Script started on Fri Aug 16 12:56:23 2013 [emz@ural85-gw0-omega:/var/db/samba]# net -d 10 ads join -U dca INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf" Processing section "[global]" doing parameter workgroup = SOFTLAB doing parameter machine password timeout = 0 doing parameter netbios name = CRYSTAL-OMEGA handle_netbios_name: set global_myname to: CRYSTAL-OMEGA doing parameter server string = CRYSTAL-OMEGA/Samba 3.6.17 on FreeBSD 10.0-CURRENT doing parameter hosts allow = 192.168. 127. 172.16. doing parameter guest account = pcguest doing parameter map to guest = bad user doing parameter log file = /var/log/samba/log.%m doing parameter encrypt passwords = yes doing parameter socket options = TCP_NODELAY doing parameter dns proxy = no doing parameter local master = no doing parameter os level = 32 doing parameter interfaces = vlan1 lo0 doing parameter bind interfaces only = yes doing parameter log level = 0 doing parameter syslog = 11 doing parameter deadtime = 15 doing parameter wins server = 192.168.3.45 doing parameter printcap name = cups doing parameter printing = BSD doing parameter unix charset = KOI8-R Substituting charset 'KOI8-R' for LOCALE doing parameter dos charset = 866 Substituting charset 'KOI8-R' for LOCALE doing parameter cups server = 192.168.3.1 doing parameter host msdfs = no doing parameter dos filemode = yes doing parameter map acl inherit = yes doing parameter security = ads doing parameter realm = norma.com doing parameter client ldap sasl wrapping = sign doing parameter password server = hq-gc.norma.com, hq-dc.norma.com doing parameter idmap config * : backend = tdb doing parameter idmap config * : range = 20000-30000 doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind use default domain = yes doing parameter winbind separator = + doing parameter encrypt passwords = yes doing parameter template shell = /sbin/nologin doing parameter template homedir = /home/%U pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_MEMBER Substituting charset 'KOI8-R' for LOCALE Netbios name list:- my_netbios_names[0]="CRYSTAL-OMEGA" added interface vlan1 ip=fd00::d01 bcast=fd00::dff netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 added interface vlan1 ip=fd00::d03 bcast=fd00::dff netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 added interface vlan1 ip=192.168.13.1 bcast=192.168.13.255 netmask=255.255.255.0 added interface vlan1 ip=192.168.13.3 bcast=192.168.13.255 netmask=255.255.255.0 added interface lo0 ip=::1 bcast=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff added interface lo0 ip=fe80::1%lo0 bcast=fe80::ffff:ffff:ffff:ffff%lo0 netmask=ffff:ffff:ffff:ffff:: added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Enter dca's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'CRYSTAL-OMEGA' domain_name : * domain_name : 'NORMA.COM' account_ou : NULL admin_account : 'dca' machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) dsgetdcname: domain_name: NORMA.COM, domain_guid: (null), site_name: (null), flags: 0x40001011 debug_dsdcinfo_flags: 0x40001011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME Opening cache file at /var/db/samba/gencache.tdb Opening cache file at /var/db/samba/gencache_notrans.tdb sitename_fetch: Returning sitename for NORMA.COM: "Crystal" dsgetdcname_rediscover ads_dns_lookup_srv: 2 records returned in the answer section. ads_dns_parse_rr_srv: Parsed hq-gc.norma.com [0, 100, 389] ads_dns_parse_rr_srv: Parsed hq-dc.norma.com [0, 100, 389] LDAP ping to hq-gc.norma.com &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000011fd (4605) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 13bbf1dd-c5cd-4a86-864e-76c0c938147b forest : 'norma.com' dns_domain : 'norma.com' pdc_dns_name : 'HQ-GC.norma.com' domain_name : 'SOFTLAB' pdc_name : 'HQ-GC' user_name : '' server_site : 'HQ' client_site : 'Crystal' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) Adding cache entry with key = DSGETDCNAME/DOMAIN/SOFTLAB and timeout = Fri Aug 16 13:11:34 2013 (900 seconds ahead) sitename_store: realm = [SOFTLAB], sitename = [Crystal], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/SOFTLAB and timeout = Tue Jan 19 09:14:07 2038 (770847453 seconds ahead) Adding cache entry with key = DSGETDCNAME/DOMAIN/NORMA.COM and timeout = Fri Aug 16 13:11:34 2013 (900 seconds ahead) sitename_store: realm = [norma.com], sitename = [Crystal], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/NORMA.COM and timeout = Tue Jan 19 09:14:07 2038 (770847453 seconds ahead) Connecting to host=HQ-GC.norma.com sitename_fetch: Returning sitename for NORMA.COM: "Crystal" internal_resolve_name: looking up HQ-GC.norma.com#20 (sitename Crystal) name HQ-GC.norma.