[2004/05/10 00:23:58, 1] nsswitch/winbindd.c:main(843) winbindd version 3.0.4 started. Copyright The Samba Team 2000-2004 [2004/05/10 00:23:58, 5] lib/debug.c:debug_dump_status(369) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 doing parameter map to guest = bad user doing parameter security = domain doing parameter encrypt passwords = yes doing parameter smb passwd file = /etc/samba/smbpasswd doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter domain master = no doing parameter preferred master = no doing parameter domain logons = no doing parameter add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u' doing parameter delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u' doing parameter add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g' doing parameter delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g' doing parameter set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u' doing parameter add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}' doing parameter delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g' doing parameter add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u && sleep 5 doing parameter passdb backend = tdbsam smbpasswd guest doing parameter idmap backend = ldap:ldap://chinook.ranger.dnsalias.com doing parameter idmap uid = 10000-20000 doing parameter idmap gid = 10000-20000 doing parameter ldap admin dn = cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com doing parameter ldap suffix = dc=ranger,dc=dnsalias,dc=com doing parameter ldap machine suffix = ou=Hosts doing parameter ldap user suffix = ou=People doing parameter ldap group suffix = ou=Group doing parameter ldap idmap suffix = ou=Idmap doing parameter ldap passwd sync = yes doing parameter name resolve order = wins lmhosts bcast doing parameter wins server = 192.168.1.1 doing parameter dns proxy = no [2004/05/10 00:23:58, 2] param/loadparm.c:do_section(3392) Processing section "[homes]" doing parameter comment = Home Directories doing parameter browseable = no doing parameter writable = yes [2004/05/10 00:23:58, 2] param/loadparm.c:do_section(3392) Processing section "[printers]" doing parameter comment = All Printers doing parameter path = /var/spool/samba doing parameter browseable = no doing parameter guest ok = yes doing parameter writable = no doing parameter printable = yes doing parameter create mode = 0700 doing parameter print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. [2004/05/10 00:23:58, 2] param/loadparm.c:do_section(3392) Processing section "[print$]" doing parameter path = /var/lib/samba/printers doing parameter browseable = yes doing parameter write list = @adm root doing parameter guest ok = yes doing parameter inherit permissions = yes [2004/05/10 00:23:58, 2] param/loadparm.c:do_section(3392) Processing section "[pdf-generator]" doing parameter path = /var/tmp doing parameter guest ok = No doing parameter printable = Yes doing parameter comment = PDF Generator (only valid users) doing parameter print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" & [2004/05/10 00:23:58, 4] param/loadparm.c:lp_load(3909) pm_process() returned Yes [2004/05/10 00:23:58, 3] param/loadparm.c:lp_add_ipc(2359) adding IPC service [2004/05/10 00:23:58, 3] param/loadparm.c:lp_add_ipc(2359) adding IPC service [2004/05/10 00:23:58, 10] param/loadparm.c:set_server_role(3818) set_server_role: role = ROLE_DOMAIN_MEMBER [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS-2LE [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS-2LE [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UTF8 [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(103) Registered charset UTF8 [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset ASCII [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(103) Registered charset ASCII [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset 646 [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(103) Registered charset 646 [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset ISO-8859-1 [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(103) Registered charset ISO-8859-1 [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS2-HEX [2004/05/10 00:23:58, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS2-HEX [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2004/05/10 00:23:58, 2] lib/interface.c:add_interface(79) added interface ip=192.168.1.247 bcast=192.168.1.255 nmask=255.255.255.0 [2004/05/10 00:23:58, 5] lib/util.c:init_names(270) Netbios name list:- my_netbios_names[0]="THINKPAD" [2004/05/10 00:23:58, 2] lib/interface.c:add_interface(79) added interface ip=192.168.1.247 bcast=192.168.1.255 nmask=255.255.255.0 [2004/05/10 00:23:58, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/cache/samba/gencache.tdb [2004/05/10 00:23:58, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2004/05/10 00:23:58, 5] sam/idmap.c:smb_register_idmap(89) smb_register_idmap: Successfully added idmap backend 'ldap' [2004/05/10 00:23:58, 5] sam/idmap.c:smb_register_idmap(89) smb_register_idmap: Successfully added idmap backend 'tdb' [2004/05/10 00:23:58, 10] sam/idmap_tdb.c:db_idmap_init(500) db_idmap_init: Opening tdbfile /var/cache/samba/winbindd_idmap.tdb [2004/05/10 00:23:58, 3] sam/idmap.c:idmap_init(129) idmap_init: using 'ldap' as remote backend [2004/05/10 00:23:58, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base => [ou=Idmap,dc=ranger,dc=dnsalias,dc=com], filter => [(objectclass=sambaUnixIdPool)], scope => [2] [2004/05/10 00:23:58, 10] lib/smbldap.c:smbldap_open_connection(543) smbldap_open_connection: ldap://chinook.ranger.dnsalias.com [2004/05/10 00:23:58, 2] lib/smbldap.c:smbldap_open_connection(639) smbldap_open_connection: connection opened [2004/05/10 00:23:58, 10] lib/smbldap.c:smbldap_connect_system(771) ldap_connect_system: Binding to ldap server ldap://chinook.ranger.dnsalias.com as "cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com" [2004/05/10 00:23:58, 3] lib/smbldap.c:smbldap_connect_system(806) ldap_connect_system: succesful connection to the LDAP server [2004/05/10 00:23:58, 4] lib/smbldap.c:smbldap_open(857) The LDAP server is succesful connected [2004/05/10 00:23:58, 8] lib/util.c:fcntl_lock(1656) fcntl_lock 8 13 0 1 1 [2004/05/10 00:23:58, 8] lib/util.c:fcntl_lock(1691) fcntl_lock: Lock call successful [2004/05/10 00:23:58, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2004/05/10 00:23:58, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2004/05/10 00:23:58, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: WIN2K is an NT4 domain [2004/05/10 00:23:58, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain WIN2K S-0-0 [2004/05/10 00:23:58, 4] passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext machine password [2004/05/10 00:23:58, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [wins lmhosts bcast] [2004/05/10 00:23:58, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up WIN2K#1c [2004/05/10 00:23:58, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/WIN2K#1C, value = 192.168.1.246:0,169.254.92.19:0, timeout = Mon May 10 00:29:14 2004 [2004/05/10 00:23:58, 5] libsmb/namecache.c:namecache_fetch(201) name WIN2K#1C found. [2004/05/10 00:23:58, 8] libsmb/namequery.c:get_dc_list(1300) Adding 2 DC's from auto lookup [2004/05/10 00:23:58, 10] libsmb/namequery.c:remove_duplicate_addrs2(319) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/05/10 00:23:58, 4] libsmb/namequery.c:get_dc_list(1376) get_dc_list: returning 2 ip addresses in an unordered list [2004/05/10 00:23:58, 4] libsmb/namequery.c:get_dc_list(1377) get_dc_list: 192.168.1.246:0 169.254.92.19:0 [2004/05/10 00:23:58, 10] libsmb/namequery.c:name_status_find(187) name_status_find: looking up WIN2K#1c at 192.168.1.246 [2004/05/10 00:23:58, 10] lib/gencache.c:gencache_get(286) Cache entry with key = NBT/WIN2K#1C.20.192.168.1.246 couldn't be found [2004/05/10 00:23:58, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/WIN2K#1C.20.192.168.1.246 found. [2004/05/10 00:23:58, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/WIN2K#1C.20.192.168.1.246) [2004/05/10 00:23:58, 10] lib/util_sock.c:open_socket_in(700) bind succeeded on port 0 [2004/05/10 00:23:58, 5] libsmb/nmblib.c:send_udp(774) Sending a packet of len 50 to (192.168.1.246) on port 137 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_udp_socket(213) read_udp_socket: lastip 192.168.1.246 lastport 137 read: 337 [2004/05/10 00:23:58, 10] libsmb/nmblib.c:parse_nmb(498) parse_nmb: packet id = 7649 [2004/05/10 00:23:58, 5] libsmb/nmblib.c:read_packet(752) Received a packet of len 337 from (192.168.1.246) port 137 [2004/05/10 00:23:58, 4] libsmb/nmblib.c:debug_nmb_packet(109) nmb packet from 192.168.1.246(137) header: id=7649 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=WIN2K<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .COMANCHE-W2K hex 0B434F4D414E4348452D57324B202020 answers 10 char ...COMANCHE-W2K hex 000400434F4D414E4348452D57324B20 answers 20 char ..WIN2K hex 202020040057494E324B202020202020 answers 30 char ...WIN2K hex 2020202000840057494E324B20202020 answers 40 char ...WIN2K hex 2020202020201C840057494E324B2020 answers 50 char ...WIN2K hex 20202020202020201B040057494E324B answers 60 char ...COM hex 202020202020202020201E8400434F4D answers 70 char ANCHE-W2K ...W hex 414E4348452D57324B20202003040057 answers 80 char IN2K .. hex 494E324B202020202020202020201D04 answers 90 char ...__MSBROWSE__. hex 0001025F5F4D5342524F5753455F5F02 answers a0 char ...INet~Services hex 018400494E65747E5365727669636573 answers b0 char ...IS~COMANCHE hex 20201C840049537E434F4D414E434845 answers c0 char -W2K.....?k..... hex 2D57324B00040000023F6BB982000000 answers d0 char ................ hex 00000000000000000000000000000000 answers e0 char ................ hex 00000000000000000000000000000000 answers f0 char ..... hex 0000000000 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) COMANCHE-W2K#00: flags = 0x04 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) COMANCHE-W2K#20: flags = 0x04 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) WIN2K#00: flags = 0x84 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) WIN2K#1c: flags = 0x84 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) WIN2K#1b: flags = 0x04 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) WIN2K#1e: flags = 0x84 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) COMANCHE-W2K#03: flags = 0x04 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) WIN2K#1d: flags = 0x04 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) __MSBROWSE__#01: flags = 0x84 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) INet~Services#1c: flags = 0x84 [2004/05/10 00:23:58, 10] libsmb/namequery.c:parse_node_status(69) IS~COMANCHE-W2K#00: flags = 0x04 [2004/05/10 00:23:58, 10] libsmb/namequery.c:name_status_find(226) name_status_find: name found, name COMANCHE-W2K ip address is 192.168.1.246 [2004/05/10 00:23:58, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC COMANCHE-W2K (192.168.1.246) for domain WIN2K [2004/05/10 00:23:58, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(107) IPC$ connections done by user WIN2K\rms [2004/05/10 00:23:58, 10] passdb/secrets.c:secrets_named_mutex(704) secrets_named_mutex: got mutex for COMANCHE-W2K [2004/05/10 00:23:58, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=COMANCHE-W2K [2004/05/10 00:23:58, 3] lib/util_sock.c:open_socket_out(735) Connecting to 192.168.1.246 at port 445 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_KEEPALIVE = 0 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_REUSEADDR = 0 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_BROADCAST = 0 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option TCP_NODELAY = 1 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_LOWDELAY = 0 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_THROUGHPUT = 0 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDBUF = 16384 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVBUF = 16384 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDLOWAT = 1 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVLOWAT = 1 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDTIMEO = 0 [2004/05/10 00:23:58, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVTIMEO = 0 [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,183) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,183) wrote 183 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 173 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=53376 (0xD080) smb_vwv[12]=15982 (0x3E6E) smb_vwv[13]= 5201 (0x1451) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=53376 (0xD080) smb_vwv[12]=15982 (0x3E6E) smb_vwv[13]= 5201 (0x1451) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:23:58, 4] lib/time.c:get_serverzone(122) Serverzone is -7200 [2004/05/10 00:23:58, 5] nsswitch/winbindd_cm.c:cm_open_connection(277) connecting to COMANCHE-W2K from THINKPAD with username [WIN2K]\[rms] [2004/05/10 00:23:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob length=104) [2004/05/10 00:23:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 48018 1 2 2 [2004/05/10 00:23:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 3 6 1 4 1 311 2 2 10 [2004/05/10 00:23:58, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737) got principal=comanche-w2k$@WIN2K.RANGER.DNSALIAS.COM [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,164) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,164) wrote 164 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 632 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 4D 43 FB 48 CB 45 87 .0...... @MCûHËE. [040] B6 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ¶....... .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 4D 43 FB .....0.. ....@MCû [130] 48 CB 45 87 B6 00 00 00 00 00 00 00 00 B4 00 B4 HËE.¶... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 4D 43 FB 48 CB 45 87 .0...... @MCûHËE. [040] B6 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ¶....... .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 4D 43 FB .....0.. ....@MCû [130] 48 CB 45 87 B6 00 00 00 00 00 00 00 00 B4 00 B4 HËE.¶... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:23:58, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2004/05/10 00:23:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:58, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2004/05/10 00:23:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:58, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(974) NTLMSSP challenge set by NTLM2 [2004/05/10 00:23:58, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(975) challenge is: [2004/05/10 00:23:58, 5] lib/util.c:dump_data(1864) [000] 1E 8F 82 BE C9 C0 DE 8D ...¾ÉÀÞ. [2004/05/10 00:23:58, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/05/10 00:23:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,258) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,258) wrote 258 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:58, 3] libsmb/cliconnect.c:cli_session_setup(854) SPNEGO login failed: Password expired [2004/05/10 00:23:58, 4] nsswitch/winbindd_cm.c:cm_open_connection(286) failed authenticated session setup with NT_STATUS_PASSWORD_EXPIRED [2004/05/10 00:23:58, 5] nsswitch/winbindd_cm.c:cm_open_connection(297) anonymous connection attempt to COMANCHE-W2K from THINKPAD [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,92) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,92) wrote 92 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 127 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,92) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,92) wrote 92 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 48 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 49 50 43 00 00 00 00 IPC.... [2004/05/10 00:23:58, 10] libsmb/clientgen.c:cli_init_creds(212) cli_init_creds: user rms domain WIN2K [2004/05/10 00:23:58, 10] passdb/secrets.c:secrets_named_mutex_release(716) secrets_named_mutex: released mutex for COMANCHE-W2K [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,104) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,104) wrote 104 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4006]: \PIPE\lsarpc [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.±Ð. .¨.ÀOÙ.õ [010] 00 00 00 00 .... [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 3919286a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : b10c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : 11d0 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : 9b a8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 00 c0 4f d9 2e f5 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000000 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=87 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A .¸...... .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9.±Ð.. ¨.ÀOÙ.õ. