[2012/08/30 15:27:50.972395, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:50.973894, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:50.974103, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:192.168.30.50:49205 to ipv4:192.168.30.15:445 [2012/08/30 15:27:50.974569, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2012/08/30 15:27:50.974929, 3] smbd/oplock_linux.c:239(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/08/30 15:27:50.975151, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2012/08/30 15:27:50.975477, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0x7fd50c02f390 [2012/08/30 15:27:50.975960, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0x7fd50c018940 [2012/08/30 15:27:50.976172, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x7fd50c0243a0 [2012/08/30 15:27:50.976975, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 133 [2012/08/30 15:27:50.977238, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x85 [2012/08/30 15:27:50.977373, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 137 (0 toread) [2012/08/30 15:27:50.977506, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:50.977591, 5] lib/util.c:342(show_msg) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2012/08/30 15:27:50.978529, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [0060] 32 00 2. [2012/08/30 15:27:50.979566, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 3054) conn 0x0 [2012/08/30 15:27:50.979749, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:50.979915, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:50.980095, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:50.980579, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:50.985485, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2012/08/30 15:27:50.985751, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2012/08/30 15:27:50.985923, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2012/08/30 15:27:50.986088, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2012/08/30 15:27:50.986244, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2012/08/30 15:27:50.986396, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2012/08/30 15:27:50.986687, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Win2K' [2012/08/30 15:27:50.986860, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:50.987171, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key EE0B0000FFFFFFFF [2012/08/30 15:27:50.987323, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00d5e0 [2012/08/30 15:27:50.987478, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key EE0B0000FFFFFFFF [2012/08/30 15:27:50.987579, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:50.987869, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Vista' [2012/08/30 15:27:50.988202, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/08/30 15:27:50.988322, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2012/08/30 15:27:50.988439, 5] smbd/negprot.c:711(reply_negprot) negprot index=5 [2012/08/30 15:27:50.988627, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:50.988696, 5] lib/util.c:342(show_msg) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51267 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=60928 (0xEE00) smb_vwv[ 8]= 11 (0xB) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=21888 (0x5580) smb_vwv[12]=33601 (0x8341) smb_vwv[13]=58763 (0xE58B) smb_vwv[14]=52614 (0xCD86) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=58 [2012/08/30 15:27:50.991090, 10] ../lib/util/util.c:415(dump_data) [0000] 6F 72 61 6E 67 65 00 00 00 00 00 00 00 00 00 00 orange.. ........ [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2012/08/30 15:27:51.623103, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 138 [2012/08/30 15:27:51.623338, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/08/30 15:27:51.623458, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 142 (0 toread) [2012/08/30 15:27:51.623612, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.623674, 5] lib/util.c:342(show_msg) size=138 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=5120 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=79 [2012/08/30 15:27:51.625319, 10] ../lib/util/util.c:415(dump_data) [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 06 01 B1 1D 00 00 00 0F 00 00 00 00 00 ........ ....... [2012/08/30 15:27:51.625790, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 3054) conn 0x0 [2012/08/30 15:27:51.625928, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.626068, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.626204, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.626415, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:51.626631, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/08/30 15:27:51.626826, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/08/30 15:27:51.626974, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/08/30 15:27:51.627143, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/08/30 15:27:51.627332, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2012/08/30 15:27:51.627616, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2012/08/30 15:27:51.627756, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2012/08/30 15:27:51.629686, 5] auth/auth.c:489(make_auth_context_subsystem) Making default