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Running timed event "tevent_req_timedout" 0x80682fba0 Connecting to 192.168.3.45 at port 445 Running timed event "tevent_req_timedout" 0x80682fde0 Connecting to 192.168.3.45 at port 139 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 4 Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 34176 SO_RCVBUF = 66928 SO_SNDLOWAT = 2048 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Substituting charset 'KOI8-R' for LOCALE Doing spnego session setup (blob length=124) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0007 (7) DomainNameMaxLen : 0x0007 (7) DomainName : * DomainName : 'SOFTLAB' WorkstationLen : 0x000d (13) WorkstationMaxLen : 0x000d (13) Workstation : * Workstation : 'CRYSTAL-OMEGA' smb_signing_sign_pdu: sent SMB signature of [0000] 42 53 52 53 50 59 4C 20 BSRSPYL challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000e (14) TargetNameMaxLen : 0x000e (14) TargetName : * TargetName : 'SOFTLAB' NegotiateFlags : 0x62898215 (1653178901) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : 41f3c8ed9688020c Reserved : 0000000000000000 TargetInfoLen : 0x007e (126) TargetNameInfoMaxLen : 0x007e (126) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'SOFTLAB' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000a (10) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'HQ-GC' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'norma.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'HQ-GC.norma.com' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'norma.com' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : 16 12:56:35 2013 YEKT pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0x0) ProductBuild : 0x1772 (6002) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 0786fab417efd65068d7875f6620fe79119c13ed3f1e51b4 NtChallengeResponseLen : 0x00aa (170) NtChallengeResponseMaxLen: 0x00aa (170) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 170) v2: struct NTLMv2_RESPONSE Response : cf2dc82ca6fc719f0e4c3866238603af Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : 16 12:56:34 2013 YEKT ChallengeFromClient : d6e840076e1c7567 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'SOFTLAB' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000a (10) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'HQ-GC' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'norma.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'HQ-GC.norma.com' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'norma.com' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : 16 12:56:35 2013 YEKT pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x0006 (6) UserNameMaxLen : 0x0006 (6) UserName : * UserName : 'dca' WorkstationLen : 0x001a (26) WorkstationMaxLen : 0x001a (26) Workstation : * Workstation : 'CRYSTAL-OMEGA' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] A4 B3 73 E8 FA 1F F6 FE 9F 92 49 F2 FD B1 4F 98 s. IO NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH smb_signing_sign_pdu: sent SMB signature of [0000] 42 53 52 53 50 59 4C 20 BSRSPYL smb_signing_activate: user_session_key [0000] B5 AA 8C 51 7B 44 06 D2 E0 F5 8E F1 02 F1 13 31 Q{D. ..1 smb_signing_activate: NULL response_data smb_signing_md5: sequence number 1 smb_signing_check_pdu: seq 1: got good SMB signature of [0000] C7 23 FA 03 6D 82 82 82 #.m smb_signing_md5: sequence number 2 smb_signing_sign_pdu: sent SMB signature of [0000] 59 34 A6 A3 1F 9E 96 B1 Y4. smb_signing_md5: sequence number 3 smb_signing_check_pdu: seq 3: got good SMB signature of [0000] 61 37 3F 5D 01 78 78 34 a7?].xx4 cli_init_creds: user dca domain smb_signing_md5: sequence number 4 smb_signing_sign_pdu: sent SMB signature of [0000] 5B A0 16 39 B4 CA 6A 0F [.9j. smb_signing_md5: sequence number 5 smb_signing_check_pdu: seq 5: got good SMB signature of [0000] E7 78 79 23 45 79 FA E3 xy#Ey Bind RPC Pipe: host HQ-GC.norma.com auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 6 smb_signing_sign_pdu: sent SMB signature of [0000] 9C D1 C2 40 3F F2 5C 02 @?\. smb_signing_md5: sequence number 7 smb_signing_check_pdu: seq 7: got good SMB signature of [0000] 5D BE 6A 5D 54 8D C3 54 ]j]TT rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00045e5a (286298) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 16 8E . num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine HQ-GC.norma.com and bound anonymously. lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 8 smb_signing_sign_pdu: sent SMB signature of [0000] 01 8C A3 8B A7 83 3C 14 .