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,158) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,158) wrote 158 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 124 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 8A D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 8A D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000001 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/05/10 00:23:58, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d88a [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 ds_io_q_getprimdominfo [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0000 level: 0001 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x0 data_len: 0x1a [2004/05/10 00:23:58, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0000 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=41 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,112) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,112) wrote 112 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 280 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=280 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 224 (0xE0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=225 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 E0 00 00 00 02 00 00 ........ .à...... [010] 00 C8 00 00 00 00 00 00 00 40 1E 13 00 01 00 45 .È...... .@.....E [020] 5C 05 00 61 73 03 00 00 01 78 55 08 00 40 69 14 \..as... .xU..@i. [030] 00 48 64 14 00 F8 8D 7C 14 5C 17 28 44 BE E9 1D .Hd..ø.| .\.(D¾é. [040] 12 EF 64 0B 08 06 00 00 00 00 00 00 00 06 00 00 .ïd..... ........ [050] 00 57 00 49 00 4E 00 32 00 4B 00 00 00 1A 00 00 .W.I.N.2 .K...... [060] 00 00 00 00 00 1A 00 00 00 77 00 69 00 6E 00 32 ........ .w.i.n.2 [070] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [080] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [090] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 1A 00 00 .s...c.o .m...... [0A0] 00 00 00 00 00 1A 00 00 00 77 00 69 00 6E 00 32 ........ .w.i.n.2 [0B0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0C0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0D0] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 .s...c.o .m...... [0E0] 00 . [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=280 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 224 (0xE0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=225 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 E0 00 00 00 02 00 00 ........ .à...... [010] 00 C8 00 00 00 00 00 00 00 40 1E 13 00 01 00 45 .È...... .@.....E [020] 5C 05 00 61 73 03 00 00 01 78 55 08 00 40 69 14 \..as... .xU..@i. [030] 00 48 64 14 00 F8 8D 7C 14 5C 17 28 44 BE E9 1D .Hd..ø.| .\.(D¾é. [040] 12 EF 64 0B 08 06 00 00 00 00 00 00 00 06 00 00 .ïd..... ........ [050] 00 57 00 49 00 4E 00 32 00 4B 00 00 00 1A 00 00 .W.I.N.2 .K...... [060] 00 00 00 00 00 1A 00 00 00 77 00 69 00 6E 00 32 ........ .w.i.n.2 [070] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [080] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [090] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 1A 00 00 .s...c.o .m...... [0A0] 00 00 00 00 00 1A 00 00 00 77 00 69 00 6E 00 32 ........ .w.i.n.2 [0B0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0C0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0D0] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 .s...c.o .m...... [0E0] 00 . [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 224 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 00e0 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000002 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 000000c8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 224 [2004/05/10 00:23:58, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 ds_io_r_getprimdominfo [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr: 00131e40 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c level: 0001 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001e unknown0: 5c45 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0020 machine_role: 0005 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0022 unknown: 7361 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 flags: 01000003 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0028 netbios_ptr: 00085578 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c dnsname_ptr: 00146940 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 forestname_ptr: 00146448 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid domain_guid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 147c8df8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 175c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 4428 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : be e9 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 1d 12 ef 64 0b 08 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000044 smb_io_unistr2 netbios_domain [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 uni_max_len: 00000006 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c uni_str_len: 00000006 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0050 buffer : W.I.N.2.K... [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 00005c smb_io_unistr2 dns_domain [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c uni_max_len: 0000001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0060 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 uni_str_len: 0000001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0068 buffer : w.i.n.2.k...r.a.n.g.e.r...d.n.s.a.l.i.a.s...c.o.m... [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 00009c smb_io_unistr2 forest_domain [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 009c uni_max_len: 0000001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a0 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a4 uni_str_len: 0000001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00a8 buffer : w.i.n.2.k...r.a.n.g.e.r...d.n.s.a.l.i.a.s...c.o.m... [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 00dc status: NT_STATUS_OK [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,45) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,45) wrote 45 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,104) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,104) wrote 104 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4007]: \PIPE\lsarpc [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« [010] 00 00 00 00 .... [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345778 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 89 ab [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000000 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=87 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,158) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,158) wrote 158 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 124 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 8B D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 8B D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000003 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/05/10 00:23:58, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d88b [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:23:58, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(142) init_lsa_sec_qos [2004/05/10 00:23:58, 5] rpc_parse/parse_lsa.c:init_q_open_pol2(338) init_q_open_pol2: attr:0 da:33554432 [2004/05/10 00:23:58, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(193) init_lsa_obj_attr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol2 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 00000001 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002e lsa_io_obj_attr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 len : 00000018 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 ptr_root_dir: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 ptr_obj_name: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 003c attributes : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 ptr_sec_desc: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 ptr_sec_qos : 00000001 [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000048 lsa_io_obj_qos sec_qos [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 len : 0000000c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 004c sec_imp_level : 0002 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004e sec_ctxt_mode : 01 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 004f effective_only: 00 [2004/05/10 00:23:58, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 des_access: 02000000 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x2c data_len: 0x6c [2004/05/10 00:23:58, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 6c auth_len: 0 alloc_hint: 5c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 006c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000005c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 002c [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=123 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 04 00 00 00 5C .......l .......\ [020] 00 00 00 00 00 2C 00 01 00 00 00 0F 00 00 00 00 .....,.. ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 18 00 00 00 00 00 00 00 00 .K...... ........ [060] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ [070] 00 00 00 02 00 01 00 00 00 00 02 ........ ... [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,194) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,194) wrote 194 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 104 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 40 3C F0 ........ .....@<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 . [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 40 3C F0 ........ .....@<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 . [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 48 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000004 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 48 [2004/05/10 00:23:58, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_open_pol2 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_pol_hnd [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 data1: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c data2: 8ef03c40 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0020 data3: a207 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0022 data4: 11d8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0024 data5: 86 19 00 20 e0 83 62 f5 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 002c status: NT_STATUS_OK [2004/05/10 00:23:58, 5] rpc_parse/parse_lsa.c:init_q_query2(2176) init_q_query2 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query_info2 [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 8ef03c40 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: a207 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 11d8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 86 19 00 20 e0 83 62 f5 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 info_class: 000c [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x2e data_len: 0x2e [2004/05/10 00:23:58, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 002e [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000001e [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 002e [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=61 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 1E ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 40 3C F0 8E 07 ........ ...@<ð.. [030] A2 D8 11 86 19 00 20 E0 83 62 F5 0C 00 ¢Ø.... à .bõ.. [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,132) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,132) wrote 132 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 316 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=316 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 260 (0x104) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 260 (0x104) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=261 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 04 01 00 00 05 00 00 ........ ........ [010] 00 EC 00 00 00 00 00 00 00 08 8E 11 00 0C 00 00 .ì...... ........ [020] 00 0A 00 0C 00 58 66 14 00 32 00 34 00 48 64 14 .....Xf. .2.4.Hd. [030] 00 32 00 34 00 40 69 14 00 F8 8D 7C 14 5C 17 28 .2.4.@i. .ø.|.\.( [040] 44 BE E9 1D 12 EF 64 0B 08 80 1F 13 00 06 00 00 D¾é..ïd. ........ [050] 00 00 00 00 00 05 00 00 00 57 00 49 00 4E 00 32 ........ .W.I.N.2 [060] 00 4B 00 00 00 1A 00 00 00 00 00 00 00 19 00 00 .K...... ........ [070] 00 77 00 69 00 6E 00 32 00 6B 00 2E 00 72 00 61 .w.i.n.2 .k...r.a [080] 00 6E 00 67 00 65 00 72 00 2E 00 64 00 6E 00 73 .n.g.e.r ...d.n.s [090] 00 61 00 6C 00 69 00 61 00 73 00 2E 00 63 00 6F .a.l.i.a .s...c.o [0A0] 00 6D 00 00 00 1A 00 00 00 00 00 00 00 19 00 00 .m...... ........ [0B0] 00 77 00 69 00 6E 00 32 00 6B 00 2E 00 72 00 61 .w.i.n.2 .k...r.a [0C0] 00 6E 00 67 00 65 00 72 00 2E 00 64 00 6E 00 73 .n.g.e.r ...d.n.s [0D0] 00 61 00 6C 00 69 00 61 00 73 00 2E 00 63 00 6F .a.l.i.a .s...c.o [0E0] 00 6D 00 57 00 04 00 00 00 01 04 00 00 00 00 00 .m.W.... ........ [0F0] 05 15 00 00 00 CD 7C 41 66 13 16 10 09 8A A7 32 .....Í|A f.....§2 [100] 3F 00 00 00 00 ?.... [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=316 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 260 (0x104) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 260 (0x104) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=261 [2004/05/10 00:23:58, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 04 01 00 00 05 00 00 ........ ........ [010] 00 EC 00 00 00 00 00 00 00 08 8E 11 00 0C 00 00 .ì...... ........ [020] 00 0A 00 0C 00 58 66 14 00 32 00 34 00 48 64 14 .....Xf. .2.4.Hd. [030] 00 32 00 34 00 40 69 14 00 F8 8D 7C 14 5C 17 28 .2.4.@i. .ø.|.\.( [040] 44 BE E9 1D 12 EF 64 0B 08 80 1F 13 00 06 00 00 D¾é..ïd. ........ [050] 00 00 00 00 00 05 00 00 00 57 00 49 00 4E 00 32 ........ .W.I.N.2 [060] 00 4B 00 00 00 1A 00 00 00 00 00 00 00 19 00 00 .K...... ........ [070] 00 77 00 69 00 6E 00 32 00 6B 00 2E 00 72 00 61 .w.i.n.2 .k...r.a [080] 00 6E 00 67 00 65 00 72 00 2E 00 64 00 6E 00 73 .n.g.e.r ...d.n.s [090] 00 61 00 6C 00 69 00 61 00 73 00 2E 00 63 00 6F .a.l.i.a .s...c.o [0A0] 00 6D 00 00 00 1A 00 00 00 00 00 00 00 19 00 00 .m...... ........ [0B0] 00 77 00 69 00 6E 00 32 00 6B 00 2E 00 72 00 61 .w.i.n.2 .k...r.a [0C0] 00 6E 00 67 00 65 00 72 00 2E 00 64 00 6E 00 73 .n.g.e.r ...d.n.s [0D0] 00 61 00 6C 00 69 00 61 00 73 00 2E 00 63 00 6F .a.l.i.a .s...c.o [0E0] 00 6D 00 57 00 04 00 00 00 01 04 00 00 00 00 00 .m.W.... ........ [0F0] 05 15 00 00 00 CD 7C 41 66 13 16 10 09 8A A7 32 .....Í|A f.....§2 [100] 3F 00 00 00 00 ?.... [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 260 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0104 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000005 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 000000ec [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:58, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 260 [2004/05/10 00:23:58, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 lsa_io_r_query_info2 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr: 00118e08 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c info_class: 000c [2004/05/10 00:23:58, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001e lsa_io_dns_dom_info info12 [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_unihdr nb_name [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0020 uni_str_len: 000a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0022 uni_max_len: 000c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0024 buffer : 00146658 [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_unihdr dns_name [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0028 uni_str_len: 0032 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002a uni_max_len: 0034 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c buffer : 00146448 [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_unihdr forest [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0030 uni_str_len: 0032 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0032 uni_max_len: 0034 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 buffer : 00146940 [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_uuid dom_guid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 data : 147c8df8 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003c data : 175c [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003e data : 4428 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0040 data : be e9 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0042 data : 1d 12 ef 64 0b 08 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0048 dom_sid: 00131f80 [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 00004c smb_io_unistr2 nb_name [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 004c uni_max_len: 00000006 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0050 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_str_len: 00000005 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0058 buffer : W.I.N.2.K. [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 000062 smb_io_unistr2 dns_name [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0064 uni_max_len: 0000001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0068 