e.s .t.i.n.g >[090] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 15 00 00 ...c.o.m ........ >[0A0] 00 00 00 00 00 15 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0B0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0C0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0D0] 00 00 00 00 00 00 00 00 00 ........ . >get_sequence_for_reply: found seq = 9 mid = 7 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00d8 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000c0 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 216, data_len 192, ss_len 0 >rpc_api_pipe: got PDU len of 216 at offset 0 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 returned 384 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000001 (16777217) > 1: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'EIGHTAD6' > dns_domain : * > dns_domain : 'eightad6.testing.com' > forest : * > forest : 'eightad6.testing.com' > domain_guid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > result : WERR_OK >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] 9A 4D 43 E8 B1 73 61 31 .MC..sa1 >store_sequence_for_reply: stored seq = 11 mid = 8 >write_socket(19,45) >write_socket(19,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=8 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 11 mid = 8 >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] E4 6E 31 3C 85 C0 28 1E .n1<..(. >rpc_pipe_destructor: closed host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4004 >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 5D 55 09 C1 D2 13 83 DA ]U...... >store_sequence_for_reply: stored seq = 13 mid = 9 >write_socket(19,104) >write_socket(19,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=9 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1280 (0x500) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 9 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] B6 03 68 45 33 84 74 74 ..hE3.tt >Bind RPC Pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16389 (0x4005) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] BE CF C5 58 72 AA 53 E6 ...Xr.S. >store_sequence_for_reply: stored seq = 15 mid = 10 >write_socket(19,158) >write_socket(19,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... >[010] 00 B8 10 B8 10 9D 4A 00 00 0C 00 5C 70 69 70 65 ......J. ...\pipe >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 15 mid = 10 >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 7E 77 6D D3 D0 35 C1 7E ~wm..5.~ >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... >[010] 00 B8 10 B8 10 9D 4A 00 00 0C 00 5C 70 69 70 65 ......J. ...\pipe >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 15 mid = 10 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000008 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 returned 68 bytes. >rpc_pipe_bind: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00004a9d > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \pipe\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine eightad-dc.eightad6.testing.com and bound anonymously. >init_lsa_sec_qos >init_lsa_obj_attr > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\EIGHTAD-DC.EIGHTAD6.TESTING.COM' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0090 > 000a auth_len : 0000 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000078 > 0014 context_id: 0000 > 0016 opnum : 002c >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 >size=226 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 144 (0x90) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 144 (0x90) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16389 (0x4005) >smb_bcc=159 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 90 00 00 00 09 00 00 00 78 ........ .......x >[020] 00 00 00 00 00 2C 00 00 00 02 00 22 00 00 00 00 .....,.. ...".... >[030] 00 00 00 22 00 00 00 5C 00 5C 00 45 00 49 00 47 ..."...\ .\.E.I.G >[040] 00 48 00 54 00 41 00 44 00 2D 00 44 00 43 00 2E .H.T.A.D .-.D.C.. >[050] 00 45 00 49 00 47 00 48 00 54 00 41 00 44 00 36 .E.I.G.H .T.A.D.6 >[060] 00 2E 00 54 00 45 00 53 00 54 00 49 00 4E 00 47 ...T.E.S .T.I.N.G >[070] 00 2E 00 43 00 4F 00 4D 00 00 00 18 00 00 00 00 ...C.O.M ........ >[080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ >[090] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] 7C F6 C9 6F D2 EC 0D 86 |..o.... >store_sequence_for_reply: stored seq = 17 mid = 11 >write_socket(19,230) >write_socket(19,230) wrote 230 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CB BD D0 ........ ........ >[020] A4 D4 0F E1 4A AA B5 87 40 48 A7 F7 FA 00 00 00 ....J... @H...... >[030] 00 . >get_sequence_for_reply: found seq = 17 mid = 11 >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] 10 DA 2A 81 B5 3A CB 42 ..*..:.B >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CB BD D0 ........ ........ >[020] A4 D4 0F E1 4A AA B5 87 40 48 A7 F7 FA 00 00 00 ....J... @H...... >[030] 00 . >get_sequence_for_reply: found seq = 17 mid = 11 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got PDU len of 48 at offset 0 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 returned 48 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4d0bdcb-0fd4-4ae1-aab5-874048a7f7fa > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : a4d0bdcb-0fd4-4ae1-aab5-874048a7f7fa > level : LSA_POLICY_INFO_DNS (12) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000016 > 0014 context_id: 0000 > 0016 opnum : 002e >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=12 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16389 (0x4005) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 2E 00 00 00 0A 00 00 00 16 ........ ........ >[020] 00 00 00 00 00 2E 00 00 00 00 00 CB BD D0 A4 D4 ........ ........ >[030] 0F E1 4A AA B5 87 40 48 A7 F7 FA 0C 00 ..J...@H ..... >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] 7A 72 A3 2D E3 4E 78 A9 zr.-.Nx. >store_sequence_for_reply: stored seq = 19 mid = 12 >write_socket(19,132) >write_socket(19,132) wrote 132 >got smb length of 296 >size=296 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=12 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 240 (0xF0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 240 (0xF0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=241 >[000] 00 05 00 02 03 10 00 00 00 F0 00 00 00 0A 00 00 ........ ........ >[010] 00 D8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ >[020] 00 10 00 12 00 04 00 02 00 28 00 2A 00 08 00 02 ........ .(.*.... >[030] 00 28 00 2A 00 0C 00 02 00 B2 37 C4 3B C5 76 BD .(.*.... ..7.;.v. >[040] 4E B2 C2 BC 53 0C E4 9A 8A 10 00 02 00 09 00 00 N...S... ........ >[050] 00 00 00 00 00 08 00 00 00 45 00 49 00 47 00 48 ........ .E.I.G.H >[060] 00 54 00 41 00 44 00 36 00 15 00 00 00 00 00 00 .T.A.D.6 ........ >[070] 00 14 00 00 00 65 00 69 00 67 00 68 00 74 00 61 .....e.i .g.h.t.a >[080] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[090] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 15 00 00 .n.g...c .o.m.... >[0A0] 00 00 00 00 00 14 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0B0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0C0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0D0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0E0] 00 AE 0E A8 09 C1 88 36 76 F1 01 27 F7 00 00 00 .......6 v..'.... >[0F0] 00 . >get_sequence_for_reply: found seq = 19 mid = 12 >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] 84 95 50 20 B8 7D A4 20 ..P .}. >size=296 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=12 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 240 (0xF0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 240 (0xF0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=241 >[000] 00 05 00 02 03 10 00 00 00 F0 00 00 00 0A 00 00 ........ ........ >[010] 00 D8 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ >[020] 00 10 00 12 00 04 00 02 00 28 00 2A 00 08 00 02 ........ .(.*.... >[030] 00 28 00 2A 00 0C 00 02 00 B2 37 C4 3B C5 76 BD .(.*.... ..7.;.v. >[040] 4E B2 C2 BC 53 0C E4 9A 8A 10 00 02 00 09 00 00 N...S... ........ >[050] 00 00 00 00 00 08 00 00 00 45 00 49 00 47 00 48 ........ .E.I.G.H >[060] 00 54 00 41 00 44 00 36 00 15 00 00 00 00 00 00 .T.A.D.6 ........ >[070] 00 14 00 00 00 65 00 69 00 67 00 68 00 74 00 61 .....e.i .g.h.t.a >[080] 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 00 69 .d.6...t .e.s.t.i >[090] 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 15 00 00 .n.g...c .o.m.... >[0A0] 00 00 00 00 00 14 00 00 00 65 00 69 00 67 00 68 ........ .e.i.g.h >[0B0] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[0C0] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[0D0] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ >[0E0] 00 AE 0E A8 09 C1 88 36 76 F1 01 27 F7 00 00 00 .......6 v..'.... >[0F0] 00 . >get_sequence_for_reply: found seq = 19 mid = 12 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00f0 > 000a auth_len : 0000 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000d8 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 240, data_len 216, ss_len 0 >rpc_api_pipe: got PDU len of 240 at offset 0 >rpc_api_pipe: host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 returned 432 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x0010 (16) > size : 0x0012 (18) > string : * > string : 'EIGHTAD6' > dns_domain: struct lsa_StringLarge > length : 0x0028 (40) > size : 0x002a (42) > string : * > string : 'eightad6.testing.com' > dns_forest: struct lsa_StringLarge > length : 0x0028 (40) > size : 0x002a (42) > string : * > string : 'eightad6.testing.com' > domain_guid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > sid : * > sid : S-1-5-21-162008750-1983285441-4146528753 > result : NT_STATUS_OK >set_dc_type_and_flags_connect: domain EIGHTAD6 is in native mode. >set_dc_type_and_flags_connect: domain EIGHTAD6 is running active directory. >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 75 18 41 93 F5 09 6E 70 u.A...np >store_sequence_for_reply: stored seq = 21 mid = 13 >write_socket(19,45) >write_socket(19,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9865 >smb_uid=4097 >smb_mid=13 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 13 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] DA 7C F1 2B 5A 66 5A 17 .