<. smb_signing_md5: sequence number 9 smb_signing_check_pdu: seq 9: got good SMB signature of [0000] 42 BB 2A EA BF F2 5F 6E B*_n rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 FB E9 28 ED 57 1A 4F 4B B7 D4 7D 82 ....( W.OK} [0010] E9 5E B8 28 00 00 00 00 ^(.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : ed28e9fb-1a57-4b4f-b7d4-7d82e95eb828 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : ed28e9fb-1a57-4b4f-b7d4-7d82e95eb828 level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 10 smb_signing_sign_pdu: sent SMB signature of [0000] AF 17 57 23 BE 92 87 90 .W# smb_signing_md5: sequence number 11 smb_signing_check_pdu: seq 11: got good SMB signature of [0000] 0C 5D 65 E9 53 39 D4 4B .]eS9K rpc_read_send: data_to_read: 184 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c8 (200) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000000b0 (176) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=176 [0000] 00 00 02 00 0C 00 00 00 0E 00 10 00 04 00 02 00 ........ ........ [0010] 12 00 14 00 08 00 02 00 12 00 14 00 0C 00 02 00 ........ ........ [0020] DD F1 BB 13 CD C5 86 4A 86 4E 76 C0 C9 38 14 7B .ņJ Nv8.{ [0030] 10 00 02 00 08 00 00 00 00 00 00 00 07 00 00 00 ........ ........ [0040] 53 00 4F 00 46 00 54 00 4C 00 41 00 42 00 00 00 S.O.F.T. L.A.B... [0050] 0A 00 00 00 00 00 00 00 09 00 00 00 6E 00 6F 00 ........ ....n.o. [0060] 72 00 6D 00 61 00 2E 00 63 00 6F 00 6D 00 00 00 r.m.a... c.o.m... [0070] 0A 00 00 00 00 00 00 00 09 00 00 00 6E 00 6F 00 ........ ....n.o. [0080] 72 00 6D 00 61 00 2E 00 63 00 6F 00 6D 00 00 00 r.m.a... c.o.m... [0090] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........ [00A0] 72 25 50 E1 A6 5C 98 2F 72 B0 E0 86 00 00 00 00 r%P\/ r.... Got pdu len 200, data_len 176, ss_len 0 rpc_api_pipe: got frag len of 200 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 176 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'SOFTLAB' dns_domain: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'norma.com' dns_forest: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'norma.com' domain_guid : 13bbf1dd-c5cd-4a86-864e-76c0c938147b sid : * sid : S-1-5-21-3780126066-798514342-2262872178 result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : ed28e9fb-1a57-4b4f-b7d4-7d82e95eb828 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 12 smb_signing_sign_pdu: sent SMB signature of [0000] DA BF E7 47 CF 79 5B 33 ڿGy[3 smb_signing_md5: sequence number 13 smb_signing_check_pdu: seq 13: got good SMB signature of [0000] 67 43 76 22 4E 22 67 7F gCv"N"g. rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK smb_signing_md5: sequence number 14 smb_signing_sign_pdu: sent SMB signature of [0000] FB DF BF 68 EF AB 6D 1B ߿hm. smb_signing_md5: sequence number 15 smb_signing_check_pdu: seq 15: got good SMB signature of [0000] D8 D6 02 C1 19 88 77 73 ..ws create_local_private_krb5_conf_for_domain: fname = /var/db/samba/smb_krb5/krb5.conf.SOFTLAB, realm = norma.com, domain = SOFTLAB saf_fetch[join]: Returning "hq-dc.norma.com" for "norma.com" domain get_dc_list: preferred server list: "hq-dc.norma.com, hq-gc.norma.com, hq-dc.norma.com" sitename_fetch: Returning sitename for NORMA.COM: "Crystal" internal_resolve_name: looking up hq-dc.norma.com#20 (sitename Crystal) name hq-dc.norma.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain norma.com server 192.168.3.34 sitename_fetch: Returning sitename for NORMA.COM: "Crystal" internal_resolve_name: looking up hq-gc.norma.com#20 (sitename Crystal) name hq-gc.norma.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain norma.com server 192.168.3.45 sitename_fetch: Returning sitename for NORMA.COM: "Crystal" internal_resolve_name: looking up hq-dc.norma.com#20 (sitename Crystal) name hq-dc.norma.