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 006c uni_str_len: 00000019 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0070 buffer : w.i.n.2.k...r.a.n.g.e.r...d.n.s.a.l.i.a.s...c.o.m. [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000a2 smb_io_unistr2 forest [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a4 uni_max_len: 0000001a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00a8 offset : 00000000 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00ac uni_str_len: 00000019 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 00b0 buffer : w.i.n.2.k...r.a.n.g.e.r...d.n.s.a.l.i.a.s...c.o.m. [2004/05/10 00:23:58, 7] rpc_parse/parse_prs.c:prs_debug(82) 0000e2 smb_io_dom_sid2 dom_sid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32(635) 00e4 num_auths: 00000004 [2004/05/10 00:23:58, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000e8 smb_io_dom_sid sid [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00e8 sid_rev_num: 01 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00e9 num_auths : 04 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00ea id_auth[0] : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00eb id_auth[1] : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00ec id_auth[2] : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00ed id_auth[3] : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00ee id_auth[4] : 00 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint8(577) 00ef id_auth[5] : 05 [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_uint32s(862) 00f0 sub_auths : 00000015 66417ccd 09101613 3f32a78a [2004/05/10 00:23:58, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0100 status: NT_STATUS_OK [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,45) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,45) wrote 45 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=14 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(432) write_socket(12,39) [2004/05/10 00:23:58, 6] lib/util_sock.c:write_socket(435) write_socket(12,39) wrote 39 [2004/05/10 00:23:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:58, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:58, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=15 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:58, 5] nsswitch/winbindd_cache.c:get_cache(131) get_cache: Setting MS-RPC methods for domain WIN2K [2004/05/10 00:23:58, 10] nsswitch/winbindd_cache.c:wcache_flush_cache(66) wcache_flush_cache success [2004/05/10 00:23:58, 10] nsswitch/winbindd_cache.c:alternate_name(1326) alternate_name: [Cached] - doing backend query for info for domain WIN2K [2004/05/10 00:23:58, 5] nsswitch/winbindd_util.c:add_trusted_domains(207) scanning trusted domain list [2004/05/10 00:23:58, 10] nsswitch/winbindd_cache.c:trusted_domains(1301) trusted_domains: [Cached] - doing backend query for info for domain WIN2K [2004/05/10 00:23:58, 3] nsswitch/winbindd_rpc.c:trusted_domains(925) rpc: trusted_domains [2004/05/10 00:23:58, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=WIN2K [2004/05/10 00:23:58, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'win2k.ranger.dnsalias.com' [2004/05/10 00:23:58, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [ads] [2004/05/10 00:23:58, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up win2k.ranger.dnsalias.com#1c [2004/05/10 00:23:58, 10] lib/gencache.c:gencache_get(286) Cache entry with key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C couldn't be found [2004/05/10 00:23:58, 5] libsmb/namecache.c:namecache_fetch(195) no entry for win2k.ranger.dnsalias.com#1C found. [2004/05/10 00:23:58, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C) [2004/05/10 00:23:58, 8] libsmb/namequery.c:get_dc_list(1300) Adding 0 DC's from auto lookup [2004/05/10 00:23:58, 4] libsmb/namequery.c:get_dc_list(1315) get_dc_list: no servers found [2004/05/10 00:23:58, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for domain 'WIN2K' [2004/05/10 00:23:58, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [wins lmhosts bcast] [2004/05/10 00:23:58, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up WIN2K#1c [2004/05/10 00:23:58, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/WIN2K#1C, value = 192.168.1.246:0,169.254.92.19:0, timeout = Mon May 10 00:29:14 2004 [2004/05/10 00:23:58, 5] libsmb/namecache.c:namecache_fetch(201) name WIN2K#1C found. [2004/05/10 00:23:58, 8] libsmb/namequery.c:get_dc_list(1300) Adding 2 DC's from auto lookup [2004/05/10 00:23:58, 10] libsmb/namequery.c:remove_duplicate_addrs2(319) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/05/10 00:23:58, 4] libsmb/namequery.c:get_dc_list(1376) get_dc_list: returning 2 ip addresses in an unordered list [2004/05/10 00:23:58, 4] libsmb/namequery.c:get_dc_list(1377) get_dc_list: 192.168.1.246:0 169.254.92.19:0 [2004/05/10 00:23:58, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '192.168.1.246' port 389 [2004/05/10 00:23:59, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 192.168.1.246 [2004/05/10 00:23:59, 3] libads/ldap.c:ads_server_info(2029) got ldap server name comanche-w2k@WIN2K.RANGER.DNSALIAS.COM, using bind path: dc=WIN2K,dc=RANGER,dc=DNSALIAS,dc=COM [2004/05/10 00:23:59, 4] libads/ldap.c:ads_server_info(2035) time offset is 126230397 seconds [2004/05/10 00:23:59, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='COMANCHE-W2K' IP=192.168.1.246 [2004/05/10 00:23:59, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(107) IPC$ connections done by user WIN2K\rms [2004/05/10 00:23:59, 10] passdb/secrets.c:secrets_named_mutex(704) secrets_named_mutex: got mutex for COMANCHE-W2K [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=COMANCHE-W2K [2004/05/10 00:23:59, 3] lib/util_sock.c:open_socket_out(735) Connecting to 192.168.1.246 at port 445 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_KEEPALIVE = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_REUSEADDR = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_BROADCAST = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option TCP_NODELAY = 1 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_LOWDELAY = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_THROUGHPUT = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDBUF = 16384 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVBUF = 16384 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDLOWAT = 1 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVLOWAT = 1 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDTIMEO = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVTIMEO = 0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,183) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,183) wrote 183 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 173 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=19503 (0x4C2F) smb_vwv[13]= 5201 (0x1451) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=19503 (0x4C2F) smb_vwv[13]= 5201 (0x1451) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:23:59, 5] nsswitch/winbindd_cm.c:cm_open_connection(277) connecting to COMANCHE-W2K from THINKPAD with username [WIN2K]\[rms] [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob length=104) [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 48018 1 2 2 [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 3 6 1 4 1 311 2 2 10 [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737) got principal=comanche-w2k$@WIN2K.RANGER.DNSALIAS.COM [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,164) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,164) wrote 164 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 632 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 CE 0E 7C EC 9F B5 F3 .0...... @Î.|ì.µó [040] 44 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 D....... .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 CE 0E 7C .....0.. ....@Î.| [130] EC 9F B5 F3 44 00 00 00 00 00 00 00 00 B4 00 B4 ì.µóD... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 CE 0E 7C EC 9F B5 F3 .0...... @Î.|ì.µó [040] 44 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 D....... .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 CE 0E 7C .....0.. ....@Î.| [130] EC 9F B5 F3 44 00 00 00 00 00 00 00 00 B4 00 B4 ì.µóD... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:59, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(974) NTLMSSP challenge set by NTLM2 [2004/05/10 00:23:59, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(975) challenge is: [2004/05/10 00:23:59, 5] lib/util.c:dump_data(1864) [000] 8E F5 32 CE AE 70 75 F0 .õ2ήpuð [2004/05/10 00:23:59, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,258) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,258) wrote 258 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup(854) SPNEGO login failed: Password expired [2004/05/10 00:23:59, 4] nsswitch/winbindd_cm.c:cm_open_connection(286) failed authenticated session setup with NT_STATUS_PASSWORD_EXPIRED [2004/05/10 00:23:59, 5] nsswitch/winbindd_cm.c:cm_open_connection(297) anonymous connection attempt to COMANCHE-W2K from THINKPAD [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,92) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,92) wrote 92 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 127 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,92) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,92) wrote 92 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 48 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 49 50 43 00 00 00 00 IPC.... [2004/05/10 00:23:59, 10] libsmb/clientgen.c:cli_init_creds(212) cli_init_creds: user rms domain WIN2K [2004/05/10 00:23:59, 10] passdb/secrets.c:secrets_named_mutex_release(716) secrets_named_mutex: released mutex for COMANCHE-W2K [2004/05/10 00:23:59, 4] passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext machine password [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,108) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,108) wrote 108 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4006]: \PIPE\NETLOGON [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000006 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=87 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,158) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,158) wrote 158 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 124 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [010] 00 B8 10 B8 10 8C D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [010] 00 B8 10 B8 10 8C D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000006 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d88c [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:23:59, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from THINKPAD to COMANCHE-W2K: 5C0331981C7B8430 [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_req_chal(621) init_q_req_chal: 621 [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_req_chal(630) init_q_req_chal: 630 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00004e smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 004e data: 5c 03 31 98 1c 7b 84 30 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x4 data_len: 0x6e [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 6e auth_len: 0 alloc_hint: 5e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 006e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000007 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000005e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 110 (0x6E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 110 (0x6E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=125 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6E 00 00 00 07 00 00 00 5E .......n .......^ [020] 00 00 00 00 00 04 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 09 00 00 00 00 00 00 00 09 .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 00 00 5C 03 31 98 1C 7B 84 30 .D...\.1 ..{.0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,196) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,196) wrote 196 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 92 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 17 E7 42 E2 50 1A A6 ........ ..çBâP.¦ [020] 93 00 00 00 00 ..... [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 17 E7 42 E2 50 1A A6 ........ ..çBâP.¦ [020] 93 00 00 00 00 ..... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 36 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000007 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 36 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 17 e7 42 e2 50 1a a6 93 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 5C0331981C7B8430 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 17E742E2501AA693 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : 73EA737A6C952AC4 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(64) sess_key : D254742CADFC61AA [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(92) sess_key : D254742CADFC61AA [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(93) stor_cred: 5C0331981C7B8430 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(95) timecred : 5C0331981C7B8430 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(96) calc_cred: AF9D4426D5B17932 [2004/05/10 00:23:59, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) cli_net_auth2: srv:\\COMANCHE-W2K acct:THINKPAD$ sc:2 mc: THINKPAD chal AF9D4426D5B17932 neg: 400701ff [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_auth_2(742) init_q_auth_2: 742 [2004/05/10 00:23:59, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_auth_2(748) init_q_auth_2: 748 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 0000000a [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 0000000a [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D.$... [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0050 sec_chan: 0002 [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000052 smb_io_unistr2 unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_max_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c uni_str_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0060 buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0072 data: af 9d 44 26 d5 b1 79 32 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00007a net_io_neg_flags [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c neg_flags: 400701ff [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0xf data_len: 0x98 [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 98 auth_len: 0 alloc_hint: 88 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000008 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000088 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=167 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 00 00 08 00 00 00 88 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 24 00 00 00 02 00 00 00 09 00 00 00 00 .D.$.... ........ [080] 00 00 00 09 00 00 00 54 00 48 00 49 00 4E 00 4B .......T .H.I.N.K [090] 00 50 00 41 00 44 00 00 00 AF 9D 44 26 D5 B1 79 .P.A.D.. .¯.D&Õ±y [0A0] 32 00 00 FF 01 07 40 2..ÿ..@ [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,238) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,238) wrote 238 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 96 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D0 78 4B 98 1C F2 AF ........ .ÐxK..ò¯ [020] FC FF 01 07 40 00 00 00 00 üÿ..@... . [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D0 78 4B 98 1C F2 AF ........ .ÐxK..ò¯ [020] FC FF 01 07 40 00 00 00 00 üÿ..@... . [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 40 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0028 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000008 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 40 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: d0 78 4b 98 1c f2 af fc [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(92) sess_key : D254742CADFC61AA [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(93) stor_cred: 17E742E2501AA693 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(95) timecred : 17E742E2501AA693 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(96) calc_cred: D0784B981CF2AFFC [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_assert(123) challenge : D0784B981CF2AFFC [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_assert(124) calculated: D0784B981CF2AFFC [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,104) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,104) wrote 104 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4007]: \PIPE\lsarpc [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« [010] 00 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/05/10 00:23:59, 6] lib/util.c:dump_data(1864) [000] 57 49 4E 32 4B WIN2K [2004/05/10 00:23:59, 6] lib/util.c:dump_data(1864) [000] 54 48 49 4E 4B 50 41 44 THINKPAD [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0067 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0017 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345778 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 89 ab [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000000 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=185 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 103 (0x67) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=118 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 67 00 17 00 09 00 00 00 B8 .......g .