auth method list for DC, security=user, encrypt passwords = yes [2012/08/30 15:27:51.629833, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2012/08/30 15:27:51.630026, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2012/08/30 15:27:51.630164, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2012/08/30 15:27:51.630301, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2012/08/30 15:27:51.630463, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2012/08/30 15:27:51.630619, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2012/08/30 15:27:51.630759, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2012/08/30 15:27:51.630896, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2012/08/30 15:27:51.631031, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2012/08/30 15:27:51.631168, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2012/08/30 15:27:51.631329, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend smbserver [2012/08/30 15:27:51.631466, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'smbserver' [2012/08/30 15:27:51.631802, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2012/08/30 15:27:51.631942, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2012/08/30 15:27:51.632078, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2012/08/30 15:27:51.632236, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2012/08/30 15:27:51.632414, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2012/08/30 15:27:51.632554, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2012/08/30 15:27:51.632671, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2012/08/30 15:27:51.632789, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2012/08/30 15:27:51.632907, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2012/08/30 15:27:51.633027, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2012/08/30 15:27:51.633161, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2012/08/30 15:27:51.633281, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match trustdomain [2012/08/30 15:27:51.633399, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method trustdomain has a valid init [2012/08/30 15:27:51.633516, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method winbind has a valid init [2012/08/30 15:27:51.633813, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2012/08/30 15:27:51.634861, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0xe2088297 (3792208535) 1: NTLMSSP_NEGOTIATE_UNICODE 1: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : NULL WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : NULL Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db1 (7601) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2012/08/30 15:27:51.638693, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2012/08/30 15:27:51.638824, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2012/08/30 15:27:51.638941, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2012/08/30 15:27:51.639070, 5] auth/auth.c:134(get_ntlm_challenge) auth_context challenge created by random [2012/08/30 15:27:51.639207, 5] auth/auth.c:135(get_ntlm_challenge) challenge is: [2012/08/30 15:27:51.639323, 5] ../lib/util/util.c:415(dump_data) [0000] E1 F9 1B D6 03 B5 83 8C ........ [2012/08/30 15:27:51.639615, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0006 (6) TargetNameMaxLen : 0x0006 (6) TargetName : * TargetName : 'ACR' NegotiateFlags : 0xe2898215 (3800662549) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 ServerChallenge : e1f91bd603b5838c Reserved : 0000000000000000 TargetInfoLen : 0x0050 (80) TargetNameInfoMaxLen : 0x0050 (80) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'ACR' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'ORANGE' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'acr.lab' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'orange.acr.lab' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x0000 (0) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) [2012/08/30 15:27:51.645132, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.645226, 5] lib/util.c:342(show_msg) size=258 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=5120 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 173 (0xAD) smb_bcc=215 [2012/08/30 15:27:51.646271, 10] ../lib/util/util.c:415(dump_data) [0000] A1 81 AA 30 81 A7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 91 04 81 8E 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [0030] 00 00 00 15 82 89 E2 E1 F9 1B D6 03 B5 83 8C 00 ........ ........ [0040] 00 00 00 00 00 00 00 50 00 50 00 3E 00 00 00 06 .......P .P.>.... [0050] 01 00 00 00 00 00 0F 41 00 43 00 52 00 02 00 06 .......A .C.R.... [0060] 00 41 00 43 00 52 00 01 00 0C 00 4F 00 52 00 41 .A.C.R.. ...O.R.A [0070] 00 4E 00 47 00 45 00 04 00 0E 00 61 00 63 00 72 .N.G.E.. ...a.c.r [0080] 00 2E 00 6C 00 61 00 62 00 03 00 1C 00 6F 00 72 ...l.a.b .....o.r [0090] 00 61 00 6E 00 67 00 65 00 2E 00 61 00 63 00 72 .a.n.g.e ...a.c.r [00A0] 00 2E 00 6C 00 61 00 62 00 00 00 00 00 55 00 6E ...l.a.b .....U.n [00B0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [00C0] 00 20 00 33 00 2E 00 36 00 2E 00 37 00 00 00 41 . .3...6 ...7...A [00D0] 00 43 00 52 00 00 00 .C.R... [2012/08/30 15:27:51.649313, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 494 [2012/08/30 15:27:51.649537, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1ee [2012/08/30 15:27:51.649702, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 498 (0 toread) [2012/08/30 15:27:51.649820, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.649881, 5] lib/util.c:342(show_msg) size=494 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=5184 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 430 (0x1AE) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=435 [2012/08/30 15:27:51.651430, 10] ../lib/util/util.c:415(dump_data) [0000] A1 82 01 AA 30 82 01 A6 A2 82 01 A2 04 82 01 9E ....0... ........ [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [0020] 84 00 00 00 F2 00 F2 00 9C 00 00 00 06 00 06 00 ........ ........ [0030] 58 00 00 00 1A 00 1A 00 5E 00 00 00 0C 00 0C 00 X....... ^....... [0040] 78 00 00 00 10 00 10 00 8E 01 00 00 15 82 88 E2 x....... ........ [0050] 06 01 B1 1D 00 00 00 0F E2 A7 78 C8 03 65 9A FD ........ ..x..e.. [0060] F2 5D 21 50 28 15 11 16 41 00 43 00 52 00 61 00 .]!P(... A.C.R.a. [0070] 64 00 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 d.m.i.n. i.s.t.r. [0080] 61 00 74 00 6F 00 72 00 50 00 41 00 4E 00 41 00 a.t.o.r. P.A.N.A. [0090] 4D 00 41 00 00 00 00 00 00 00 00 00 00 00 00 00 M.A..... ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 2D CD 1E EB ........ ....-... [00B0] CF DD 23 75 1D A5 4F D3 93 4B B9 AA 01 01 00 00 ..#u..O. .K...... [00C0] 00 00 00 00 58 6B F1 8D E5 86 CD 01 E5 FA DA BF ....Xk.. ........ [00D0] 03 0A 72 F7 00 00 00 00 02 00 06 00 41 00 43 00 ..r..... ....A.C. [00E0] 52 00 01 00 0C 00 4F 00 52 00 41 00 4E 00 47 00 R.....O. R.A.N.G. [00F0] 45 00 04 00 0E 00 61 00 63 00 72 00 2E 00 6C 00 E.....a. c.r...l. [0100] 61 00 62 00 03 00 1C 00 6F 00 72 00 61 00 6E 00 a.b..... o.r.a.n. [0110] 67 00 65 00 2E 00 61 00 63 00 72 00 2E 00 6C 00 g.e...a. c.r...l. [0120] 61 00 62 00 08 00 30 00 30 00 00 00 00 00 00 00 a.b...0. 0....... [0130] 01 00 00 00 00 20 00 00 4A 05 EF 40 B8 02 32 2C ..... .. J..@..2, [0140] B8 F2 D3 2A 66 7A DB F0 20 D4 01 25 39 A0 6B 49 ...*fz.. ..%9.kI [0150] 1E E4 0F 26 3F 67 AC 04 0A 00 10 00 00 00 00 00 ...&?g.. ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 09 00 26 00 ........ ......&. [0170] 63 00 69 00 66 00 73 00 2F 00 4F 00 52 00 41 00 c.i.f.s. /.O.R.A. [0180] 4E 00 47 00 45 00 2E 00 61 00 63 00 72 00 2E 00 N.G.E... a.c.r... [0190] 6C 00 61 00 62 00 00 00 00 00 00 00 00 00 FA 54 l.a.b... .......T [01A0] B7 BA AE 0C 15 A0 A8 09 93 49 33 E4 C4 4F 00 00 ........ .I3..O.. [01B0] 00 00 00 ... [2012/08/30 15:27:51.654212, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 3054) conn 0x0 [2012/08/30 15:27:51.654353, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.654472, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.654591, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.654775, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:51.654894, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/08/30 15:27:51.655011, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/08/30 15:27:51.655128, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/08/30 15:27:51.655262, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/08/30 15:27:51.655484, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 000000000000000000000000000000000000000000000000 NtChallengeResponseLen : 0x00f2 (242) NtChallengeResponseMaxLen: 0x00f2 (242) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 242) v2: struct NTLMv2_RESPONSE Response : 2dcd1eebcfdd23751da54fd3934bb9aa Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Thu Aug 30 15:27:55 2012 EDT ChallengeFromClient : e5fadabf030a72f7 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000008 (8) pair: ARRAY(8) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'ACR' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'ORANGE' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'acr.lab' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'orange.acr.lab' pair: struct AV_PAIR AvId : MsAvRestrictions (0x8) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x8) AvRestrictions: struct Restriction_Encoding Size : 0x00000030 (48) Z4 : 0x00000000 (0) IntegrityLevel : 0x00000001 (1) SubjectIntegrityLevel : 0x00002000 (8192) MachineId : 4a05ef40b802322cb8f2d32a667adbf020d4012539a06b491ee40f263f67ac04 pair: struct AV_PAIR AvId : MsvChannelBindings (0xA) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0xA) ChannelBindings : 00000000000000000000000000000000 pair: struct AV_PAIR AvId : MsvAvTargetName (0x9) AvLen : 0x0026 (38) Value : union ntlmssp_AvValue(case 0x9) AvTargetName : 'cifs/ORANGE.acr.lab' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0006 (6) DomainNameMaxLen : 0x0006 (6) DomainName : * DomainName : 'ACR' UserNameLen : 0x001a (26) UserNameMaxLen : 0x001a (26) UserName : * UserName : 'administrator' WorkstationLen : 0x000c (12) WorkstationMaxLen : 0x000c (12) Workstation : * Workstation : 'PANAMA' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] FA 54 B7 BA AE 0C 15 A0 A8 09 93 49 33 E4 C4 4F .T...... ...I3..O NegotiateFlags : 0xe2888215 (3800597013) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db1 (7601) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2012/08/30 15:27:51.663050, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) Got user=[administrator] domain=[ACR] workstation=[PANAMA] len1=24 len2=242