|.+ZfZ. >rpc_pipe_destructor: closed host eightad-dc.eightad6.testing.com, pipe \lsarpc, fnum 0x4005 >Storing response for pid 9865, len 3496 >timed_events_timeout: 4/920390 >select will use timeout of 4.920390 seconds >Destroying timed event 2ab26bafadb0 "async_request_timeout_handler" >Retrieving response for pid 9865 >Received child initialization response for domain EIGHTAD6 >connection_ok: Connection to for domain EIGHTAD6 has NULL cli! >Cache entry with key = SAFJOIN/DOMAIN/EIGHTAD6 couldn't be found >Returning valid cache entry: key = SAF/DOMAIN/EIGHTAD6, value = eightad-dc.eightad6.testing.com, timeout = Wed Nov 25 18:46:25 2009 >saf_fetch: Returning "eightad-dc.eightad6.testing.com" for "EIGHTAD6" domain >Cache entry with key = NEG_CONN_CACHE/EIGHTAD6,eightad-dc.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain EIGHTAD6 server eightad-dc.eightad6.testing.com >cm_open_connection: saf_servername is 'eightad-dc.eightad6.testing.com' for domain EIGHTAD6 >cm_open_connection: dcname is 'eightad-dc.eightad6.testing.com' for domain EIGHTAD6 >Cache entry with key = NEG_CONN_CACHE/EIGHTAD6,eightad-dc.eightad6.testing.com couldn't be found >check_negative_conn_cache returning result 0 for domain EIGHTAD6 server eightad-dc.eightad6.testing.com >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up eightad-dc.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/EIGHTAD-DC.EIGHTAD6.TESTING.COM#20, value = 192.168.12.179:0, timeout = Wed Nov 25 18:42:25 2009 >name eightad-dc.eightad6.testing.com#20 found. >cm_prepare_connection: connecting to DC eightad-dc.eightad6.testing.com for domain EIGHTAD6 >write_socket(17,194) >write_socket(17,194) wrote 194 >got smb length of 193 >size=193 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9849 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=22400 (0x5780) >smb_vwv[12]=26354 (0x66F2) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=124 >[000] B1 33 D1 21 52 B8 4C 49 AF 1D D9 07 4D 97 E2 FA .3.!R.LI ....M... >[010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi >[060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p >[070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >size=193 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51201 >smb_tid=0 >smb_pid=9849 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 9 (0x9) >smb_vwv[ 1]=12815 (0x320F) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 499 (0x1F3) >smb_vwv[11]=22400 (0x5780) >smb_vwv[12]=26354 (0x66F2) >smb_vwv[13]=53094 (0xCF66) >smb_vwv[14]=51821 (0xCA6D) >smb_vwv[15]=46593 (0xB601) >smb_vwv[16]= 254 (0xFE) >smb_bcc=124 >[000] B1 33 D1 21 52 B8 4C 49 AF 1D D9 07 4D 97 E2 FA .3.!R.LI ....M... >[010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi >[060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p >[070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >connecting to eightad-dc.eightad6.testing.com from ALTAIR with kerberos principal [ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM] and realm [eightad6.testing.com] >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >Doing spnego session setup (blob length=124) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=not_defined_in_RFC4178@please_ignore >kerberos_kinit_password: as ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM using [MEMORY:cliconnect] as ccache and config [(null)] >cli_session_setup_spnego: got a bad server principal, trying to guess ... >cli_session_setup_spnego: guessed server principal=eightad-dc$@EIGHTAD6 >Doing kerberos session setup >ads_krb5_mk_req: krb5_get_credentials failed for eightad-dc$@EIGHTAD6 (Cannot find KDC for requested realm) >cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm >failed kerberos session setup with Cannot find KDC for requested realm >connecting to eightad-dc.eightad6.testing.com from ALTAIR with username [CHILD03]\[ALTAIR$] >Doing spnego session setup (blob length=124) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=not_defined_in_RFC4178@please_ignore >write_socket(17,164) >write_socket(17,164) wrote 164 >got smb length of 552 >size=552 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9849 >smb_uid=4097 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 552 (0x228) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 321 (0x141) >smb_bcc=509 >[000] A1 82 01 3D 30 82 01 39 A0 03 0A 01 01 A1 0C 06 ...=0..9 ........ >[010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 22 04 .+.....7 ......". >[020] 82 01 1E 4E 54 4C 4D 53 53 50 00 02 00 00 00 10 ...NTLMS SP...... >[030] 00 10 00 38 00 00 00 15 82 89 62 2D 08 F0 05 9A ...8.... ..b-.... >[040] 9E 7C 85 00 00 00 00 00 00 00 00 D6 00 D6 00 48 .|...... .......H >[050] 00 00 00 06 00 71 17 00 00 00 0F 45 00 49 00 47 .....q.. ...E.I.G >[060] 00 48 00 54 00 41 00 44 00 36 00 02 00 10 00 45 .H.T.A.D .6.....E >[070] 00 49 00 47 00 48 00 54 00 41 00 44 00 36 00 01 .I.G.H.T .A.D.6.. >[080] 00 14 00 45 00 49 00 47 00 48 00 54 00 41 00 44 ...E.I.G .H.T.A.D >[090] 00 2D 00 44 00 43 00 04 00 28 00 65 00 69 00 67 .-.D.C.. .(.e.i.g >[0A0] 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 .h.t.a.d .6...t.e >[0B0] 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F .s.t.i.n .g...c.o >[0C0] 00 6D 00 03 00 3E 00 65 00 69 00 67 00 68 00 74 .m...>.e .i.g.h.t >[0D0] 00 61 00 64 00 2D 00 64 00 63 00 2E 00 65 00 69 .a.d.-.d .c...e.i >[0E0] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[0F0] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[100] 00 6F 00 6D 00 05 00 28 00 65 00 69 00 67 00 68 .o.m...( .e.i.g.h >[110] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[120] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[130] 00 07 00 08 00 B8 53 69 66 CF 6D CA 01 00 00 00 ......Si f.m..... >[140] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. >[150] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( >[160] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. >[170] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i >[180] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. >[190] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. >[1A0] 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 .P.a.c.k . .1...W >[1B0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 .i.n.d.o .w.s. .S >[1C0] 00 65 00 72 00 76 00 65 00 72 00 20 00 28 00 52 .e.r.v.e .r. .(.R >[1D0] 00 29 00 20 00 32 00 30 00 30 00 38 00 20 00 45 .). .2.0 .0.8. .E >[1E0] 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 00 73 .n.t.e.r .p.r.i.s >[1F0] 00 65 00 20 00 36 00 2E 00 30 00 00 00 .e. .6.. .0... >size=552 >smb_com=0x73 >smb_rcls=22 >smb_reh=0 >smb_err=49152 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9849 >smb_uid=4097 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 552 (0x228) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 321 (0x141) >smb_bcc=509 >[000] A1 82 01 3D 30 82 01 39 A0 03 0A 01 01 A1 0C 06 ...=0..9 ........ >[010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 22 04 .+.....7 ......". >[020] 82 01 1E 4E 54 4C 4D 53 53 50 00 02 00 00 00 10 ...NTLMS SP...... >[030] 00 10 00 38 00 00 00 15 82 89 62 2D 08 F0 05 9A ...8.... ..b-.... >[040] 9E 7C 85 00 00 00 00 00 00 00 00 D6 00 D6 00 48 .|...... .......H >[050] 00 00 00 06 00 71 17 00 00 00 0F 45 00 49 00 47 .....q.. ...E.I.G >[060] 00 48 00 54 00 41 00 44 00 36 00 02 00 10 00 45 .H.T.A.D .6.....E >[070] 00 49 00 47 00 48 00 54 00 41 00 44 00 36 00 01 .I.G.H.T .A.D.6.. >[080] 00 14 00 45 00 49 00 47 00 48 00 54 00 41 00 44 ...E.I.G .H.T.A.D >[090] 00 2D 00 44 00 43 00 04 00 28 00 65 00 69 00 67 .-.D.C.. .(.e.i.g >[0A0] 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 .h.t.a.d .6...t.e >[0B0] 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F .s.t.i.n .g...c.o >[0C0] 00 6D 00 03 00 3E 00 65 00 69 00 67 00 68 00 74 .m...>.e .i.g.h.t >[0D0] 00 61 00 64 00 2D 00 64 00 63 00 2E 00 65 00 69 .a.d.-.d .c...e.i >[0E0] 00 67 00 68 00 74 00 61 00 64 00 36 00 2E 00 74 .g.h.t.a .d.6...t >[0F0] 00 65 00 73 00 74 00 69 00 6E 00 67 00 2E 00 63 .e.s.t.i .n.g...c >[100] 00 6F 00 6D 00 05 00 28 00 65 00 69 00 67 00 68 .o.m...( .e.i.g.h >[110] 00 74 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 .t.a.d.6 ...t.e.s >[120] 00 74 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D .t.i.n.g ...c.o.m >[130] 00 07 00 08 00 B8 53 69 66 CF 6D CA 01 00 00 00 ......Si f.m..... >[140] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. >[150] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( >[160] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. >[170] 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 .E.n.t.e .r.p.r.i >[180] 00 73 00 65 00 20 00 36 00 30 00 30 00 31 00 20 .s.e. .6 .0.0.1. >[190] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. >[1A0] 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 .P.a.c.k . .1...W >[1B0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 .i.n.d.o .w.s. .S >[1C0] 00 65 00 72 00 76 00 65 00 72 00 20 00 28 00 52 .e.r.v.e .r. .