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 57 49 4E 32 4B 00 54 48 49 .......W IN2K.THI [070] 4E 4B 50 41 44 00 NKPAD. [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,189) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,189) wrote 189 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... [010] 00 B8 10 B8 10 8D D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 48 00 .......H . [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 ........ .X...... [010] 00 B8 10 B8 10 8D D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 48 00 .......H . [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000009 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d88d [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:23:59, 5] rpc_parse/parse_lsa.c:init_q_open_pol(274) init_open_pol: attr:0 da:33554432 [2004/05/10 00:23:59, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(193) init_lsa_obj_attr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 system_name: 005c [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_obj_attr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 len : 00000018 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c ptr_root_dir: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 ptr_obj_name: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 attributes : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_sec_desc: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c ptr_sec_qos : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 des_access: 02000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0029 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 002a padding : 04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 002b reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c auth_context : 00000001 [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1023) SCHANNEL seq_num=0 [2004/05/10 00:23:59, 10] rpc_parse/parse_prs.c:netsec_encode(1462) SCHANNEL: netsec_encode seq_num=0 data_len=40 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_auth_netsec_chk [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0030 sig : 77 00 ff ff ff ff 00 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 seq_num: a9 75 57 21 c5 24 99 b6 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0040 packet_digest: 25 27 29 3e 0c f0 32 d2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0048 confounder: 0a 0f ae 3c 96 b0 3e 2b [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x6 data_len: 0x68 [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 68 auth_len: 20 alloc_hint: 30 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0068 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000a [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000030 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0006 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=119 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 20 00 0A 00 00 00 30 .......h . .....0 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 44 ........ .......D [050] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 A9 .......w .ÿÿÿÿ..© [060] 75 57 21 C5 24 99 B6 25 27 29 3E 0C F0 32 D2 0A uW!Å$.¶% ')>.ð2Ò. [070] 0F AE 3C 96 B0 3E 2B .®<.°>+ [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,190) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,190) wrote 190 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 58 00 18 00 0A 00 00 ........ .X...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 41 3C F0 ........ .....A<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..ë.É .D...... [040] 00 77 00 FF FF FF FF 00 00 69 B3 B9 F9 20 7E CC .w.ÿÿÿÿ. .i³¹ù ~Ì [050] 6F 08 D6 2E D3 60 11 7B BA o.Ö.Ó`.{ º [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 58 00 18 00 0A 00 00 ........ .X...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 41 3C F0 ........ .....A<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..ë.É .D...... [040] 00 77 00 FF FF FF FF 00 00 69 B3 B9 F9 20 7E CC .w.ÿÿÿÿ. .i³¹ù ~Ì [050] 6F 08 D6 2E D3 60 11 7B BA o.Ö.Ó`.{ º [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0018 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000a [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 88 auth_len: 24 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 08 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:23:59, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336) rpc_auth_pipe: wrong schannel auth len 24 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,45) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,45) wrote 45 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,45) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,45) wrote 45 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=14 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,39) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,39) wrote 39 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=15 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: BUILTIN is an NT4 domain [2004/05/10 00:23:59, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/05/10 00:23:59, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: THINKPAD is an NT4 domain [2004/05/10 00:23:59, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain THINKPAD S-1-5-21-4293987812-3224253196-1760061180 [2004/05/10 00:23:59, 5] nsswitch/winbindd_util.c:add_trusted_domains(207) scanning trusted domain list [2004/05/10 00:23:59, 10] nsswitch/winbindd_cache.c:trusted_domains(1301) trusted_domains: [Cached] - doing backend query for info for domain WIN2K [2004/05/10 00:23:59, 3] nsswitch/winbindd_rpc.c:trusted_domains(925) rpc: trusted_domains [2004/05/10 00:23:59, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=WIN2K [2004/05/10 00:23:59, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'win2k.ranger.dnsalias.com' [2004/05/10 00:23:59, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [ads] [2004/05/10 00:23:59, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up win2k.ranger.dnsalias.com#1c [2004/05/10 00:23:59, 10] lib/gencache.c:gencache_get(286) Cache entry with key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C couldn't be found [2004/05/10 00:23:59, 5] libsmb/namecache.c:namecache_fetch(195) no entry for win2k.ranger.dnsalias.com#1C found. [2004/05/10 00:23:59, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C) [2004/05/10 00:23:59, 8] libsmb/namequery.c:get_dc_list(1300) Adding 0 DC's from auto lookup [2004/05/10 00:23:59, 4] libsmb/namequery.c:get_dc_list(1315) get_dc_list: no servers found [2004/05/10 00:23:59, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for domain 'WIN2K' [2004/05/10 00:23:59, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [wins lmhosts bcast] [2004/05/10 00:23:59, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up WIN2K#1c [2004/05/10 00:23:59, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/WIN2K#1C, value = 192.168.1.246:0,169.254.92.19:0, timeout = Mon May 10 00:29:14 2004 [2004/05/10 00:23:59, 5] libsmb/namecache.c:namecache_fetch(201) name WIN2K#1C found. [2004/05/10 00:23:59, 8] libsmb/namequery.c:get_dc_list(1300) Adding 2 DC's from auto lookup [2004/05/10 00:23:59, 10] libsmb/namequery.c:remove_duplicate_addrs2(319) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/05/10 00:23:59, 4] libsmb/namequery.c:get_dc_list(1376) get_dc_list: returning 2 ip addresses in an unordered list [2004/05/10 00:23:59, 4] libsmb/namequery.c:get_dc_list(1377) get_dc_list: 192.168.1.246:0 169.254.92.19:0 [2004/05/10 00:23:59, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '192.168.1.246' port 389 [2004/05/10 00:23:59, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 192.168.1.246 [2004/05/10 00:23:59, 3] libads/ldap.c:ads_server_info(2029) got ldap server name comanche-w2k@WIN2K.RANGER.DNSALIAS.COM, using bind path: dc=WIN2K,dc=RANGER,dc=DNSALIAS,dc=COM [2004/05/10 00:23:59, 4] libads/ldap.c:ads_server_info(2035) time offset is 126230397 seconds [2004/05/10 00:23:59, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='COMANCHE-W2K' IP=192.168.1.246 [2004/05/10 00:23:59, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(107) IPC$ connections done by user WIN2K\rms [2004/05/10 00:23:59, 10] passdb/secrets.c:secrets_named_mutex(704) secrets_named_mutex: got mutex for COMANCHE-W2K [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=COMANCHE-W2K [2004/05/10 00:23:59, 3] lib/util_sock.c:open_socket_out(735) Connecting to 192.168.1.246 at port 445 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_KEEPALIVE = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_REUSEADDR = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_BROADCAST = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option TCP_NODELAY = 1 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_LOWDELAY = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_THROUGHPUT = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDBUF = 16384 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVBUF = 16384 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDLOWAT = 1 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVLOWAT = 1 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDTIMEO = 0 [2004/05/10 00:23:59, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVTIMEO = 0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,183) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,183) wrote 183 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 173 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=24704 (0x6080) smb_vwv[12]=23415 (0x5B77) smb_vwv[13]= 5201 (0x1451) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=24704 (0x6080) smb_vwv[12]=23415 (0x5B77) smb_vwv[13]= 5201 (0x1451) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:23:59, 5] nsswitch/winbindd_cm.c:cm_open_connection(277) connecting to COMANCHE-W2K from THINKPAD with username [WIN2K]\[rms] [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob length=104) [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 48018 1 2 2 [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 3 6 1 4 1 311 2 2 10 [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737) got principal=comanche-w2k$@WIN2K.RANGER.DNSALIAS.COM [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,164) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,164) wrote 164 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 632 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 88 57 E3 D2 9A F5 39 .0...... @.WãÒ.õ9 [040] 06 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ........ .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 88 57 E3 .....0.. ....@.Wã [130] D2 9A F5 39 06 00 00 00 00 00 00 00 00 B4 00 B4 Ò.õ9.... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 88 57 E3 D2 9A F5 39 .0...... @.WãÒ.õ9 [040] 06 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ........ .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 88 57 E3 .....0.. ....@.Wã [130] D2 9A F5 39 06 00 00 00 00 00 00 00 00 B4 00 B4 Ò.õ9.... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:59, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(974) NTLMSSP challenge set by NTLM2 [2004/05/10 00:23:59, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(975) challenge is: [2004/05/10 00:23:59, 5] lib/util.c:dump_data(1864) [000] E1 BC 2B A2 D0 4D 95 10 á¼+¢ÐM.. [2004/05/10 00:23:59, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/05/10 00:23:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,258) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,258) wrote 258 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 3] libsmb/cliconnect.c:cli_session_setup(854) SPNEGO login failed: Password expired [2004/05/10 00:23:59, 4] nsswitch/winbindd_cm.c:cm_open_connection(286) failed authenticated session setup with NT_STATUS_PASSWORD_EXPIRED [2004/05/10 00:23:59, 5] nsswitch/winbindd_cm.c:cm_open_connection(297) anonymous connection attempt to COMANCHE-W2K from THINKPAD [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,92) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,92) wrote 92 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 127 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,92) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,92) wrote 92 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 48 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 49 50 43 00 00 00 00 IPC.... [2004/05/10 00:23:59, 10] libsmb/clientgen.c:cli_init_creds(212) cli_init_creds: user rms domain WIN2K [2004/05/10 00:23:59, 10] passdb/secrets.c:secrets_named_mutex_release(716) secrets_named_mutex: released mutex for COMANCHE-W2K [2004/05/10 00:23:59, 4] passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext machine password [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,108) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,108) wrote 108 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4006]: \PIPE\NETLOGON [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=87 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0B 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,158) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,158) wrote 158 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 124 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 ........ .D...... [010] 00 B8 10 B8 10 8E D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 ........ .D...... [010] 00 B8 10 B8 10 8E D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000b [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d88e [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:23:59, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from THINKPAD to COMANCHE-W2K: 49A06BE055420A3E [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_req_chal(621) init_q_req_chal: 621 [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_req_chal(630) init_q_req_chal: 630 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00004e smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 004e data: 49 a0 6b e0 55 42 0a 3e [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x4 data_len: 0x6e [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 6e auth_len: 0 alloc_hint: 5e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 006e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000005e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 110 (0x6E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 110 (0x6E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=125 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6E 00 00 00 0C 00 00 00 5E .......n .......^ [020] 00 00 00 00 00 04 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 09 00 00 00 00 00 00 00 09 .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 00 00 49 A0 6B E0 55 42 0A 3E .D...I k àUB.> [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,196) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,196) wrote 196 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 92 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0C 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 69 7E 8A 36 CF CC 2C ........ .i~.6ÏÌ, [020] 75 00 00 00 00 u.... [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0C 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 69 7E 8A 36 CF CC 2C ........ .i~.6ÏÌ, [020] 75 00 00 00 00 u.... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 36 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 36 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 69 7e 8a 36 cf cc 2c 75 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 49A06BE055420A3E [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 697E8A36CFCC2C75 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : B21EF616240F37B3 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_session_key(64) sess_key : 1433A843EE827663 [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(92) sess_key : 1433A843EE827663 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(93) stor_cred: 49A06BE055420A3E [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(95) timecred : 49A06BE055420A3E [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(96) calc_cred: EFB8BBCD23DF94AD [2004/05/10 00:23:59, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) cli_net_auth2: srv:\\COMANCHE-W2K acct:THINKPAD$ sc:2 mc: THINKPAD chal EFB8BBCD23DF94AD neg: 400701ff [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_auth_2(742) init_q_auth_2: 742 [2004/05/10 00:23:59, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/05/10 00:23:59, 5] rpc_parse/parse_net.c:init_q_auth_2(748) init_q_auth_2: 748 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 0000000a [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 0000000a [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D.$... [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0050 sec_chan: 0002 [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000052 smb_io_unistr2 unistr2 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_max_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 offset : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c uni_str_len: 00000009 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0060 buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0072 data: ef b8 bb cd 23 df 94 ad [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00007a net_io_neg_flags [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c neg_flags: 400701ff [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0xf data_len: 0x98 [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 98 auth_len: 0 alloc_hint: 88 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000d [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000088 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=167 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 00 00 0D 00 00 00 88 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 24 00 00 00 02 00 00 00 09 00 00 00 00 .D.$.... ........ [080] 00 00 00 09 00 00 00 54 00 48 00 49 00 4E 00 4B .......T .H.I.N.K [090] 00 50 00 41 00 44 00 00 00 EF B8 BB CD 23 DF 94 .P.A.D.. .︻Í#ß. [0A0] AD 00 00 FF 01 07 40 ­..ÿ..@ [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,238) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,238) wrote 238 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 96 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0D 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D3 A1 75 12 16 7C 6F ........ .Ó¡u..|o [020] 63 FF 01 07 40 00 00 00 00 cÿ..@... . [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0D 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D3 A1 75 12 16 7C 6F ........ .Ó¡u..|o [020] 63 FF 01 07 40 00 00 00 00 cÿ..@... . [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 40 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0028 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000d [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 40 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: d3 a1 75 12 16 7c 6f 63 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(92) sess_key : 1433A843EE827663 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(93) stor_cred: 697E8A36CFCC2C75 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(95) timecred : 697E8A36CFCC2C75 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_create(96) calc_cred: D3A17512167C6F63 [2004/05/10 00:23:59, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_assert(123) challenge : D3A17512167C6F63 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_assert(124) calculated: D3A17512167C6F63 [2004/05/10 00:23:59, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,104) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,104) wrote 104 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4007]: \PIPE\lsarpc [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« [010] 00 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/05/10 00:23:59, 6] lib/util.c:dump_data(1864) [000] 57 49 4E 32 4B WIN2K [2004/05/10 00:23:59, 6] lib/util.c:dump_data(1864) [000] 54 48 49 4E 4B 50 41 44 THINKPAD [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0067 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0017 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000e [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345778 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 89 ab [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000000 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=185 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 103 (0x67) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=118 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 67 00 17 00 0E 00 00 00 B8 .......g .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 57 49 4E 32 4B 00 54 48 49 .......W IN2K.THI [070] 4E 4B 50 41 44 00 NKPAD. [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,189) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,189) wrote 189 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 0E 00 00 ........ .X...... [010] 00 B8 10 B8 10 8F D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 0E 00 00 ........ .X...... [010] 00 B8 10 B8 10 8F D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000e [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:23:59, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d88f [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:23:59, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:23:59, 5] rpc_parse/parse_lsa.c:init_q_open_pol(274) init_open_pol: attr:0 da:33554432 [2004/05/10 00:23:59, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(193) init_lsa_obj_attr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr : 00000001 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 system_name: 005c [2004/05/10 00:23:59, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_obj_attr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 len : 00000018 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c ptr_root_dir: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 ptr_obj_name: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 attributes : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 ptr_sec_desc: 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c ptr_sec_qos : 00000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 des_access: 02000000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000028 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0029 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 002a padding : 04 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 002b reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c auth_context : 00000001 [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1023) SCHANNEL seq_num=0 [2004/05/10 00:23:59, 10] rpc_parse/parse_prs.c:netsec_encode(1462) SCHANNEL: netsec_encode seq_num=0 data_len=40 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_auth_netsec_chk [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0030 sig : 77 00 ff ff ff ff 00 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 seq_num: 56 51 a2 6a 20 c8 13 9b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0040 packet_digest: 30 80 1d 5c 71 9f 67 4b [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0048 confounder: 39 bc cb 35 eb b7 5c 1c [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x6 data_len: 0x68 [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 68 auth_len: 20 alloc_hint: 30 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0068 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000030 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0006 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=119 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 20 00 0F 00 00 00 30 .......h . .....0 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 44 ........ .......D [050] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 56 .......w .ÿÿÿÿ..V [060] 51 A2 6A 20 C8 13 9B 30 80 1D 5C 71 9F 67 4B 39 Q¢j È..0 ..\q.gK9 [070] BC CB 35 EB B7 5C 1C ¼Ë5ë·\. [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,190) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,190) wrote 190 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 58 00 18 00 0F 00 00 ........ .X...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 42 3C F0 ........ .....B<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..ë.É .D...... [040] 00 77 00 FF FF FF FF 00 00 00 3F A9 89 9B 71 5D .w.ÿÿÿÿ. ..?©..q] [050] C3 74 8D 90 9B 01 12 7E 28 Ãt.....~ ( [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:23:59, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 58 00 18 00 0F 00 00 ........ .X...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 42 3C F0 ........ .....B<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..ë.É .D...... [040] 00 77 00 FF FF FF FF 00 00 00 3F A9 89 9B 71 5D .w.ÿÿÿÿ. ..?©..q] [050] C3 74 8D 90 9B 01 12 7E 28 Ãt.....~ ( [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0018 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 0000000f [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:23:59, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 88 auth_len: 24 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:23:59, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 08 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:23:59, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:23:59, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336) rpc_auth_pipe: wrong schannel auth len 24 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,45) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,45) wrote 45 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,45) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,45) wrote 45 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=14 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(432) write_socket(16,39) [2004/05/10 00:23:59, 6] lib/util_sock.c:write_socket(435) write_socket(16,39) wrote 39 [2004/05/10 00:23:59, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:23:59, 5] lib/util.c:show_msg(456) [2004/05/10 00:23:59, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=15 smt_wct=0 smb_bcc=0 [2004/05/10 00:23:59, 10] nsswitch/winbindd_util.c:open_winbindd_socket(673) open_winbindd_socket: opened socket fd 16 [2004/05/10 00:23:59, 10] nsswitch/winbindd_util.c:open_winbindd_priv_socket(685) open_winbindd_priv_socket: opened socket fd 18 [2004/05/10 00:24:00, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 19 [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn INTERFACE_VERSION [2004/05/10 00:24:00, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [10525]: request interface version [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2004/05/10 00:24:00, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [10525]: request location of privileged pipe [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:client_write(557) client_write: need to write 37 extra data bytes. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 37 bytes. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:client_write(546) client_write: client_write: complete response written. [2004/05/10 00:24:00, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 20 [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/10 00:24:00, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 19, pid 10525: EOF [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/10 00:24:00, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn CHECK_MACHACC [2004/05/10 00:24:00, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41) [10525]: check machine account [2004/05/10 00:24:00, 4] passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext machine password [2004/05/10 00:24:00, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=WIN2K [2004/05/10 00:24:00, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'win2k.ranger.dnsalias.com' [2004/05/10 00:24:00, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [ads] [2004/05/10 00:24:00, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up win2k.ranger.dnsalias.com#1c [2004/05/10 00:24:00, 10] lib/gencache.c:gencache_get(286) Cache entry with key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C couldn't be found [2004/05/10 00:24:00, 5] libsmb/namecache.c:namecache_fetch(195) no entry for win2k.ranger.dnsalias.com#1C found. [2004/05/10 00:24:00, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C) [2004/05/10 00:24:00, 8] libsmb/namequery.c:get_dc_list(1300) Adding 0 DC's from auto lookup [2004/05/10 00:24:00, 4] libsmb/namequery.c:get_dc_list(1315) get_dc_list: no servers found [2004/05/10 00:24:00, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for domain 'WIN2K' [2004/05/10 00:24:00, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [wins lmhosts bcast] [2004/05/10 00:24:00, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up WIN2K#1c [2004/05/10 00:24:00, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/WIN2K#1C, value = 192.168.1.246:0,169.254.92.19:0, timeout = Mon May 10 00:29:14 2004 [2004/05/10 00:24:00, 5] libsmb/namecache.c:namecache_fetch(201) name WIN2K#1C found. [2004/05/10 00:24:00, 8] libsmb/namequery.c:get_dc_list(1300) Adding 2 DC's from auto lookup [2004/05/10 00:24:00, 10] libsmb/namequery.c:remove_duplicate_addrs2(319) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/05/10 00:24:00, 4] libsmb/namequery.c:get_dc_list(1376) get_dc_list: returning 2 ip addresses in an unordered list [2004/05/10 00:24:00, 4] libsmb/namequery.c:get_dc_list(1377) get_dc_list: 192.168.1.246:0 169.254.92.19:0 [2004/05/10 00:24:00, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '192.168.1.246' port 389 [2004/05/10 00:24:00, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 192.168.1.246 [2004/05/10 00:24:00, 3] libads/ldap.c:ads_server_info(2029) got ldap server name comanche-w2k@WIN2K.RANGER.DNSALIAS.COM, using bind path: dc=WIN2K,dc=RANGER,dc=DNSALIAS,dc=COM [2004/05/10 00:24:00, 4] libads/ldap.c:ads_server_info(2035) time offset is 126230398 seconds [2004/05/10 00:24:00, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='COMANCHE-W2K' IP=192.168.1.246 [2004/05/10 00:24:00, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(107) IPC$ connections done by user WIN2K\rms [2004/05/10 00:24:00, 10] passdb/secrets.c:secrets_named_mutex(704) secrets_named_mutex: got mutex for COMANCHE-W2K [2004/05/10 00:24:00, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=COMANCHE-W2K [2004/05/10 00:24:00, 3] lib/util_sock.c:open_socket_out(735) Connecting to 192.168.1.246 at port 445 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_KEEPALIVE = 0 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_REUSEADDR = 0 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_BROADCAST = 0 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option TCP_NODELAY = 1 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_LOWDELAY = 0 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_THROUGHPUT = 0 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDBUF = 16384 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVBUF = 16384 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDLOWAT = 1 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVLOWAT = 1 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDTIMEO = 0 [2004/05/10 00:24:01, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVTIMEO = 0 [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,183) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,183) wrote 183 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 173 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=53376 (0xD080) smb_vwv[12]=31813 (0x7C45) smb_vwv[13]= 5202 (0x1452) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=53376 (0xD080) smb_vwv[12]=31813 (0x7C45) smb_vwv[13]= 5202 (0x1452) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:24:01, 5] nsswitch/winbindd_cm.c:cm_open_connection(277) connecting to COMANCHE-W2K from THINKPAD with username [WIN2K]\[rms] [2004/05/10 00:24:01, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob length=104) [2004/05/10 00:24:01, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 48018 1 2 2 [2004/05/10 00:24:01, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 3 6 1 4 1 311 2 2 10 [2004/05/10 00:24:01, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737) got principal=comanche-w2k$@WIN2K.RANGER.DNSALIAS.COM [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,164) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,164) wrote 164 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 632 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 F7 3C 83 AB 0B 83 AB .0...... @÷<.«..« [040] FD 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ý....... .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 F7 3C 83 .....0.. ....@÷<. [130] AB 0B 83 AB FD 00 00 00 00 00 00 00 00 B4 00 B4 «..«ý... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 F7 3C 83 AB 0B 83 AB .0...... @÷<.«..« [040] FD 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ý....... .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 F7 3C 83 .....0.. ....@÷<. [130] AB 0B 83 AB FD 00 00 00 00 00 00 00 00 B4 00 B4 «..«ý... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:24:01, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2004/05/10 00:24:01, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:24:01, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2004/05/10 00:24:01, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:24:01, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(974) NTLMSSP challenge set by NTLM2 [2004/05/10 00:24:01, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(975) challenge is: [2004/05/10 00:24:01, 5] lib/util.c:dump_data(1864) [000] B7 80 AA A5 F6 A5 E7 E0 ·.