(.R >[1D0] 00 29 00 20 00 32 00 30 00 30 00 38 00 20 00 45 .). .2.0 .0.8. .E >[1E0] 00 6E 00 74 00 65 00 72 00 70 00 72 00 69 00 73 .n.t.e.r .p.r.i.s >[1F0] 00 65 00 20 00 36 00 2E 00 30 00 00 00 .e. .6.. .0... >Got challenge flags: >Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >write_socket(17,504) >write_socket(17,504) wrote 504 >got smb length of 240 >size=240 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9849 >smb_uid=4097 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 240 (0xF0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=197 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v >[020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 >[030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e >[040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 36 .r.p.r.i .s.e. .6 >[050] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v >[060] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[070] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o >[080] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e >[090] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 >[0A0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r >[0B0] 00 70 00 72 00 69 00 73 00 65 00 20 00 36 00 2E .p.r.i.s .e. .6.. >[0C0] 00 30 00 00 00 .0... >size=240 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=0 >smb_pid=9849 >smb_uid=4097 >smb_mid=3 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 240 (0xF0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 9 (0x9) >smb_bcc=197 >[000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d >[010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v >[020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 >[030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e >[040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 36 .r.p.r.i .s.e. .6 >[050] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v >[060] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k >[070] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o >[080] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e >[090] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 >[0A0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r >[0B0] 00 70 00 72 00 69 00 73 00 65 00 20 00 36 00 2E .p.r.i.s .e. .6.. >[0C0] 00 30 00 00 00 .0... >Mandatory SMB signing enabled! >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] AD 74 69 0D FE BE BF 2F 6C 39 AC 14 E9 04 E8 3D .ti..../ l9.....= >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] 7C 34 5C A3 8B 98 C4 33 |4\....3 >store_sequence_for_reply: stored seq = 1 mid = 3 >get_sequence_for_reply: found seq = 1 mid = 3 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 1C AE F9 70 C5 46 40 26 ...p.F@& >cli_init_creds: user ALTAIR$ domain CHILD03 >saf_store: domain = [EIGHTAD6], server = [eightad-dc.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/EIGHTAD6; value = eightad-dc.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 2B D9 40 CA 83 E6 11 3A +.@....: >store_sequence_for_reply: stored seq = 3 mid = 4 >write_socket(17,130) >write_socket(17,130) wrote 130 >got smb length of 56 >size=56 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=2053 >smb_pid=9849 >smb_uid=4097 >smb_mid=4 >smt_wct=7 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 56 (0x38) >smb_vwv[ 2]= 1 (0x1) >smb_vwv[ 3]=65535 (0xFFFF) >smb_vwv[ 4]= 31 (0x1F) >smb_vwv[ 5]=65535 (0xFFFF) >smb_vwv[ 6]= 31 (0x1F) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 4 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] B8 8D C1 52 2F 2C D0 D4 ...R/,.. >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >set_global_winbindd_state_online: online requested. >set_global_winbindd_state_online: rejecting. >set_domain_online: called for domain EIGHTAD6 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_EIGHTAD6.TESTING.COM to: 192.168.12.179 >winbindd_set_locator_kdc_env: setting var: WINBINDD_LOCATOR_KDC_ADDRESS_CHILD03.EIGHTAD6.TESTING.COM to: 192.168.12.172 >set_dc_type_and_flags_trustinfo: domain EIGHTAD6 >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] 13 77 69 6D 92 F0 AB 0D .wim.... >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=13 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1792 (0x700) >smb_vwv[ 3]= 448 (0x1C0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] AC 81 F2 6D 4D 3A 67 E4 ...mM:g. >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 auth_type 0, auth_level 0 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=14 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49159 (0xC007) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 24 >client_sign_outgoing_message: sent SMB signature of >[000] AC 24 E2 51 4F 71 1B D3 .$.QOq.. >store_sequence_for_reply: stored seq = 25 mid = 14 >write_socket(16,158) >write_socket(16,158) wrote 158 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9F 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 76 F9 01 00 00 00 00 00 00 \lsass.v ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 25 mid = 14 >simple_packet_signature: sequence number 25 >client_check_incoming_message: seq 25: got good SMB signature of >[000] A1 67 B1 30 61 78 0A B5 .g.0ax.. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... >[010] 00 B8 10 B8 10 9F 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 76 F9 01 00 00 00 00 00 00 \lsass.v ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >get_sequence_for_reply: found seq = 25 mid = 14 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >rpc_api_pipe: got PDU len of 68 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 returned 68 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0000709f > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine norma.child03.eightad6.testing.com and bound anonymously. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > in: struct netr_ServerReqChallenge > server_name : * > server_name : '\\norma.child03.eightad6.testing.com' > computer_name : 'ALTAIR' > credentials : * > credentials: struct netr_Credential > data : bc3dd5c33d3a6d4b >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0096 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000007e > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 >size=232 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=15 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 150 (0x96) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 150 (0x96) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49159 (0xC007) >smb_bcc=165 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 96 00 00 00 07 00 00 00 7E ........ .......~ >[020] 00 00 00 00 00 04 00 00 00 02 00 25 00 00 00 00 ........ ...%.... >[030] 00 00 00 25 00 00 00 5C 00 5C 00 6E 00 6F 00 72 ...%...\ .\.n.o.r >[040] 00 6D 00 61 00 2E 00 63 00 68 00 69 00 6C 00 64 .m.a...c .h.i.l.d >[050] 00 30 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 .0.3...e .i.g.h.t >[060] 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 .a.d.6.. .t.e.s.t >[070] 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 .i.n.g.. .c.o.m.. >[080] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 41 ........ .......A >[090] 00 4C 00 54 00 41 00 49 00 52 00 00 00 BC 3D D5 .L.T.A.I .R....=. >[0A0] C3 3D 3A 6D 4B .=:mK >simple_packet_signature: sequence number 26 >client_sign_outgoing_message: sent SMB signature of >[000] 57 2A 88 26 27 C7 F6 6C W*.&'..l >store_sequence_for_reply: stored seq = 27 mid = 15 >write_socket(16,236) >write_socket(16,236) wrote 236 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 96 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 BF C3 3A 0D B4 9D 4D ........ ...:...M >[020] EB 00 00 00 00 ..... >get_sequence_for_reply: found seq = 27 mid = 15 >simple_packet_signature: sequence number 27 >client_check_incoming_message: seq 27: got good SMB signature of >[000] 56 A6 E4 5E D7 69 95 03 V..^.i.. >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 96 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... >[010] 00 0C 00 00 00 00 00 00 00 BF C3 3A 0D B4 9D 4D ........ ...:...M >[020] EB 00 00 00 00 ..... >get_sequence_for_reply: found seq = 27 mid = 15 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >rpc_api_pipe: got PDU len of 36 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 returned 24 bytes. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > out: struct netr_ServerReqChallenge > return_credentials : * > return_credentials: struct netr_Credential > data : bfc33a0db49d4deb > result : NT_STATUS_OK >creds_client_init: neg_flags : 600fffff >creds_client_init: client chal : BC3DD5C33D3A6D4B >creds_client_init: server chal : BFC33A0DB49D4DEB >creds_init_128 > clnt_chal_in: BC3DD5C33D3A6D4B > srv_chal_in : BFC33A0DB49D4DEB >creds_client_init: clnt : 3655CB18E1BF9B59 >creds_client_init: server : EFE1ACD9B11DBC35 >creds_client_init: seed : 3655CB18E1BF9B59 > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > in: struct netr_ServerAuthenticate2 > server_name : * > server_name : '\\norma.child03.eightad6.testing.com' > account_name : 'ALTAIR$' > secure_channel_type : SEC_CHAN_WKSTA (2) > computer_name : 'ALTAIR' > credentials : * > credentials: struct netr_Credential > data : 3655cb18e1bf9b59 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00bc > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 000000a4 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 >size=270 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=16 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 188 (0xBC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 188 (0xBC) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49159 (0xC007) >smb_bcc=203 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 BC 00 00 00 08 00 00 00 A4 ........ ........ >[020] 00 00 00 00 00 0F 00 00 00 02 00 25 00 00 00 00 ........ ...%.... >[030] 00 00 00 25 00 00 00 5C 00 5C 00 6E 00 6F 00 72 ...%...\ .\.n.o.r >[040] 00 6D 00 61 00 2E 00 63 00 68 00 69 00 6C 00 64 .m.a...c .h.i.l.d >[050] 00 30 00 33 00 2E 00 65 00 69 00 67 00 68 00 74 .0.3...e .i.g.h.t >[060] 00 61 00 64 00 36 00 2E 00 74 00 65 00 73 00 74 .a.d.6.. .t.e.s.t >[070] 00 69 00 6E 00 67 00 2E 00 63 00 6F 00 6D 00 00 .i.n.g.. .c.o.m.. >[080] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 41 ........ .......A >[090] 00 4C 00 54 00 41 00 49 00 52 00 24 00 00 00 02 .L.T.A.I .R.$.... >[0A0] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 41 ........ .......A >[0B0] 00 4C 00 54 00 41 00 49 00 52 00 00 00 36 55 CB .L.T.A.I .R...6U. >[0C0] 18 E1 BF 9B 59 00 00 FF FF 0F 60 ....Y... ..` >simple_packet_signature: sequence number 28 >client_sign_outgoing_message: sent SMB signature of >[000] 08 A6 D5 D0 29 F0 73 9B ....).s. >store_sequence_for_reply: stored seq = 29 mid = 16 >write_socket(16,274) >write_socket(16,274) wrote 274 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] BC 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 EF E1 AC D9 B1 1D BC ........ ........ >[020] 35 FF FF 0F 60 00 00 00 00 5...`... . >get_sequence_for_reply: found seq = 29 mid = 16 >simple_packet_signature: sequence number 29 >client_check_incoming_message: seq 29: got good SMB signature of >[000] B5 A9 94 35 52 5B 04 DB ...5R[.. >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] BC 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 EF E1 AC D9 B1 1D BC ........ ........ >[020] 35 FF FF 0F 60 00 00 00 00 5...`... . >get_sequence_for_reply: found seq = 29 mid = 16 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >rpc_api_pipe: got PDU len of 40 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 returned 32 bytes. > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > out: struct netr_ServerAuthenticate2 > return_credentials : * > return_credentials: struct netr_Credential > data : efe1acd9b11dbc35 > negotiate_flags : * > negotiate_flags : 0x600fffff (1611661311) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL > result : NT_STATUS_OK >netlogon_creds_client_check: credentials check OK. >rpccli_netlogon_setup_creds: server norma.child03.eightad6.testing.com credential chain established. >simple_packet_signature: sequence number 30 >client_sign_outgoing_message: sent SMB signature of >[000] 4C F9 FB 84 76 59 57 C2 L...vYW. >store_sequence_for_reply: stored seq = 31 mid = 17 >write_socket(16,108) >write_socket(16,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=17 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1536 (0x600) >smb_vwv[ 3]= 448 (0x1C0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 31 mid = 17 >simple_packet_signature: sequence number 31 >client_check_incoming_message: seq 31: got good SMB signature of >[000] F5 8E 00 F3 3A C8 11 AA ....:... >Bind RPC Pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc006 auth_type 2, auth_level 6 >000000 smb_io_rpc_auth_schannel_neg schannel_neg > 0000 type1: 00000000 > 0004 type2: 00000003 >[000] 43 48 49 4C 44 30 33 CHILD03 >[000] 41 4C 54 41 49 52 ALTAIR >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0067 > 000a auth_len : 0017 > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >000048 smb_io_rpc_hdr_auth hdr_auth > 0048 auth_type : 44 > 0049 auth_level : 06 > 004a auth_pad_len : 00 > 004b auth_reserved: 00 > 004c auth_context_id: 00000001 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc006 >size=185 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=18 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 103 (0x67) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49158 (0xC006) >smb_bcc=118 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 67 00 17 00 09 00 00 00 B8 .......g ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 43 48 49 4C 44 30 33 00 41 .......C HILD03.A >[070] 4C 54 41 49 52 00 LTAIR. >simple_packet_signature: sequence number 32 >client_sign_outgoing_message: sent SMB signature of >[000] 95 90 FF 7E 97 AC B4 33 ...~...3 >store_sequence_for_reply: stored seq = 33 mid = 18 >write_socket(16,189) >write_socket(16,189) wrote 189 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... >[010] 00 B8 10 B8 10 A0 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 74 00 .......t . >get_sequence_for_reply: found seq = 33 mid = 18 >simple_packet_signature: sequence number 33 >client_check_incoming_message: seq 33: got good SMB signature of >[000] 4E 44 9E 11 D3 B3 DA C0 ND...... >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... >[010] 00 B8 10 B8 10 A0 70 00 00 0C 00 5C 50 49 50 45 ......p. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 74 00 .......t . >get_sequence_for_reply: found seq = 33 mid = 18 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >rpc_api_pipe: got PDU len of 88 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc006 returned 88 bytes. >rpc_pipe_bind: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc006 bind request returned ok. >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 000070a0 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >check_bind_response: accepted! >cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine norma.child03.eightad6.testing.com for domain CHILD03 and bound using schannel. >simple_packet_signature: sequence number 34 >client_sign_outgoing_message: sent SMB signature of >[000] 8B 0F 31 AF CC B7 07 73 ..1....s >store_sequence_for_reply: stored seq = 35 mid = 19 >write_socket(16,45) >write_socket(16,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=19 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 35 mid = 19 >simple_packet_signature: sequence number 35 >client_check_incoming_message: seq 35: got good SMB signature of >[000] ED B9 10 B1 A0 1A 81 C1 ........ >rpc_pipe_destructor: closed host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc007 > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'norma.child03.eightad6.testing.com' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000005c > 0014 context_id: 0000 > 0016 opnum : 0028 >000078 smb_io_rpc_hdr_auth hdr_auth > 0078 auth_type : 44 > 0079 auth_level : 06 > 007a auth_pad_len : 04 > 007b auth_reserved: 00 > 007c auth_context_id: 00000001 >add_schannel_auth_footer: SCHANNEL seq_num=0 >SCHANNEL: schannel_encode seq_num=0 data_len=96 >000080 smb_io_rpc_auth_schannel_chk > 0080 sig : 77 00 7a 00 ff ff 00 00 > 0088 seq_num: 5f c5 f5 d6 cd 2c 86 d7 > 0090 packet_digest: 70 01 5b 5d 42 31 a9 ce > 0098 confounder: 6c eb 27 21 63 f5 e6 9b >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc006 >size=242 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=20 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 160 (0xA0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 160 (0xA0) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49158 (0xC006) >smb_bcc=175 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 A0 00 20 00 0A 00 00 00 5C ........ . .....\ >[020] 00 00 00 00 00 28 00 44 1F 06 9A CD CA 5F 69 10 .....(.D ....._i. >[030] C6 BC F6 F1 EA 23 43 A5 6F 8F 68 8C 81 C7 DA EA .....#C. o.h..... >[040] 60 23 9C 83 87 69 17 73 9A A6 65 27 87 CB 60 5F `#...i.s ..e'..`_ >[050] 2B EC A3 56 20 A9 BC A4 87 45 41 21 7D F5 A3 C1 +..V ... .EA!}... >[060] 41 EC CA 54 41 7D 92 D4 B1 1D BC 46 CD 3C FB C5 A..TA}.. ...F.<.. >[070] D8 DC A4 7A 1C DA 12 CA EB 58 D4 F0 9A 5C 36 97 ...z.... .X...\6. >[080] F4 CE 78 5C C4 A2 39 44 06 04 00 01 00 00 00 77 ..x\..9D .......w >[090] 00 7A 00 FF FF 00 00 5F C5 F5 D6 CD 2C 86 D7 70 .z....._ ....,..p >[0A0] 01 5B 5D 42 31 A9 CE 6C EB 27 21 63 F5 E6 9B .[]B1..l .'!c... >simple_packet_signature: sequence number 36 >client_sign_outgoing_message: sent SMB signature of >[000] 0F C7 97 26 35 9B 5F 00 ...&5._. >store_sequence_for_reply: stored seq = 37 mid = 20 >write_socket(16,246) >write_socket(16,246) wrote 246 >got smb length of 472 >size=472 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 416 (0x1A0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 416 (0x1A0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=417 >[000] A0 05 00 02 03 10 00 00 00 A0 01 20 00 0A 00 00 ........ ... .... >[010] 00 5C 01 00 00 00 00 00 00 D8 6F 10 22 FD 07 3F .\...... ..o."..? >[020] 95 B7 B6 7F 57 1A D4 60 20 D8 70 CC 05 F3 B4 36 ....W..` .p....6 >[030] 8E 1C 31 4E 0B 1C 29 C8 53 4E D2 E6 F3 B3 16 A2 ..1N..). SN...... >[040] F4 1C 9C 69 D1 05 DD 60 81 F8 3B CD 2C 5A 9C 29 ...i...` ..;.,Z.) >[050] DA 97 AD 32 20 CE 21 20 99 76 49 C5 0F EB 98 9D ...2 .! .vI..... >[060] D9 77 3D 40 99 53 9A 07 A6 A1 58 47 F3 0D 2D E4 .w=@.S.. ..XG..-. >[070] 3A 1B 43 17 67 65 58 3B 19 D0 90 A0 7D 48 47 CB :.C.geX; ....}HG. >[080] 84 70 B3 9B A1 27 65 7A 0B ED E1 A0 C3 6E 6E 4D .p...'ez .....nnM >[090] F1 F2 51 5E 81 B0 67 DB BE 1B 2A 5C 51 7C B5 73 ..Q^..g. ..*\Q|.s >[0A0] 02 40 7F 94 E8 72 FA 1B AF 56 DD F9 E0 56 D5 96 .@...r.. .V...V.. >[0B0] F0 DA D3 52 32 A1 CA B9 FB 28 48 B2 C2 30 AC F5 ...R2... .(H..0.. >[0C0] 5D 03 FB D2 1B D6 31 2E FB 61 8B 3F 58 B6 6A 45 ].....1. .a.?X.jE >[0D0] 1A FD F7 5C 0C 1E F8 D2 4E F3 87 2E F9 E3 83 16 ...\.... N....... >[0E0] 83 17 C3 97 1D FD FD CE AE E2 F8 CB 98 91 FE 72 ........ .......r >[0F0] A7 29 D3 EB D6 19 7B 1F 3F E0 D1 0F 5D 6B C5 AB .)....{. ?...]k.. >[100] 86 7C 18 14 75 F8 E6 C0 14 45 C4 79 61 ED C8 DC .|..u... .E.ya... >[110] 7A A3 26 E6 E0 0A FF 42 2F 77 ED BF 49 53 12 B4 z.&....B /w..IS.. >[120] 2A 54 22 A1 A2 79 86 A9 6D 6A 9B 66 9F 2D B1 AC *T"..y.. mj.f.-.. >[130] CB E5 A7 20 F4 4A 88 FE 52 7A 41 B2 95 2A A3 92 ... .J.. RzA..*.. >[140] FF 55 F2 DE 38 CF DD 2F 7D F6 4A AB 9D 9E 3F D6 .U..8../ }.J...?. >[150] 6D 5E C6 15 5C 00 79 DB 44 22 BE CE 24 1E B5 E5 m^..\.y. D"..$... >[160] 4C 9E 9E 41 ED 5F 98 17 91 C3 6F 40 EE 26 27 C6 L..A._.. ..o@.&'. >[170] 0F 6C A8 9B 30 C5 B2 50 11 44 06 04 00 01 00 00 .l..0..P .D...... >[180] 00 77 00 7A 00 FF FF 00 00 4A CD AF 24 BC AA DE .w.z.... .J..