ª¥ö¥çà [2004/05/10 00:24:01, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/05/10 00:24:01, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,258) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,258) wrote 258 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:01, 3] libsmb/cliconnect.c:cli_session_setup(854) SPNEGO login failed: Password expired [2004/05/10 00:24:01, 4] nsswitch/winbindd_cm.c:cm_open_connection(286) failed authenticated session setup with NT_STATUS_PASSWORD_EXPIRED [2004/05/10 00:24:01, 5] nsswitch/winbindd_cm.c:cm_open_connection(297) anonymous connection attempt to COMANCHE-W2K from THINKPAD [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,92) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,92) wrote 92 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 127 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,92) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,92) wrote 92 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 48 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 49 50 43 00 00 00 00 IPC.... [2004/05/10 00:24:01, 10] libsmb/clientgen.c:cli_init_creds(212) cli_init_creds: user rms domain WIN2K [2004/05/10 00:24:01, 10] passdb/secrets.c:secrets_named_mutex_release(716) secrets_named_mutex: released mutex for COMANCHE-W2K [2004/05/10 00:24:01, 4] passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext machine password [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,108) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,108) wrote 108 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4006]: \PIPE\NETLOGON [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000010 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=87 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 10 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,158) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,158) wrote 158 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 124 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 10 00 00 ........ .D...... [010] 00 B8 10 B8 10 90 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 10 00 00 ........ .D...... [010] 00 B8 10 B8 10 90 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 20 01 00 00 00 00 00 00 \lsass.. ....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000010 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/05/10 00:24:01, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d890 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:24:01, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from THINKPAD to COMANCHE-W2K: 5F1F7BC3EB4A88F2 [2004/05/10 00:24:01, 5] rpc_parse/parse_net.c:init_q_req_chal(621) init_q_req_chal: 621 [2004/05/10 00:24:01, 5] rpc_parse/parse_net.c:init_q_req_chal(630) init_q_req_chal: 630 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 00000009 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 00000009 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00004e smb_io_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 004e data: 5f 1f 7b c3 eb 4a 88 f2 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x4 data_len: 0x6e [2004/05/10 00:24:01, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 6e auth_len: 0 alloc_hint: 5e [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 006e [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000011 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000005e [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 110 (0x6E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 110 (0x6E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=125 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6E 00 00 00 11 00 00 00 5E .......n .......^ [020] 00 00 00 00 00 04 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 09 00 00 00 00 00 00 00 09 .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 00 00 5F 1F 7B C3 EB 4A 88 F2 .D..._.{ ÃëJ.ò [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,196) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,196) wrote 196 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 92 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 5E FC 98 23 4E 76 13 ........ .^ü.#Nv. [020] 21 00 00 00 00 !.... [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 11 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 5E FC 98 23 4E 76 13 ........ .^ü.#Nv. [020] 21 00 00 00 00 !.... [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 36 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000011 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 36 [2004/05/10 00:24:01, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 5e fc 98 23 4e 76 13 21 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/05/10 00:24:01, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 5F1F7BC3EB4A88F2 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 5EFC98234E761321 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : BD1B14E739C19B13 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_session_key(64) sess_key : DD7BB61561059D17 [2004/05/10 00:24:01, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(92) sess_key : DD7BB61561059D17 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(93) stor_cred: 5F1F7BC3EB4A88F2 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(95) timecred : 5F1F7BC3EB4A88F2 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(96) calc_cred: 47115B81DF75CADE [2004/05/10 00:24:01, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) cli_net_auth2: srv:\\COMANCHE-W2K acct:THINKPAD$ sc:2 mc: THINKPAD chal 47115B81DF75CADE neg: 400701ff [2004/05/10 00:24:01, 5] rpc_parse/parse_net.c:init_q_auth_2(742) init_q_auth_2: 742 [2004/05/10 00:24:01, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/05/10 00:24:01, 5] rpc_parse/parse_net.c:init_q_auth_2(748) init_q_auth_2: 748 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 0000000a [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 0000000a [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D.$... [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0050 sec_chan: 0002 [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000052 smb_io_unistr2 unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_max_len: 00000009 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c uni_str_len: 00000009 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0060 buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 smb_io_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0072 data: 47 11 5b 81 df 75 ca de [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00007a net_io_neg_flags [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c neg_flags: 400701ff [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0xf data_len: 0x98 [2004/05/10 00:24:01, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 98 auth_len: 0 alloc_hint: 88 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000012 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000088 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=167 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 00 00 12 00 00 00 88 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 24 00 00 00 02 00 00 00 09 00 00 00 00 .D.$.... ........ [080] 00 00 00 09 00 00 00 54 00 48 00 49 00 4E 00 4B .......T .H.I.N.K [090] 00 50 00 41 00 44 00 00 00 47 11 5B 81 DF 75 CA .P.A.D.. .G.[.ßuÊ [0A0] DE 00 00 FF 01 07 40 Þ..ÿ..@ [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,238) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,238) wrote 238 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 96 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 05 81 AB 2E F3 5A 2E ........ ...«.óZ. [020] AA FF 01 07 40 00 00 00 00 ªÿ..@... . [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 12 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 05 81 AB 2E F3 5A 2E ........ ...«.óZ. [020] AA FF 01 07 40 00 00 00 00 ªÿ..@... . [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 40 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0028 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000012 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 40 [2004/05/10 00:24:01, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: 05 81 ab 2e f3 5a 2e aa [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/05/10 00:24:01, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(92) sess_key : DD7BB61561059D17 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(93) stor_cred: 5EFC98234E761321 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(95) timecred : 5EFC98234E761321 [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_create(96) calc_cred: 0581AB2EF35A2EAA [2004/05/10 00:24:01, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_assert(123) challenge : 0581AB2EF35A2EAA [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_assert(124) calculated: 0581AB2EF35A2EAA [2004/05/10 00:24:01, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,108) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,108) wrote 108 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4007]: \PIPE\NETLOGON [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/05/10 00:24:01, 6] lib/util.c:dump_data(1864) [000] 57 49 4E 32 4B WIN2K [2004/05/10 00:24:01, 6] lib/util.c:dump_data(1864) [000] 54 48 49 4E 4B 50 41 44 THINKPAD [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0067 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0017 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000013 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=185 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 103 (0x67) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=118 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 67 00 17 00 13 00 00 00 B8 .......g .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 57 49 4E 32 4B 00 54 48 49 .......W IN2K.THI [070] 4E 4B 50 41 44 00 NKPAD. [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,189) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,189) wrote 189 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 13 00 00 ........ .X...... [010] 00 B8 10 B8 10 91 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 13 00 00 ........ .X...... [010] 00 B8 10 B8 10 91 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000013 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:24:01, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:24:01, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d891 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:24:01, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:24:01, 10] passdb/secrets.c:secrets_named_mutex(704) secrets_named_mutex: got mutex for NETLOGON\COMANCHE-W2K [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,45) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,45) wrote 45 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:01, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from THINKPAD to COMANCHE-W2K: 2025C3C682363544 [2004/05/10 00:24:01, 5] rpc_parse/parse_net.c:init_q_req_chal(621) init_q_req_chal: 621 [2004/05/10 00:24:01, 5] rpc_parse/parse_net.c:init_q_req_chal(630) init_q_req_chal: 630 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 00000009 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 00000009 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:24:01, 6] rpc_parse/parse_prs.c:prs_debug(82) 00004e smb_io_chal [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 004e data: 20 25 c3 c6 82 36 35 44 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000058 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0058 auth_type : 44 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0059 auth_level : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 005a padding : 02 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 005b reserved : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c auth_context : 00000001 [2004/05/10 00:24:01, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1023) SCHANNEL seq_num=0 [2004/05/10 00:24:01, 10] rpc_parse/parse_prs.c:netsec_encode(1462) SCHANNEL: netsec_encode seq_num=0 data_len=88 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000060 smb_io_rpc_auth_netsec_chk [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0060 sig : 77 00 ff ff ff ff 00 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0068 seq_num: f2 87 d3 b9 4e cd 6b c1 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0070 packet_digest: 15 11 42 66 79 f5 2d 4a [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0078 confounder: e5 ef 54 f5 a9 63 fb 4b [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x4 data_len: 0x98 [2004/05/10 00:24:01, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 98 auth_len: 20 alloc_hint: 60 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000014 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000060 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=167 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 20 00 14 00 00 00 60 ........ . .....` [020] 00 00 00 00 00 04 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 09 00 00 00 00 00 00 00 09 .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 00 00 20 25 C3 C6 82 36 35 44 00 00 44 .D... %à Æ.65D..D [080] 05 02 00 01 00 00 00 77 00 FF FF FF FF 00 00 F2 .......w .ÿÿÿÿ..ò [090] 87 D3 B9 4E CD 6B C1 15 11 42 66 79 F5 2D 4A E5 .Ó¹NÍkÁ. .Bfyõ-Jå [0A0] EF 54 F5 A9 63 FB 4B ïTõ©cûK [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,238) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,238) wrote 238 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 128 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 48 00 18 00 14 00 00 ........ .H...... [010] 00 0C 00 00 00 00 00 00 00 E6 94 9E E0 8E 89 BC ........ .æ..à..¼ [020] 82 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 ........ .D...... [030] 00 77 00 FF FF FF FF 00 00 C1 7D 0C E6 F5 E1 1E .w.ÿÿÿÿ. .Á}.æõá. [040] D0 52 83 22 9C F8 68 6B 34 ÐR.".øhk 4 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2004/05/10 00:24:01, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 48 00 18 00 14 00 00 ........ .H...... [010] 00 0C 00 00 00 00 00 00 00 E6 94 9E E0 8E 89 BC ........ .æ..à..¼ [020] 82 00 00 00 00 00 00 00 00 44 05 04 00 01 00 00 ........ .D...... [030] 00 77 00 FF FF FF FF 00 00 C1 7D 0C E6 F5 E1 1E .w.ÿÿÿÿ. .Á}.æõá. [040] D0 52 83 22 9C F8 68 6B 34 ÐR.".øhk 4 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 72 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0018 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000014 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 72 [2004/05/10 00:24:01, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 72 auth_len: 24 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:24:01, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 04 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:24:01, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:24:01, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336) rpc_auth_pipe: wrong schannel auth len 24 [2004/05/10 00:24:01, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(249) cli_nt_setup_creds: request challenge failed [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,45) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,45) wrote 45 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=14 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:01, 10] passdb/secrets.c:secrets_named_mutex_release(716) secrets_named_mutex: released mutex for NETLOGON\COMANCHE-W2K [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(432) write_socket(19,39) [2004/05/10 00:24:01, 6] lib/util_sock.c:write_socket(435) write_socket(19,39) wrote 39 [2004/05/10 00:24:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:01, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:01, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=15 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:01, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68) could not open handle to NETLOGON pipe [2004/05/10 00:24:01, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98) Checking the trust account password returned NT_STATUS_UNSUCCESSFUL [2004/05/10 00:24:01, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/10 00:24:01, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/10 00:24:01, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 20, pid 10525: EOF [2004/05/10 00:24:04, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 19 [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn INTERFACE_VERSION [2004/05/10 00:24:04, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [10527]: request interface version [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2004/05/10 00:24:04, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [10527]: request location of privileged pipe [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:client_write(557) client_write: need to write 37 extra data bytes. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 37 bytes. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:client_write(546) client_write: client_write: complete response written. [2004/05/10 00:24:04, 6] nsswitch/winbindd.c:new_connection(343) accepted socket 20 [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/10 00:24:04, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 19, pid 10527: EOF [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 1824 bytes. Need 0 more for a full request. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:process_request(308) process_request: request fn LIST_USERS [2004/05/10 00:24:04, 3] nsswitch/winbindd_user.c:winbindd_list_users(592) [10527]: list users [2004/05/10 00:24:04, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(272) fetch_cache_seqnum: invalid data size key [SEQNUM/WIN2K] [2004/05/10 00:24:04, 10] nsswitch/winbindd_rpc.c:sequence_number(850) rpc: fetch sequence_number for WIN2K [2004/05/10 00:24:04, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=WIN2K [2004/05/10 00:24:04, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'win2k.ranger.dnsalias.com' [2004/05/10 00:24:04, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [ads] [2004/05/10 00:24:04, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up win2k.ranger.dnsalias.com#1c [2004/05/10 00:24:04, 10] lib/gencache.c:gencache_get(286) Cache entry with key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C couldn't be found [2004/05/10 00:24:04, 5] libsmb/namecache.c:namecache_fetch(195) no entry for win2k.ranger.dnsalias.com#1C found. [2004/05/10 00:24:04, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/WIN2K.RANGER.DNSALIAS.COM#1C) [2004/05/10 00:24:04, 8] libsmb/namequery.c:get_dc_list(1300) Adding 0 DC's from auto lookup [2004/05/10 00:24:04, 4] libsmb/namequery.c:get_dc_list(1315) get_dc_list: no servers found [2004/05/10 00:24:04, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for domain 'WIN2K' [2004/05/10 00:24:04, 8] libsmb/namequery.c:get_sorted_dc_list(1402) get_sorted_dc_list: attempting lookup using [wins lmhosts bcast] [2004/05/10 00:24:04, 10] libsmb/namequery.c:internal_resolve_name(1013) internal_resolve_name: looking up WIN2K#1c [2004/05/10 00:24:04, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/WIN2K#1C, value = 192.168.1.246:0,169.254.92.19:0, timeout = Mon May 10 00:29:14 2004 [2004/05/10 00:24:04, 5] libsmb/namecache.c:namecache_fetch(201) name WIN2K#1C found. [2004/05/10 00:24:04, 8] libsmb/namequery.c:get_dc_list(1300) Adding 2 DC's from auto lookup [2004/05/10 00:24:04, 10] libsmb/namequery.c:remove_duplicate_addrs2(319) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/05/10 00:24:04, 4] libsmb/namequery.c:get_dc_list(1376) get_dc_list: returning 2 ip addresses in an unordered list [2004/05/10 00:24:04, 4] libsmb/namequery.c:get_dc_list(1377) get_dc_list: 192.168.1.246:0 169.254.92.19:0 [2004/05/10 00:24:04, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '192.168.1.246' port 389 [2004/05/10 00:24:04, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 192.168.1.246 [2004/05/10 00:24:04, 3] libads/ldap.c:ads_server_info(2029) got ldap server name comanche-w2k@WIN2K.RANGER.DNSALIAS.COM, using bind path: dc=WIN2K,dc=RANGER,dc=DNSALIAS,dc=COM [2004/05/10 00:24:04, 4] libads/ldap.c:ads_server_info(2035) time offset is 126230397 seconds [2004/05/10 00:24:04, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='COMANCHE-W2K' IP=192.168.1.246 [2004/05/10 00:24:04, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(107) IPC$ connections done by user WIN2K\rms [2004/05/10 00:24:04, 10] passdb/secrets.c:secrets_named_mutex(704) secrets_named_mutex: got mutex for COMANCHE-W2K [2004/05/10 00:24:04, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=COMANCHE-W2K [2004/05/10 00:24:04, 3] lib/util_sock.c:open_socket_out(735) Connecting to 192.168.1.246 at port 445 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_KEEPALIVE = 0 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_REUSEADDR = 0 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_BROADCAST = 0 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option TCP_NODELAY = 1 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_LOWDELAY = 0 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_THROUGHPUT = 0 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDBUF = 16384 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVBUF = 16384 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDLOWAT = 1 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVLOWAT = 1 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDTIMEO = 0 [2004/05/10 00:24:04, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVTIMEO = 0 [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,183) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,183) wrote 183 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 173 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=24704 (0x6080) smb_vwv[12]=20836 (0x5164) smb_vwv[13]= 5204 (0x1454) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=173 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10516 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=24704 (0x6080) smb_vwv[12]=20836 (0x5164) smb_vwv[13]= 5204 (0x1454) smb_vwv[14]=50230 (0xC436) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=104 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 31 E5 3B F7 7C 29 A0 41 AD EB 70 C8 11 7E 0C A7 1å;÷|) A ­ëpÈ.~.§ [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 19 `V..+... .. L0J . [020] 30 17 06 09 2A 86 48 82 F7 12 01 02 02 06 0A 2B 0...*.H. ÷......+ [030] 06 01 04 01 82 37 02 02 0A A3 2D 30 2B A0 29 1B .....7.. .£-0+ ). [040] 27 63 6F 6D 61 6E 63 68 65 2D 77 32 6B 24 40 57 'comanch e-w2k$@W [050] 49 4E 32 4B 2E 52 41 4E 47 45 52 2E 44 4E 53 41 IN2K.RAN GER.DNSA [060] 4C 49 41 53 2E 43 4F 4D LIAS.COM [2004/05/10 00:24:04, 5] nsswitch/winbindd_cm.c:cm_open_connection(277) connecting to COMANCHE-W2K from THINKPAD with username [WIN2K]\[rms] [2004/05/10 00:24:04, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob length=104) [2004/05/10 00:24:04, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 48018 1 2 2 [2004/05/10 00:24:04, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 3 6 1 4 1 311 2 2 10 [2004/05/10 00:24:04, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737) got principal=comanche-w2k$@WIN2K.RANGER.DNSALIAS.COM [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,164) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,164) wrote 164 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 632 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 5D DA 0A 4D 6A 53 A6 .0...... @]Ú.MjS¦ [040] 17 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ........ .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 5D DA 0A .....0.. ....@]Ú. [130] 4D 6A 53 A6 17 00 00 00 00 00 00 00 00 B4 00 B4 MjS¦.... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=632 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 632 (0x278) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 515 (0x203) smb_bcc=589 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] A1 82 01 FF 30 82 01 FB A0 03 0A 01 01 A1 0C 06 ¡..ÿ0..û  ....¡.. [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 F1 04 81 .+.....7 ...¢.ñ.. [020] EE 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A 00 0A îNTLMSSP ........ [030] 00 30 00 00 00 15 02 89 40 5D DA 0A 4D 6A 53 A6 .0...... @]Ú.MjS¦ [040] 17 00 00 00 00 00 00 00 00 B4 00 B4 00 3A 00 00 ........ .´.´.:.. [050] 00 57 00 49 00 4E 00 32 00 4B 00 02 00 0A 00 57 .W.I.N.2 .K.....W [060] 00 49 00 4E 00 32 00 4B 00 01 00 18 00 43 00 4F .I.N.2.K .....C.O [070] 00 4D 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 .M.A.N.C .H.E.-.W [080] 00 32 00 4B 00 04 00 32 00 77 00 69 00 6E 00 32 .2.K...2 .w.i.n.2 [090] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0A0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [0B0] 00 73 00 2E 00 63 00 6F 00 6D 00 03 00 4C 00 63 .s...c.o .m...L.c [0C0] 00 6F 00 6D 00 61 00 6E 00 63 00 68 00 65 00 2D .o.m.a.n .c.h.e.- [0D0] 00 77 00 32 00 6B 00 2E 00 77 00 69 00 6E 00 32 .w.2.k.. .w.i.n.2 [0E0] 00 6B 00 2E 00 72 00 61 00 6E 00 67 00 65 00 72 .k...r.a .n.g.e.r [0F0] 00 2E 00 64 00 6E 00 73 00 61 00 6C 00 69 00 61 ...d.n.s .a.l.i.a [100] 00 73 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 A3 .s...c.o .m.....£ [110] 81 F1 04 81 EE 4E 54 4C 4D 53 53 50 00 02 00 00 .ñ..îNTL MSSP.... [120] 00 0A 00 0A 00 30 00 00 00 15 02 89 40 5D DA 0A .....0.. ....@]Ú. [130] 4D 6A 53 A6 17 00 00 00 00 00 00 00 00 B4 00 B4 MjS¦.... .....´.´ [140] 00 3A 00 00 00 57 00 49 00 4E 00 32 00 4B 00 02 .:...W.I .N.2.K.. [150] 00 0A 00 57 00 49 00 4E 00 32 00 4B 00 01 00 18 ...W.I.N .2.K.... [160] 00 43 00 4F 00 4D 00 41 00 4E 00 43 00 48 00 45 .C.O.M.A .N.C.H.E [170] 00 2D 00 57 00 32 00 4B 00 04 00 32 00 77 00 69 .-.W.2.K ...2.w.i [180] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [190] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1A0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 03 .i.a.s.. .c.o.m.. [1B0] 00 4C 00 63 00 6F 00 6D 00 61 00 6E 00 63 00 68 .L.c.o.m .a.n.c.h [1C0] 00 65 00 2D 00 77 00 32 00 6B 00 2E 00 77 00 69 .e.-.w.2 .k...w.i [1D0] 00 6E 00 32 00 6B 00 2E 00 72 00 61 00 6E 00 67 .n.2.k.. .r.a.n.g [1E0] 00 65 00 72 00 2E 00 64 00 6E 00 73 00 61 00 6C .e.r...d .n.s.a.l [1F0] 00 69 00 61 00 73 00 2E 00 63 00 6F 00 6D 00 00 .i.a.s.. .c.o.m.. [2004/05/10 00:24:04, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878) Got challenge flags: [2004/05/10 00:24:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:24:04, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900) NTLMSSP: Set final flags: [2004/05/10 00:24:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:24:04, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(974) NTLMSSP challenge set by NTLM2 [2004/05/10 00:24:04, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(975) challenge is: [2004/05/10 00:24:04, 5] lib/util.c:dump_data(1864) [000] FC 41 16 08 C5 49 50 9E üA..ÅIP. [2004/05/10 00:24:04, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/05/10 00:24:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x40080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,258) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,258) wrote 258 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=35 smb_com=0x73 smb_rcls=113 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4098 smb_mid=3 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:04, 3] libsmb/cliconnect.c:cli_session_setup(854) SPNEGO login failed: Password expired [2004/05/10 00:24:04, 4] nsswitch/winbindd_cm.c:cm_open_connection(286) failed authenticated session setup with NT_STATUS_PASSWORD_EXPIRED [2004/05/10 00:24:04, 5] nsswitch/winbindd_cm.c:cm_open_connection(297) anonymous connection attempt to COMANCHE-W2K from THINKPAD [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,92) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,92) wrote 92 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 127 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=127 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=10516 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 127 (0x7F) smb_vwv[ 2]= 0 (0x0) smb_bcc=86 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 4D 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 MW.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 57 00 49 00 4E .a.g.e.r ...W.I.N [050] 00 32 00 4B 00 00 .2.K.. [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,92) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,92) wrote 92 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 48 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 49 50 43 00 00 00 00 IPC.... [2004/05/10 00:24:04, 10] libsmb/clientgen.c:cli_init_creds(212) cli_init_creds: user rms domain WIN2K [2004/05/10 00:24:04, 10] passdb/secrets.c:secrets_named_mutex_release(716) secrets_named_mutex: released mutex for COMANCHE-W2K [2004/05/10 00:24:04, 4] passdb/secrets.c:secrets_fetch_trust_account_password(261) Using cleartext machine password [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,108) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,108) wrote 108 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4006]: \PIPE\NETLOGON [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû [010] 01 00 00 00 .... [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0048 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000015 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345678 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 cf fb [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=87 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 15 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,158) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,158) wrote 158 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 124 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... [010] 00 B8 10 B8 10 92 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... [010] 00 B8 10 B8 10 92 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 68 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0044 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000015 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 68 [2004/05/10 00:24:04, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d892 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:24:04, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from THINKPAD to COMANCHE-W2K: 311675008577B4F7 [2004/05/10 00:24:04, 5] rpc_parse/parse_net.c:init_q_req_chal(621) init_q_req_chal: 621 [2004/05/10 00:24:04, 5] rpc_parse/parse_net.c:init_q_req_chal(630) init_q_req_chal: 630 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_req_chal [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 00000009 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 00000009 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 00004e smb_io_chal [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 004e data: 31 16 75 00 85 77 b4 f7 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x4 data_len: 0x6e [2004/05/10 00:24:04, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 6e auth_len: 0 alloc_hint: 5e [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 006e [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000016 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000005e [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0004 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 110 (0x6E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 110 (0x6E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=125 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6E 00 00 00 16 00 00 00 5E .......n .......^ [020] 00 00 00 00 00 04 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 09 00 00 00 00 00 00 00 09 .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 00 00 31 16 75 00 85 77 B4 F7 .D...1.u ..w´÷ [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,196) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,196) wrote 196 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 92 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 BE 07 D3 8D 14 FC 73 ........ .¾.Ó..üs [020] 52 00 00 00 00 R.... [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 BE 07 D3 8D 14 FC 73 ........ .¾.Ó..üs [020] 52 00 00 00 00 R.... [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 36 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0024 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000016 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 0000000c [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 36 [2004/05/10 00:24:04, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_req_chal [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: be 07 d3 8d 14 fc 73 52 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2004/05/10 00:24:04, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 311675008577B4F7 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : BE07D38D14FC7352 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : EF1D488E9973284A [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_session_key(64) sess_key : A96EB22C06653881 [2004/05/10 00:24:04, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(92) sess_key : A96EB22C06653881 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(93) stor_cred: 311675008577B4F7 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(95) timecred : 311675008577B4F7 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(96) calc_cred: E92953F2774BB3D1 [2004/05/10 00:24:04, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) cli_net_auth2: srv:\\COMANCHE-W2K acct:THINKPAD$ sc:2 mc: THINKPAD chal E92953F2774BB3D1 neg: 400701ff [2004/05/10 00:24:04, 5] rpc_parse/parse_net.c:init_q_auth_2(742) init_q_auth_2: 742 [2004/05/10 00:24:04, 5] rpc_parse/parse_misc.c:init_log_info(1336) make_log_info 1336 [2004/05/10 00:24:04, 5] rpc_parse/parse_net.c:init_q_auth_2(748) init_q_auth_2: 748 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 net_io_q_auth_2 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_log_info [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 undoc_buffer: 00000001 [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 unistr2 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000f [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000f [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : \.\.C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 00002e smb_io_unistr2 unistr2 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 uni_max_len: 0000000a [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 offset : 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0038 uni_str_len: 0000000a [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 003c buffer : T.H.I.N.K.P.A.D.$... [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0050 sec_chan: 0002 [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000052 smb_io_unistr2 unistr2 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0054 uni_max_len: 00000009 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0058 offset : 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 005c uni_str_len: 00000009 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0060 buffer : T.H.I.N.K.P.A.D... [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000072 smb_io_chal [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0072 data: e9 29 53 f2 77 4b b3 d1 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 00007a net_io_neg_flags [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 007c neg_flags: 400701ff [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0xf data_len: 0x98 [2004/05/10 00:24:04, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 98 auth_len: 0 alloc_hint: 88 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0098 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000017 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000088 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 000f [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4006 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16390 (0x4006) smb_bcc=167 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 00 00 17 00 00 00 88 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0F 00 00 00 00 ........ ........ [030] 00 00 00 0F 00 00 00 5C 00 5C 00 43 00 4F 00 4D .......\ .\.C.O.M [040] 00 41 00 4E 00 43 00 48 00 45 00 2D 00 57 00 32 .A.N.C.H .E.-.W.2 [050] 00 4B 00 00 00 00 00 0A 00 00 00 00 00 00 00 0A .K...... ........ [060] 00 00 00 54 00 48 00 49 00 4E 00 4B 00 50 00 41 ...T.H.I .N.K.P.A [070] 00 44 00 24 00 00 00 02 00 00 00 09 00 00 00 00 .D.$.... ........ [080] 00 00 00 09 00 00 00 54 00 48 00 49 00 4E 00 4B .......T .H.I.N.K [090] 00 50 00 41 00 44 00 00 00 E9 29 53 F2 77 4B B3 .P.A.D.. .é)SòwK³ [0A0] D1 00 00 FF 01 07 40 Ñ..ÿ..@ [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,238) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,238) wrote 238 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 96 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 FD 78 78 AD 4E C6 72 ........ .ýxx­NÆr [020] 79 FF 01 07 40 00 00 00 00 yÿ..@... . [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 FD 78 78 AD 4E C6 72 ........ .ýxx­NÆr [020] 79 FF 01 07 40 00 00 00 00 yÿ..@... . [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 40 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0028 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000017 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000010 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 40 [2004/05/10 00:24:04, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 net_io_r_auth_2 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_chal [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 data: fd 78 78 ad 4e c6 72 79 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 net_io_neg_flags [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 neg_flags: 400701ff [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0024 status: NT_STATUS_OK [2004/05/10 00:24:04, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(92) sess_key : A96EB22C06653881 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(93) stor_cred: BE07D38D14FC7352 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(95) timecred : BE07D38D14FC7352 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_create(96) calc_cred: FD7878AD4EC67279 [2004/05/10 00:24:04, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_assert(123) challenge : FD7878AD4EC67279 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_assert(124) calculated: FD7878AD4EC67279 [2004/05/10 00:24:04, 5] libsmb/credentials.c:cred_assert(128) credentials check ok [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,100) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,100) wrote 100 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 103 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1305) Bind RPC Pipe[4007]: \PIPE\samr [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:valid_pipe_name(1203) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4.Í« ï..#Eg.¬ [010] 01 00 00 00 .... [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:valid_pipe_name(1206) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_auth_netsec_neg netsec_neg [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 type1: 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c type2: 00000003 [2004/05/10 00:24:04, 6] lib/util.c:dump_data(1864) [000] 57 49 4E 32 4B WIN2K [2004/05/10 00:24:04, 6] lib/util.c:dump_data(1864) [000] 54 48 49 4E 4B 50 41 44 THINKPAD [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0b [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0067 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0017 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000018 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_rb [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 num_elements: 00000001 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 001c context_id : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 001e num_syntaxes: 01 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001f smb_io_rpc_iface [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0020 data : 12345778 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0024 data : 1234 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0026 data : abcd [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0028 data : ef 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 002a data : 01 23 45 67 89 ac [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 version: 00000001 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_rpc_iface [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_uuid uuid [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 data : 8a885d04 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0038 data : 1ceb [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 003a data : 11c9 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003c data : 9f e8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003e data : 08 00 2b 10 48 60 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0044 version: 00000002 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=185 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 103 (0x67) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=118 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 67 00 17 00 18 00 00 00 B8 .......g .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.Í«ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 57 49 4E 32 4B 00 54 48 49 .......W IN2K.THI [070] 4E 4B 50 41 44 00 NKPAD. [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,189) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,189) wrote 189 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 ........ .X...... [010] 00 B8 10 B8 10 93 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.Í «....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 ........ .X...... [010] 00 B8 10 B8 10 93 D8 00 00 0C 00 5C 50 49 50 45 .¸.¸..Ø. ...\PIPE [020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.Í «....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 0c [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 000c [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000018 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:24:04, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:24:04, 6] rpc_client/cli_pipe.c:rpc_api_pipe(525) rpc_api_pipe: fragment first and last both set [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(1381) rpc_pipe_bind: rpc_api_pipe returned OK. [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_ba [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_bba [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0010 max_tsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0012 max_rsize: 10b8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 assoc_gid: 0000d893 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_addr_str [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0018 len: 000c [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 001a str: \PIPE\lsass. [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000026 smb_io_rpc_results [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0028 num_results: 01 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002c result : 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 002e reason : 0000 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_iface [2004/05/10 00:24:04, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_uuid uuid [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0030 data : 8a885d04 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0034 data : 1ceb [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0036 data : 11c9 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 data : 9f e8 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 003a data : 08 00 2b 10 48 60 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0040 version: 00000002 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:check_bind_response(1257) bind_rpc_pipe: accepted! [2004/05/10 00:24:04, 10] rpc_client/cli_samr.c:cli_samr_connect(38) cli_samr_connect to COMANCHE-W2K [2004/05/10 00:24:04, 5] rpc_parse/parse_samr.c:init_samr_q_connect(6661) init_samr_q_connect [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 ptr_srv_name: 00000001 [2004/05/10 00:24:04, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 uni_max_len: 0000000d [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0008 offset : 00000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c uni_str_len: 0000000d [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) 0010 buffer : C.O.M.A.N.C.H.E.-.W.2.K... [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 002c access_mask: 02000000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_rpc_hdr_auth hdr_auth [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0030 auth_type : 44 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0031 auth_level : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0032 padding : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0033 reserved : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0034 auth_context : 00000001 [2004/05/10 00:24:04, 10] rpc_client/cli_pipe.c:rpc_api_pipe_req(1023) SCHANNEL seq_num=0 [2004/05/10 00:24:04, 10] rpc_parse/parse_prs.c:netsec_encode(1462) SCHANNEL: netsec_encode seq_num=0 data_len=48 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000038 smb_io_rpc_auth_netsec_chk [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0038 sig : 77 00 ff ff ff ff 00 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0040 seq_num: f3 c4 99 ee 88 a6 7e 60 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0048 packet_digest: ca a5 94 50 b4 ca c4 18 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0050 confounder: 53 b6 4a ca fd 8e 25 17 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x39 data_len: 0x70 [2004/05/10 00:24:04, 10] rpc_client/cli_pipe.c:create_rpc_request(858) create_rpc_request: data_len: 70 auth_len: 20 alloc_hint: 38 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0070 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0020 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000019 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000038 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 0039 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:4007 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=194 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16391 (0x4007) smb_bcc=127 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 70 00 20 00 19 00 00 00 38 .......p . .....8 [020] 00 00 00 00 00 39 00 01 00 00 00 0D 00 00 00 00 .....9.. ........ [030] 00 00 00 0D 00 00 00 43 00 4F 00 4D 00 41 00 4E .......C .O.M.A.N [040] 00 43 00 48 00 45 00 2D 00 57 00 32 00 4B 00 00 .C.H.E.- .W.2.K.. [050] 00 00 00 00 00 00 02 44 05 00 00 01 00 00 00 77 .......D .......w [060] 00 FF FF FF FF 00 00 F3 C4 99 EE 88 A6 7E 60 CA .ÿÿÿÿ..ó Ä.î.¦~`Ê [070] A5 94 50 B4 CA C4 18 53 B6 4A CA FD 8E 25 17 ¥.P´ÊÄ.S ¶JÊý.%. [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,198) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,198) wrote 198 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 144 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 58 00 18 00 19 00 00 ........ .X...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 3C F0 ........ .....C<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..ë.É .D...... [040] 00 77 00 FF FF FF FF 00 00 66 C0 2D D0 20 0B EF .w.ÿÿÿÿ. .fÀ-Ð .ï [050] 6A D3 51 0D C9 F0 9C F1 2B jÓQ.Éð.ñ + [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2004/05/10 00:24:04, 10] lib/util.c:dump_data(1864) [000] 00 05 00 02 03 10 00 00 00 58 00 18 00 19 00 00 ........ .X...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 43 3C F0 ........ .....C<ð [020] 8E 07 A2 D8 11 86 19 00 20 E0 83 62 F5 00 00 00 ..¢Ø.... à.bõ... [030] 00 04 5D 88 8A EB 1C C9 11 44 05 08 00 01 00 00 ..]..ë.É .D...... [040] 00 77 00 FF FF FF FF 00 00 66 C0 2D D0 20 0B EF .w.ÿÿÿÿ. .fÀ-Ð .ï [050] 6A D3 51 0D C9 F0 9C F1 2B jÓQ.Éð.ñ + [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_check_hdr(134) rpc_check_hdr: rdata->data_size = 88 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr rpc_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0058 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0018 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000019 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_api_pipe(483) rpc_api_pipe: len left: 0 smbtrans read: 88 [2004/05/10 00:24:04, 5] rpc_client/cli_pipe.c:rpc_auth_pipe(212) rpc_auth_pipe: pkt_type: 2 len: 88 auth_len: 24 NTLMSSP No schannel Yes sign Yes seal No [2004/05/10 00:24:04, 10] rpc_client/cli_pipe.c:rpc_auth_pipe(219) rpc_auth_pipe: packet: [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_auth auth_hdr [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 auth_type : 44 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 auth_level : 05 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 padding : 08 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 reserved : 00 [2004/05/10 00:24:04, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 auth_context : 00000001 [2004/05/10 00:24:04, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336) rpc_auth_pipe: wrong schannel auth len 24 [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,45) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,45) wrote 45 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=13 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,45) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,45) wrote 45 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=14 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(432) write_socket(19,39) [2004/05/10 00:24:04, 6] lib/util_sock.c:write_socket(435) write_socket(19,39) wrote 39 [2004/05/10 00:24:04, 10] lib/util_sock.c:read_smb_length_return_keepalive(488) got smb length of 35 [2004/05/10 00:24:04, 5] lib/util.c:show_msg(456) [2004/05/10 00:24:04, 5] lib/util.c:show_msg(466) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2051 smb_pid=10516 smb_uid=4099 smb_mid=15 smt_wct=0 smb_bcc=0 [2004/05/10 00:24:04, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(325) store_cache_seqnum: success [WIN2K][4294967295 @ 957911044] [2004/05/10 00:24:04, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(380) refresh_sequence_number: WIN2K seq number is now -1 [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:client_write(512) client_write: wrote 1300 bytes. [2004/05/10 00:24:04, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/10 00:24:04, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 20, pid 10527: EOF [2004/05/10 00:24:07, 5] lib/smbldap.c:smbldap_close(877) The connection to the LDAP server was closed [2004/05/10 00:24:07, 5] sam/idmap_ldap.c:ldap_idmap_close(761) The connection to the LDAP server was closed [2004/05/10 00:24:07, 10] nsswitch/winbindd.c:winbind_client_read(458) client_read: read 0 bytes. Need 1824 more for a full request. [2004/05/10 00:24:07, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 9, pid 10516: EOF