$... >[190] BD 92 8F B2 0E 15 71 EE 32 36 FE CC 9F 44 CC B3 ......q. 26...D.. >[1A0] A0 . >get_sequence_for_reply: found seq = 37 mid = 20 >simple_packet_signature: sequence number 37 >client_check_incoming_message: seq 37: got good SMB signature of >[000] 6D 11 C7 B2 48 FD 22 BF m...H.". >size=472 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9849 >smb_uid=10242 >smb_mid=20 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 416 (0x1A0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 416 (0x1A0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=417 >[000] A0 05 00 02 03 10 00 00 00 A0 01 20 00 0A 00 00 ........ ... .... >[010] 00 5C 01 00 00 00 00 00 00 D8 6F 10 22 FD 07 3F .\...... ..o."..? >[020] 95 B7 B6 7F 57 1A D4 60 20 D8 70 CC 05 F3 B4 36 ....W..` .p....6 >[030] 8E 1C 31 4E 0B 1C 29 C8 53 4E D2 E6 F3 B3 16 A2 ..1N..). SN...... >[040] F4 1C 9C 69 D1 05 DD 60 81 F8 3B CD 2C 5A 9C 29 ...i...` ..;.,Z.) >[050] DA 97 AD 32 20 CE 21 20 99 76 49 C5 0F EB 98 9D ...2 .! .vI..... >[060] D9 77 3D 40 99 53 9A 07 A6 A1 58 47 F3 0D 2D E4 .w=@.S.. ..XG..-. >[070] 3A 1B 43 17 67 65 58 3B 19 D0 90 A0 7D 48 47 CB :.C.geX; ....}HG. >[080] 84 70 B3 9B A1 27 65 7A 0B ED E1 A0 C3 6E 6E 4D .p...'ez .....nnM >[090] F1 F2 51 5E 81 B0 67 DB BE 1B 2A 5C 51 7C B5 73 ..Q^..g. ..*\Q|.s >[0A0] 02 40 7F 94 E8 72 FA 1B AF 56 DD F9 E0 56 D5 96 .@...r.. .V...V.. >[0B0] F0 DA D3 52 32 A1 CA B9 FB 28 48 B2 C2 30 AC F5 ...R2... .(H..0.. >[0C0] 5D 03 FB D2 1B D6 31 2E FB 61 8B 3F 58 B6 6A 45 ].....1. .a.?X.jE >[0D0] 1A FD F7 5C 0C 1E F8 D2 4E F3 87 2E F9 E3 83 16 ...\.... N....... >[0E0] 83 17 C3 97 1D FD FD CE AE E2 F8 CB 98 91 FE 72 ........ .......r >[0F0] A7 29 D3 EB D6 19 7B 1F 3F E0 D1 0F 5D 6B C5 AB .)....{. ?...]k.. >[100] 86 7C 18 14 75 F8 E6 C0 14 45 C4 79 61 ED C8 DC .|..u... .E.ya... >[110] 7A A3 26 E6 E0 0A FF 42 2F 77 ED BF 49 53 12 B4 z.&....B /w..IS.. >[120] 2A 54 22 A1 A2 79 86 A9 6D 6A 9B 66 9F 2D B1 AC *T"..y.. mj.f.-.. >[130] CB E5 A7 20 F4 4A 88 FE 52 7A 41 B2 95 2A A3 92 ... .J.. RzA..*.. >[140] FF 55 F2 DE 38 CF DD 2F 7D F6 4A AB 9D 9E 3F D6 .U..8../ }.J...?. >[150] 6D 5E C6 15 5C 00 79 DB 44 22 BE CE 24 1E B5 E5 m^..\.y. D"..$... >[160] 4C 9E 9E 41 ED 5F 98 17 91 C3 6F 40 EE 26 27 C6 L..A._.. ..o@.&'. >[170] 0F 6C A8 9B 30 C5 B2 50 11 44 06 04 00 01 00 00 .l..0..P .D...... >[180] 00 77 00 7A 00 FF FF 00 00 4A CD AF 24 BC AA DE .w.z.... .J..$... >[190] BD 92 8F B2 0E 15 71 EE 32 36 FE CC 9F 44 CC B3 ......q. 26...D.. >[1A0] A0 . >get_sequence_for_reply: found seq = 37 mid = 20 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 01a0 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000015c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000178 smb_io_rpc_hdr_auth hdr_auth > 0178 auth_type : 44 > 0179 auth_level : 06 > 017a auth_pad_len : 04 > 017b auth_reserved: 00 > 017c auth_context_id: 00000001 >000180 smb_io_rpc_auth_schannel_chk > 0180 sig : 77 00 7a 00 ff ff 00 00 > 0188 seq_num: 4a cd af 24 bc aa de bd > 0190 packet_digest: 92 8f b2 0e 15 71 ee 32 > 0198 confounder: 36 fe cc 9f 44 cc b3 a0 >SCHANNEL: schannel_decode seq_num=1 data_len=352 >SCHANNEL: schannel_decode seq_num=1 data_len=352 >cli_pipe_validate_current_pdu: got pdu len 416, data_len 348, ss_len 4 >rpc_api_pipe: got PDU len of 416 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0xc006 returned 696 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000002 (2) > array : * > array: ARRAY(2) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'EIGHTAD6' > dns_name : * > dns_name : 'eightad6.testing.com' > trust_flags : 0x00000027 (39) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000020 (32) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-162008750-1983285441-4146528753 > guid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'CHILD03' > dns_name : * > dns_name : 'child03.eightad6.testing.com' > trust_flags : 0x00000019 (25) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-1527705246-3463401961-2594329352 > guid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > result : WERR_OK >set_dc_type_and_flags_trustinfo: domain EIGHTAD6 is NOT in native mode. >set_dc_type_and_flags_trustinfo: domain EIGHTAD6 is running active directory. >wcache_tdc_fetch_domain: Searching for domain EIGHTAD6 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (child03.eightad6.testing.com) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x19, attribs = 0x0, type = 0x2 >unpack_tdc_domains: Unpacking domain EIGHTAD6 (eightad6.testing.com) SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attribs = 0x20, type = 0x2 >wcache_tdc_fetch_domain: Found domain EIGHTAD6 >Sending request to child pid 9865 (domain=EIGHTAD6) >Added timed event "async_request_timeout_handler": 2ab26bad6860 >timed_events_timeout: 299/999990 >child daemon request 19 >child_process_request: request fn LIST_TRUSTDOM >[ 9849]: list trusted domains >get_cache: Setting ADS methods for domain EIGHTAD6 >fetch_cache_seqnum: invalid data size key [SEQNUM/EIGHTAD6] >wcache_tdc_fetch_domain: Searching for domain EIGHTAD6 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (child03.eightad6.testing.com) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x19, attribs = 0x0, type = 0x2 >unpack_tdc_domains: Unpacking domain EIGHTAD6 (eightad6.testing.com) SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attribs = 0x20, type = 0x2 >wcache_tdc_fetch_domain: Found domain EIGHTAD6 >ads: fetch sequence_number for EIGHTAD6 >wcache_tdc_fetch_domain: Searching for domain EIGHTAD6 >unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain ALTAIR () SID S-1-5-21-981045367-1446913133-3103150389, flags = 0x0, attribs = 0x0, type = 0x0 >unpack_tdc_domains: Unpacking domain CHILD03 (child03.eightad6.testing.com) SID S-1-5-21-1527705246-3463401961-2594329352, flags = 0x19, attribs = 0x0, type = 0x2 >unpack_tdc_domains: Unpacking domain EIGHTAD6 (eightad6.testing.com) SID S-1-5-21-162008750-1983285441-4146528753, flags = 0x27, attribs = 0x20, type = 0x2 >wcache_tdc_fetch_domain: Found domain EIGHTAD6 >ads_cached_connection >Returning valid cache entry: key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: domain=EIGHTAD6 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'eightad6.testing.com' > workgroup : 'EIGHTAD6' > ldap_server : NULL > foreign : true > ads: struct auth > realm : NULL > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for eightad6.testing.com: "Default-First-Site-Name" >ads_find_dc: (cldap) looking for realm 'eightad6.testing.com' >get_sorted_dc_list: attempting lookup for name eightad6.testing.com (sitename Default-First-Site-Name) using [ads] >Cache entry with key = SAFJOIN/DOMAIN/EIGHTAD6.TESTING.COM couldn't be found >Returning valid cache entry: key = SAF/DOMAIN/EIGHTAD6.TESTING.COM, value = eightad-dc.eightad6.testing.com, timeout = Wed Nov 25 18:45:20 2009 >saf_fetch: Returning "eightad-dc.eightad6.testing.com" for "eightad6.testing.com" domain >get_dc_list: preferred server list: "eightad-dc.eightad6.testing.com, *" >internal_resolve_name: looking up eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning expired cache entry: key = NBT/EIGHTAD6.TESTING.COM#1C, value = 192.168.12.179:389, timeout = Wed Nov 25 18:31:21 2009 >no entry for eightad6.testing.com#1C found. >resolve_ads: Attempting to resolve DCs for eightad6.testing.com using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed eightad-dc.eightad6.testing.com [0, 100, 389] >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 1 address for eightad6.testing.com#1c: 192.168.12.179 >Adding cache entry with key = NBT/EIGHTAD6.TESTING.COM#1C; value = 192.168.12.179:389 and timeout = Wed Nov 25 18:42:25 2009 > (660 seconds ahead) >internal_resolve_name: returning 1 addresses: 192.168.12.179:389 >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up eightad-dc.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/EIGHTAD-DC.EIGHTAD6.TESTING.COM#20, value = 192.168.12.179:0, timeout = Wed Nov 25 18:42:25 2009 >name eightad-dc.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/eightad6.testing.com,192.168.12.179 couldn't be found >check_negative_conn_cache returning result 0 for domain eightad6.testing.com server 192.168.12.179 >Cache entry with key = NEG_CONN_CACHE/eightad6.testing.com,192.168.12.179 couldn't be found >check_negative_conn_cache returning result 0 for domain eightad6.testing.com server 192.168.12.179 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.179:389 >Cache entry with key = NEG_CONN_CACHE/eightad6.testing.com,192.168.12.179 couldn't be found >check_negative_conn_cache returning result 0 for domain eightad6.testing.com server 192.168.12.179 >ads_try_connect: sending CLDAP request to 192.168.12.179 (realm: eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fd (5117) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > forest : 'eightad6.testing.com' > dns_domain : 'eightad6.testing.com' > pdc_dns_name : 'eightad-dc.eightad6.testing.com' > domain : 'EIGHTAD6' > pdc_name : 'EIGHTAD-DC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [EIGHTAD6], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/EIGHTAD6; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >sitename_store: realm = [eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >Successfully contacted LDAP server 192.168.12.179 >ads_connect: leaving with: Success > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'eightad6.testing.com' > workgroup : 'EIGHTAD6' > ldap_server : NULL > foreign : true > ads: struct auth > realm : 'EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.179' > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x000013fd (5117) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 1: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'EIGHTAD6.TESTING.COM' > bind_path : 'dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'eightad-dc.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : 192.168.12.179 > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: using server='EIGHTAD-DC.EIGHTAD6.TESTING.COM' IP=192.168.12.179 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'eightad6.testing.com' > workgroup : 'EIGHTAD6' > ldap_server : NULL > foreign : true > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000000 (0) > 0: ADS_AUTH_DISABLE_KERBEROS > 0: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : Sat 31 Jan 1970 05:30:00 AM IST IST > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >ads_find_dc: (ldap) looking for realm 'eightad6.testing.com' >Returning valid cache entry: key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: domain=EIGHTAD6 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'eightad6.testing.com' > workgroup : 'EIGHTAD6' > ldap_server : NULL > foreign : true > ads: struct auth > realm : NULL > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for eightad6.testing.com: "Default-First-Site-Name" >ads_find_dc: (cldap) looking for realm 'eightad6.testing.com' >get_sorted_dc_list: attempting lookup for name eightad6.testing.com (sitename Default-First-Site-Name) using [ads] >Cache entry with key = SAFJOIN/DOMAIN/EIGHTAD6.TESTING.COM couldn't be found >Returning valid cache entry: key = SAF/DOMAIN/EIGHTAD6.TESTING.COM, value = eightad-dc.eightad6.testing.com, timeout = Wed Nov 25 18:45:20 2009 >saf_fetch: Returning "eightad-dc.eightad6.testing.com" for "eightad6.testing.com" domain >get_dc_list: preferred server list: "eightad-dc.eightad6.testing.com, *" >internal_resolve_name: looking up eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/EIGHTAD6.TESTING.COM#1C, value = 192.168.12.179:389, timeout = Wed Nov 25 18:42:25 2009 >name eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up eightad-dc.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/EIGHTAD-DC.EIGHTAD6.TESTING.COM#20, value = 192.168.12.179:0, timeout = Wed Nov 25 18:42:25 2009 >name eightad-dc.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/eightad6.testing.com,192.168.12.179 couldn't be found >check_negative_conn_cache returning result 0 for domain eightad6.testing.com server 192.168.12.179 >Cache entry with key = NEG_CONN_CACHE/eightad6.testing.com,192.168.12.179 couldn't be found >check_negative_conn_cache returning result 0 for domain eightad6.testing.com server 192.168.12.179 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.179:389 >Cache entry with key = NEG_CONN_CACHE/eightad6.testing.com,192.168.12.179 couldn't be found >check_negative_conn_cache returning result 0 for domain eightad6.testing.com server 192.168.12.179 >ads_try_connect: sending CLDAP request to 192.168.12.179 (realm: eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fd (5117) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > forest : 'eightad6.testing.com' > dns_domain : 'eightad6.testing.com' > pdc_dns_name : 'eightad-dc.eightad6.testing.com' > domain : 'EIGHTAD6' > pdc_name : 'EIGHTAD-DC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [EIGHTAD6], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/EIGHTAD6; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >sitename_store: realm = [eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >Successfully contacted LDAP server 192.168.12.179 >ads_connect: leaving with: Success > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'eightad6.testing.com' > workgroup : 'EIGHTAD6' > ldap_server : NULL > foreign : true > ads: struct auth > realm : 'EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.179' > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x000013fd (5117) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 1: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'EIGHTAD6.TESTING.COM' > bind_path : 'dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'eightad-dc.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : 192.168.12.179 > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: using server='EIGHTAD-DC.EIGHTAD6.TESTING.COM' IP=192.168.12.179 >ads_try_connect: sending CLDAP request to EIGHTAD-DC.EIGHTAD6.TESTING.COM (realm: eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fd (5117) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 3bc437b2-76c5-4ebd-b2c2-bc530ce49a8a > forest : 'eightad6.testing.com' > dns_domain : 'eightad6.testing.com' > pdc_dns_name : 'eightad-dc.eightad6.testing.com' > domain : 'EIGHTAD6' > pdc_name : 'EIGHTAD-DC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [EIGHTAD6], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/EIGHTAD6; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >sitename_store: realm = [eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154086 seconds ahead) >Successfully contacted LDAP server 192.168.12.179 >Opening connection to LDAP server 'eightad-dc.eightad6.testing.com:389', timeout 15 seconds >Connected to LDAP server 'eightad-dc.eightad6.testing.com:389' >Connected to LDAP server eightad-dc.eightad6.testing.com >ads_closest_dc: NBT_SERVER_CLOSEST flag set >saf_store: domain = [EIGHTAD6], server = [eightad-dc.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/EIGHTAD6; value = eightad-dc.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >saf_store: domain = [eightad6.testing.com], server = [eightad-dc.eightad6.testing.com], expire = [1259154985] >Adding cache entry with key = SAF/DOMAIN/EIGHTAD6.TESTING.COM; value = eightad-dc.eightad6.testing.com and timeout = Wed Nov 25 18:46:25 2009 > (900 seconds ahead) >time offset is 2 seconds >Found SASL mechanism GSS-SPNEGO >ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore >ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >kerberos_kinit_password: as ALTAIR$@CHILD03.EIGHTAD6.TESTING.COM using [MEMORY:winbind_ccache] as ccache and config [(null)] >ads_krb5_mk_req: krb5_get_credentials failed for ldap/eightad-dc.eightad6.testing.com@EIGHTAD6.TESTING.COM (Cannot find KDC for requested realm) >kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot find KDC for requested realm >ads_connect: leaving with: Cannot find KDC for requested realm > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'eightad6.testing.com' > workgroup : 'EIGHTAD6' > ldap_server : NULL > foreign : true > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.179' > flags : 0x00000000 (0) > 0: ADS_AUTH_DISABLE_KERBEROS > 0: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000002 (2) > tgt_expire : Thu 26 Nov 2009 04:31:29 AM IST IST > tgs_expire : (time_t)0 > renewable : Sat 31 Jan 1970 05:30:00 AM IST IST > ads: struct config > flags : 0x000013fd (5117) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 1: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'EIGHTAD6.TESTING.COM' > bind_path : 'dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'eightad-dc.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : Wed 25 Nov 2009 06:31:27 PM IST IST > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : * > ss : 192.168.12.179 > last_attempt : Wed 25 Nov 2009 06:31:25 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : * > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >ads_connect for domain EIGHTAD6 failed: Cannot find KDC for requested realm >refresh_sequence_number: failed with NT_STATUS_UNSUCCESSFUL >store_cache_seqnum: success [EIGHTAD6][4294967295 @ 1259154085] >refresh_sequence_number: EIGHTAD6 seq number is now -1 >winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL >Storing response for pid 9865, len 3496 >Destroying timed event 2ab26bad6860 "async_request_timeout_handler" >Retrieving response for pid 9865 >Could not receive trustdoms >timed_events_timeout: 4/833461 >select will use timeout of 4.833461 seconds >nothing is ready yet, continue >timed_events_timeout: 0/78 >select will use timeout of 0.78 seconds >nothing is ready yet, continue >Running event "check_domain_online_handler" 2ab26bad5650 >check_domain_online_handler: called for domain CHILD03 (online = True) >Destroying timed event 2ab26bad5650 "check_domain_online_handler" >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_dc_name: domain=CHILD03 >ads_connect: entering > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : NULL > password : '(PASSWORD ommited)' > user_name : NULL > kdc_server : NULL > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x00000000 (0) > 0: DS_SERVER_PDC > 0: DS_SERVER_GC > 0: DS_SERVER_LDAP > 0: DS_SERVER_DS > 0: DS_SERVER_KDC > 0: DS_SERVER_TIMESERV > 0: DS_SERVER_CLOSEST > 0: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : NULL > bind_path : NULL > ldap_server_name : NULL > server_site_name : NULL > client_site_name : NULL > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : > last_attempt : Wed 25 Nov 2009 06:31:30 PM IST IST > port : 0x00000000 (0) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_find_dc: (cldap) looking for realm 'child03.eightad6.testing.com' >get_sorted_dc_list: attempting lookup for name child03.eightad6.testing.com (sitename Default-First-Site-Name) using [ads] >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >ads_try_connect: sending CLDAP request to 192.168.12.172 (realm: child03.eightad6.testing.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001f9 (505) > 1: NBT_SERVER_PDC > 0: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > domain_uuid : 051fb988-d99f-42a3-8755-7bc9b4d48af3 > forest : 'eightad6.testing.com' > dns_domain : 'child03.eightad6.testing.com' > pdc_dns_name : 'norma.child03.eightad6.testing.com' > domain : 'CHILD03' > pdc_name : 'NORMA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [CHILD03], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03; value = Default-First-Site-Name and timeout = (null) (-1259154091 seconds ahead) >sitename_store: realm = [child03.eightad6.testing.com], sitename = [Default-First-Site-Name], expire = [4294967295] >Adding cache entry with key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM; value = Default-First-Site-Name and timeout = (null) (-1259154091 seconds ahead) >Successfully contacted LDAP server 192.168.12.172 >ads_connect: leaving with: Success > ads: struct ads_struct > is_mine : true > ads: struct server > realm : 'child03.eightad6.testing.com' > workgroup : 'CHILD03' > ldap_server : NULL > foreign : false > ads: struct auth > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > password : '(PASSWORD ommited)' > user_name : 'ALTAIR$' > kdc_server : '192.168.12.172' > flags : 0x00000002 (2) > 0: ADS_AUTH_DISABLE_KERBEROS > 1: ADS_AUTH_NO_BIND > 0: ADS_AUTH_ANON_BIND > 0: ADS_AUTH_SIMPLE_BIND > 0: ADS_AUTH_ALLOW_NTLMSSP > 0: ADS_AUTH_SASL_SIGN > 0: ADS_AUTH_SASL_SEAL > 0: ADS_AUTH_SASL_FORCE > time_offset : 0x00000000 (0) > tgt_expire : (time_t)0 > tgs_expire : (time_t)0 > renewable : (time_t)0 > ads: struct config > flags : 0x000001f9 (505) > 1: DS_SERVER_PDC > 0: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 0: DS_SERVER_FULL_SECRET_DOMAIN_6 > 0: DS_DNS_CONTROLLER > 0: DS_DNS_DOMAIN > 0: DS_DNS_FOREST > realm : 'CHILD03.EIGHTAD6.TESTING.COM' > bind_path : 'dc=CHILD03,dc=EIGHTAD6,dc=TESTING,dc=COM' > ldap_server_name : 'norma.child03.eightad6.testing.com' > server_site_name : 'Default-First-Site-Name' > client_site_name : 'Default-First-Site-Name' > current_time : (time_t)0 > schema_path : NULL > config_path : NULL > ads: struct ldap > ld : NULL > ss : 192.168.12.172 > last_attempt : Wed 25 Nov 2009 06:31:30 PM IST IST > port : 0x00000185 (389) > wrap_type : 0x0001 (1) > sbiod : NULL > mem_ctx : NULL > wrap_ops : NULL > wrap_private_data : NULL > ads: struct in > ofs : 0x00000000 (0) > needed : 0x00000000 (0) > left : 0x00000000 (0) > max_wrapped : 0x00000000 (0) > min_wrapped : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > ads: struct out > ofs : 0x00000000 (0) > left : 0x00000000 (0) > max_unwrapped : 0x00000000 (0) > sig_size : 0x00000000 (0) > size : 0x00000000 (0) > buf: ARRAY(0) > >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.CHILD03, realm = child03.eightad6.testing.com, domain = CHILD03 >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename (null)) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >get_kdc_ip_string: Returning kdc = 192.168.12.172 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.CHILD03 with realm CHILD03.EIGHTAD6.TESTING.COM KDC list = kdc = 192.168.12.172 > >ads_dc_name: using server='NORMA.CHILD03.EIGHTAD6.TESTING.COM' IP=192.168.12.172 >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for child03.eightad6.testing.com: "Default-First-Site-Name" >get_sorted_dc_list: attempting lookup for name child03.eightad6.testing.com (sitename Default-First-Site-Name) using [ads] >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Cache entry with key = NEG_CONN_CACHE/CHILD03,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain CHILD03 server 192.168.12.172 >get_sorted_dc_list: attempting lookup for name child03.eightad6.testing.com (sitename NULL) using [ads] >Returning valid cache entry: key = SAFJOIN/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = norma.child03.eightad6.testing.com, timeout = Wed Nov 25 19:29:39 2009 >saf_fetch[join]: Returning "norma.child03.eightad6.testing.com" for "child03.eightad6.testing.com" domain >get_dc_list: preferred server list: "norma.child03.eightad6.testing.com, *" >internal_resolve_name: looking up child03.eightad6.testing.com#1c (sitename (null)) >Returning valid cache entry: key = NBT/CHILD03.EIGHTAD6.TESTING.COM#1C, value = 192.168.12.172:389, timeout = Wed Nov 25 18:42:25 2009 >name child03.eightad6.testing.com#1C found. >Adding 1 DC's from auto lookup >Returning valid cache entry: key = AD_SITENAME/DOMAIN/CHILD03.EIGHTAD6.TESTING.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 11:58:15 2106 >sitename_fetch: Returning sitename for CHILD03.EIGHTAD6.TESTING.COM: "Default-First-Site-Name" >internal_resolve_name: looking up norma.child03.eightad6.testing.com#20 (sitename Default-First-Site-Name) >Returning valid cache entry: key = NBT/NORMA.CHILD03.EIGHTAD6.TESTING.COM#20, value = 192.168.12.172:0, timeout = Wed Nov 25 18:42:25 2009 >name norma.child03.eightad6.testing.com#20 found. >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >Cache entry with key = NEG_CONN_CACHE/child03.eightad6.testing.com,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain child03.eightad6.testing.com server 192.168.12.172 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 192.168.12.172:389 >Cache entry with key = NEG_CONN_CACHE/CHILD03,192.168.12.172 couldn't be found >check_negative_conn_cache returning result 0 for domain CHILD03 server 192.168.12.172 >messaging_tdb_store: > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_WINBIND_TRY_TO_GO_ONLINE (1030) > dest: struct server_id > id : 0x00002689 (9865) > src: struct server_id > id : 0x000026d4 (9940) > buf : DATA_BLOB length=8 >[000] 43 48 49 4C 44 30 33 00 CHILD03. >message_dispatch: received_signal = 1 >messaging_tdb_fetch: > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_WINBIND_TRY_TO_GO_ONLINE (1030) > dest: struct server_id > id : 0x00002689 (9865) > src: struct server_id > id : 0x000026d4 (9940) > buf : DATA_BLOB length=8 >[000] 43 48 49 4C 44 30 33 00 CHILD03. >msg_try_to_go_online: received for domain CHILD03. >msg_try_to_go_online: domain CHILD03 already online. >accepted socket 19 >process_request: request fn INTERFACE_VERSION >[10142]: request interface version >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[10142]: request location of privileged pipe >accepted socket 20 >final write to client failed: Broken pipe >process_request: request fn AUTH_CRAP >[10142]: pam auth crap domain: [CHILD03] user: test >is_myname("CHILD03") returns 0 >Sending request to child pid 9850 (domain=CHILD03) >Added timed event "async_request_timeout_handler": 2ab26bad6860 >timed_events_timeout: 299/999983 >child daemon request 13 >child_process_request: request fn AUTH_CRAP >[ 9849]: pam auth crap domain: CHILD03 user: test >is_myname("CHILD03") returns 0 > netr_LogonSamLogonEx: struct netr_LogonSamLogonEx > in: struct netr_LogonSamLogonEx > server_name : * > server_name : '\\norma.child03.eightad6.testing.com' > computer_name : * > computer_name : 'ALTAIR' > logon_level : NET_LOGON_TYPE (2) > logon : * > logon : union netr_LogonInfo(case 2) > network : * > network: struct netr_NetworkInfo > identity_info: struct netr_IdentityInfo > domain_name: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'CHILD03' > parameter_control : 0x00000820 (2080) > 0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED > 0: MSV1_0_UPDATE_LOGON_STATISTICS > 0: MSV1_0_RETURN_USER_PARAMETERS > 1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT > 0: MSV1_0_RETURN_PROFILE_PATH > 1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT > logon_id_low : 0x0000dead (57005) > logon_id_high : 0x0000beef (48879) > account_name: struct lsa_String > length : 0x0008 (8) > size : 0x0008 (8) > string : * > string : 'test' > workstation: struct lsa_String > length : 0x0010 (16) > size : 0x0010 (16) > string : * > string : '\\ALTAIR' > challenge : 06a53264999cb006 > nt: struct netr_ChallengeResponse > length : 0x0018 (24) > size : 0x0018 (24) > data : * > data : 54fcdc6ed96c6df6faec7e60d9873b9a95962c5d2dd59b8b > lm: struct netr_ChallengeResponse > length : 0x0000 (0) > size : 0x0000 (0) > data : NULL > validation_level : 0x0003 (3) > flags : * > flags : 0x00000000 (0) >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0178 > 000a auth_len : 0020 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000138 > 0014 context_id: 0000 > 0016 opnum : 0027 >000150 smb_io_rpc_hdr_auth hdr_auth > 0150 auth_type : 44 > 0151 auth_level : 06 > 0152 auth_pad_len : 00 > 0153 auth_reserved: 00 > 0154 auth_context_id: 00000001 >add_schannel_auth_footer: SCHANNEL seq_num=4 >SCHANNEL: schannel_encode seq_num=4 data_len=312 >000158 smb_io_rpc_auth_schannel_chk > 0158 sig : 77 00 7a 00 ff ff 00 00 > 0160 seq_num: 78 e4 f0 38 9a 67 39 7e > 0168 packet_digest: 4a 57 86 32 a9 ce 77 de > 0170 confounder: 5c 89 46 8a 17 1d 65 b0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f >size=458 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=51201 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=22 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 376 (0x178) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 376 (0x178) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=32783 (0x800F) >smb_bcc=391 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 78 01 20 00 0C 00 00 00 38 .......x . .....8 >[020] 01 00 00 00 00 27 00 8D 9D 7F 32 AC 11 54 5C 25 .....'.. ..2..T\% >[030] 5B 3B 89 BB 1D E5 0D C7 A3 55 37 83 E5 30 08 6C [;...... .U7..0.l >[040] 67 89 4C CD 3A 9A 45 18 79 2A D5 2F 01 E2 5D 67 g.L.:.E. y*./..]g >[050] FA 8B 5A 48 F7 4E 90 C6 AD AF 69 BD A1 A3 C7 0D ..ZH.N.. ..i..... >[060] 6F 10 F3 CA CC A8 24 BA DD 3F 68 6F AD 60 26 46 o.....$. .?ho.`&F >[070] 5A A8 D8 2A 19 96 3E F6 91 BC DE 62 FE 63 4C 6B Z..*..>. ...b.cLk >[080] 46 7C C1 40 9F CC BC D0 C8 4B EE 6C CA 94 84 5C F|.@.... .K.l...\ >[090] 3B A8 6B C4 67 93 FD 08 13 BA AD AF 63 FA 48 35 ;.k.g... ....c.H5 >[0A0] DD 21 64 29 CC A0 1D 76 20 D6 78 F4 B9 2B E3 2E .!d)...v .x..+.. >[0B0] EA C1 9D 98 C1 9E B3 CA 32 D4 DF FD B6 15 6B 10 ........ 2.....k. >[0C0] 8C FB 07 DE BB 84 03 6E FA 6C 36 3A 1C 4C 88 C8 .......n .l6:.L.. >[0D0] DE 75 80 95 D2 E4 05 CD B2 C2 D4 97 40 5E 4D 19 .u...... ....@^M. >[0E0] B5 1B 91 25 D2 44 F7 8C D5 C3 3C A4 1B A4 CD C5 ...%.D.. ..<..... >[0F0] 92 7D F6 F5 58 B6 D9 AA 09 2C C9 DC 0E 8A 50 10 .}..X... .,....P. >[100] 07 3B 9E 98 F1 15 A0 A6 76 78 CD 7E 44 F0 1D 34 .;...... vx.~D..4 >[110] 0F 83 56 0C E4 9B F9 D7 06 51 68 AE 56 34 EB 50 ..V..... .Qh.V4.P >[120] 4C 96 CA 63 A8 14 89 71 F5 E4 CA AD E4 1D 8A CE L..c...q ........ >[130] D2 DC F0 81 2B 05 99 1A 1F 73 03 EE 1F A6 C8 04 ....+... .s...... >[140] 1A 8B 7E 96 E2 B9 17 54 DB DD 8C 97 EB 71 A1 B6 ..~....T .....q.. >[150] 23 A3 84 56 59 F1 62 7E 22 1A B5 A9 A2 72 2B 44 #..VY.b~ "....r+D >[160] 06 00 00 01 00 00 00 77 00 7A 00 FF FF 00 00 78 .......w .z.....x >[170] E4 F0 38 9A 67 39 7E 4A 57 86 32 A9 CE 77 DE 5C ..8.g9~J W.2..w.\ >[180] 89 46 8A 17 1D 65 B0 .F...e. >simple_packet_signature: sequence number 40 >client_sign_outgoing_message: sent SMB signature of >[000] CE 2D 0A 55 E4 2C FB 1D .-.U.,.. >store_sequence_for_reply: stored seq = 41 mid = 22 >write_socket(16,462) >write_socket(16,462) wrote 462 >got smb length of 456 >size=456 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 400 (0x190) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=401 >[000] 78 05 00 02 03 10 00 00 00 90 01 20 00 0C 00 00 x....... ... .... >[010] 00 50 01 00 00 00 00 00 00 76 CF 7E B4 43 E2 10 .P...... .v.~.C.. >[020] EB 08 BE 60 EB 35 D4 D7 40 0B 6D D6 46 4A F5 E4 ...`.5.. @.m.FJ.. >[030] CA 04 B5 D5 A9 19 8C B3 5A 53 3A 69 C9 A2 D3 69 ........ ZS:i...i >[040] 96 9D 17 28 C4 BE 16 5C 52 B5 4E D4 58 0B F7 A7 ...(...\ R.N.X... >[050] C4 38 A5 E4 D6 B1 69 D2 10 99 B1 F5 0D 71 A5 B0 .8....i. .....q.. >[060] 3D D2 03 C7 2E C3 E2 DC 9D 9A DE F0 19 A8 6D 31 =....... ......m1 >[070] D6 B5 43 DB 7E 8E E9 DC A1 06 1A 88 72 EE BA A4 ..C.~... ....r... >[080] 95 5C 3F 4B 64 D6 70 F1 65 03 3E 9A 3A 44 A0 D2 .\?Kd.p. e.>.:D.. >[090] 09 4B CB 37 F8 5A 09 4F 45 C0 CF ED 26 C7 4F 99 .K.7.Z.O E...&.O. >[0A0] 27 86 4D 39 4A 09 84 EA A7 D5 AD 04 3F 8C 55 1E '.M9J... ....?.U. >[0B0] 31 2B 6D C1 83 49 DB 63 8C 88 6B 8E B7 D8 A8 03 1+m..I.c ..k..... >[0C0] CE 05 67 E1 8A 15 29 56 A6 31 B0 91 C6 29 00 3C ..g...)V .1...).< >[0D0] 17 1D F2 3B 2E 1F E1 BC 38 9D 32 26 74 22 D9 D8 ...;.... 8.2&t".. >[0E0] D3 6A 35 50 59 0F 2A 43 20 4B 04 BE A6 8D DE B4 .j5PY.*C K...... >[0F0] 7C DE A3 6E BD 64 9D 16 60 7B 4C 60 27 7B C5 DB |..n.d.. `{L`'{.. >[100] 4E FB 31 A5 F1 C7 24 25 18 7E 1C 73 D2 16 A9 E8 N.1...$% .~.s.... >[110] 31 06 E5 66 A0 C7 57 A4 77 8F 98 5A FE CF CC 5C 1..f..W. w..Z...\ >[120] 19 A1 39 8D 6C 52 BF 99 20 4E AA 16 9C A2 40 BD ..9.lR.. N....@. >[130] 6D 94 B5 24 F2 4B B9 18 08 B1 D7 E1 04 D9 23 FE m..$.K.. ......#. >[140] 49 CC 55 D6 A3 19 E3 4B 4E 1A 60 9C A8 A9 4F 8B I.U....K N.`...O. >[150] 11 EB FC E5 79 7B 05 B1 4A 78 38 4F E9 7D 2E C4 ....y{.. Jx8O.}.. >[160] 4E C8 27 4B 20 D7 86 03 7D 44 06 00 00 01 00 00 N.'K ... }D...... >[170] 00 77 00 7A 00 FF FF 00 00 6B CE CA ED DE 98 F4 .w.z.... .k...... >[180] 72 DB ED 41 0F 25 1F 84 2C 22 87 46 C3 BB 7C 72 r..A.%.. ,".F..|r >[190] 88 . >get_sequence_for_reply: found seq = 41 mid = 22 >simple_packet_signature: sequence number 41 >client_check_incoming_message: seq 41: got good SMB signature of >[000] 1C F1 8D 3E D3 A7 4F 2C ...>..O, >size=456 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=51205 >smb_tid=6149 >smb_pid=9850 >smb_uid=10242 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 400 (0x190) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 400 (0x190) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=401 >[000] 78 05 00 02 03 10 00 00 00 90 01 20 00 0C 00 00 x....... ... .... >[010] 00 50 01 00 00 00 00 00 00 76 CF 7E B4 43 E2 10 .P...... .v.~.C.. >[020] EB 08 BE 60 EB 35 D4 D7 40 0B 6D D6 46 4A F5 E4 ...`.5.. @.m.FJ.. >[030] CA 04 B5 D5 A9 19 8C B3 5A 53 3A 69 C9 A2 D3 69 ........ ZS:i...i >[040] 96 9D 17 28 C4 BE 16 5C 52 B5 4E D4 58 0B F7 A7 ...(...\ R.N.X... >[050] C4 38 A5 E4 D6 B1 69 D2 10 99 B1 F5 0D 71 A5 B0 .8....i. .....q.. >[060] 3D D2 03 C7 2E C3 E2 DC 9D 9A DE F0 19 A8 6D 31 =....... ......m1 >[070] D6 B5 43 DB 7E 8E E9 DC A1 06 1A 88 72 EE BA A4 ..C.~... ....r... >[080] 95 5C 3F 4B 64 D6 70 F1 65 03 3E 9A 3A 44 A0 D2 .\?Kd.p. e.>.:D.. >[090] 09 4B CB 37 F8 5A 09 4F 45 C0 CF ED 26 C7 4F 99 .K.7.Z.O E...&.O. >[0A0] 27 86 4D 39 4A 09 84 EA A7 D5 AD 04 3F 8C 55 1E '.M9J... ....?.U. >[0B0] 31 2B 6D C1 83 49 DB 63 8C 88 6B 8E B7 D8 A8 03 1+m..I.c ..k..... >[0C0] CE 05 67 E1 8A 15 29 56 A6 31 B0 91 C6 29 00 3C ..g...)V .1...).< >[0D0] 17 1D F2 3B 2E 1F E1 BC 38 9D 32 26 74 22 D9 D8 ...;.... 8.2&t".. >[0E0] D3 6A 35 50 59 0F 2A 43 20 4B 04 BE A6 8D DE B4 .j5PY.*C K...... >[0F0] 7C DE A3 6E BD 64 9D 16 60 7B 4C 60 27 7B C5 DB |..n.d.. `{L`'{.. >[100] 4E FB 31 A5 F1 C7 24 25 18 7E 1C 73 D2 16 A9 E8 N.1...$% .~.s.... >[110] 31 06 E5 66 A0 C7 57 A4 77 8F 98 5A FE CF CC 5C 1..f..W. w..Z...\ >[120] 19 A1 39 8D 6C 52 BF 99 20 4E AA 16 9C A2 40 BD ..9.lR.. N....@. >[130] 6D 94 B5 24 F2 4B B9 18 08 B1 D7 E1 04 D9 23 FE m..$.K.. ......#. >[140] 49 CC 55 D6 A3 19 E3 4B 4E 1A 60 9C A8 A9 4F 8B I.U....K N.`...O. >[150] 11 EB FC E5 79 7B 05 B1 4A 78 38 4F E9 7D 2E C4 ....y{.. Jx8O.}.. >[160] 4E C8 27 4B 20 D7 86 03 7D 44 06 00 00 01 00 00 N.'K ... }D...... >[170] 00 77 00 7A 00 FF FF 00 00 6B CE CA ED DE 98 F4 .w.z.... .k...... >[180] 72 DB ED 41 0F 25 1F 84 2C 22 87 46 C3 BB 7C 72 r..A.%.. ,".F..|r >[190] 88 . >get_sequence_for_reply: found seq = 41 mid = 22 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0190 > 000a auth_len : 0020 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000150 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >000168 smb_io_rpc_hdr_auth hdr_auth > 0168 auth_type : 44 > 0169 auth_level : 06 > 016a auth_pad_len : 00 > 016b auth_reserved: 00 > 016c auth_context_id: 00000001 >000170 smb_io_rpc_auth_schannel_chk > 0170 sig : 77 00 7a 00 ff ff 00 00 > 0178 seq_num: 6b ce ca ed de 98 f4 72 > 0180 packet_digest: db ed 41 0f 25 1f 84 2c > 0188 confounder: 22 87 46 c3 bb 7c 72 88 >SCHANNEL: schannel_decode seq_num=5 data_len=336 >SCHANNEL: schannel_decode seq_num=5 data_len=336 >cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 >rpc_api_pipe: got PDU len of 400 at offset 0 >rpc_api_pipe: host norma.child03.eightad6.testing.com, pipe \NETLOGON, fnum 0x800f returned 672 bytes. > netr_LogonSamLogonEx: struct netr_LogonSamLogonEx > out: struct netr_LogonSamLogonEx > validation : * > validation : union netr_Validation(case 3) > sam3 : * > sam3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > last_logon : NTTIME(0) > last_logoff : Thu 14 Sep 30828 08:18:05 AM IST IST > acct_expiry : Thu 14 Sep 30828 08:18:05 AM IST IST > last_password_change : Wed 25 Nov 2009 03:53:53 PM IST IST > allow_password_change : Wed 25 Nov 2009 03:53:53 PM IST IST > force_password_change : Thu 14 Sep 30828 08:18:05 AM IST IST > account_name: struct lsa_String > length : 0x0008 (8) > size : 0x000a (10) > string : * > string : 'test' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > rid : 0x0000044f (1103) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000001 (1) > rids : * > rids: ARRAY(1) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : b04b5ef31fbeb49a62824758d32977f8 > logon_server: struct lsa_StringLarge > length : 0x000a (10) > size : 0x000c (12) > string : * > string : 'NORMA' > domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'CHILD03' > domain_sid : * > domain_sid : S-1-5-21-1527705246-3463401961-2594329352 > LMSessKey: struct netr_LMSessionKey > key : 5500c719feb0f6ca > acct_flags : 0x00000210 (528) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 1: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > unknown: ARRAY(7) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > sidcount : 0x00000000 (0) > sids : NULL > authoritative : * > authoritative : 0x01 (1) > flags : * > flags : 0x00000000 (0) > result : NT_STATUS_OK >wcache_invalidate_samlogon: clearing U/S-1-5-21-1527705246-3463401961-2594329352-1103 >wcache_invalidate_samlogon: clearing UG/S-1-5-21-1527705246-3463401961-2594329352-1103 >netsamlogon_clear_cached_user: SID [S-1-5-21-1527705246-3463401961-2594329352-1103] >netsamlogon_cache_store: SID [S-1-5-21-1527705246-3463401961-2594329352-1103] > &r: struct netsamlogoncache_entry > timestamp : Wed 25 Nov 2009 06:31:41 PM IST IST > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > last_logon : NTTIME(0) > last_logoff : Thu 14 Sep 30828 08:18:05 AM IST IST > acct_expiry : Thu 14 Sep 30828 08:18:05 AM IST IST > last_password_change : Wed 25 Nov 2009 03:53:53 PM IST IST > allow_password_change : Wed 25 Nov 2009 03:53:53 PM IST IST > force_password_change : Thu 14 Sep 30828 08:18:05 AM IST IST > account_name: struct lsa_String > length : 0x0008 (8) > size : 0x000a (10) > string : * > string : 'test' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > rid : 0x0000044f (1103) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000001 (1) > rids : * > rids: ARRAY(1) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 8d5e68023716cf296160760773aa5838 > logon_server: struct lsa_StringLarge > length : 0x000a (10) > size : 0x000c (12) > string : * > string : 'NORMA' > domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'CHILD03' > domain_sid : * > domain_sid : S-1-5-21-1527705246-3463401961-2594329352 > LMSessKey: struct netr_LMSessionKey > key : 6815f1e8d6188d79 > acct_flags : 0x00000210 (528) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 1: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > unknown: ARRAY(7) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > unknown : 0x00000000 (0) > sidcount : 0x00000000 (0) > sids : NULL >NTLM CRAP authentication for user [CHILD03]\[test] returned NT_STATUS_OK (PAM: 0) >Storing response for pid 9850, len 3496 >Destroying timed event 2ab26bad6860 "async_request_timeout_handler" >Retrieving response for pid 9850 >timed_events_timeout: 604677/684624 >select will use timeout of 604677.684624 seconds >final write to client failed: Broken pipe
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5006">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6563
:
5004
|
5005
| 5006 |
5007
|
5015
|
5880
|
5882