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain norma.com server 192.168.3.34 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 2 ip addresses in an ordered list get_dc_list: 192.168.3.34:389 192.168.3.45:389 get_kdc_ip_string: Returning kdc = 192.168.3.45 kdc = 192.168.3.34 create_local_private_krb5_conf_for_domain: wrote file /var/db/samba/smb_krb5/krb5.conf.SOFTLAB with realm NORMA.COM KDC list = kdc = 192.168.3.45 kdc = 192.168.3.34 smb_signing_md5: sequence number 16 smb_signing_sign_pdu: sent SMB signature of [0000] 7E 72 57 BB 5F E7 3C F8 ~rW_< smb_signing_md5: sequence number 17 smb_signing_check_pdu: seq 17: got good SMB signature of [0000] CF 35 3A C6 39 54 F4 D1 5:9T Bind RPC Pipe: host HQ-GC.norma.com auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ac if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 18 smb_signing_sign_pdu: sent SMB signature of [0000] 76 5E A4 9B 5B 1D 35 7C v^[.5| smb_signing_md5: sequence number 19 smb_signing_check_pdu: seq 19: got good SMB signature of [0000] B8 9E A7 A8 44 7B F1 E7 D{ rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00045e5b (286299) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe \samr to machine HQ-GC.norma.com and bound anonymously. samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'HQ-GC.norma.com' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0039 (57) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 20 smb_signing_sign_pdu: sent SMB signature of [0000] DF 8F 53 88 14 80 DB 90 ߏS.ې smb_signing_md5: sequence number 21 smb_signing_check_pdu: seq 21: got good SMB signature of [0000] E7 1C 4A A1 6F EA 08 7A .Jo.z rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 ED 7A 51 64 1C 10 FB 4B BC 8E A8 C7 ....zQd ..K [0010] 43 59 FC 96 00 00 00 00 CY.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 64517aed-101c-4bfb-bc8e-a8c74359fc96 result : NT_STATUS_OK samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 64517aed-101c-4bfb-bc8e-a8c74359fc96 access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-3780126066-798514342-2262872178 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 22 smb_signing_sign_pdu: sent SMB signature of [0000] B7 C6 EB EB 5D 36 1E A9 ]6. smb_signing_md5: sequence number 23 smb_signing_check_pdu: seq 23: got good SMB signature of [0000] F0 A9 7D 7E 7D 48 E0 12 }~}H. rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 41 92 31 90 FC 5F 64 4B 90 59 30 D2 ....A1 _dKY0 [0010] 41 C1 24 56 00 00 00 00 A$V.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 90319241-5ffc-4b64-9059-30d241c12456 result : NT_STATUS_OK Creating account with desired access mask: -536543056 samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 90319241-5ffc-4b64-9059-30d241c12456 account_name : * account_name: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'crystal-omega$' acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x0032 (50) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=100, this_data=100, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 24 smb_signing_sign_pdu: sent SMB signature of [0000] DC E3 C1 2D A8 EB CD 18 -. smb_signing_md5: sequence number 25 smb_signing_check_pdu: seq 25: got good SMB signature of [0000] 2B 47 89 63 16 D0 34 C2 +Gc.4 rpc_read_send: data_to_read: 40 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 C0 ........ ....c.. Got pdu len 56, data_len 32, ss_len 0 rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 32 bytes. samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000000 (0) result : NT_STATUS_USER_EXISTS samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 90319241-5ffc-4b64-9059-30d241c12456 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'crystal-omega$' &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000054 (84) context_id : 0x0000 (0) opnum : 0x0011 (17) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=108, this_data=108, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 26 smb_signing_sign_pdu: sent SMB signature of [0000] 25 E8 3B 42 C8 32 88 92 %;B2 smb_signing_md5: sequence number 27 smb_signing_check_pdu: seq 27: got good SMB signature of [0000] B3 E7 13 8B 4C 12 82 B6 .L. rpc_read_send: data_to_read: 44 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=36 [0000] 01 00 00 00 00 00 02 00 01 00 00 00 07 58 00 00 ........ .....X.. [0010] 01 00 00 00 04 00 02 00 01 00 00 00 01 00 00 00 ........ ........ [0020] 00 00 00 00 .... Got pdu len 60, data_len 36, ss_len 0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 36 bytes. samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00005807 (22535) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 90319241-5ffc-4b64-9059-30d241c12456 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x00005807 (22535) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 28 smb_signing_sign_pdu: sent SMB signature of [0000] EE 21 3C 9F 51 14 4F A4 ! 8a20a11d2850490b218ca29a9d838473036f8d0c4c9cd5e10998a308329c50cb5417f0818c3b4bdaa9b28d59f8a7 password_expired : 0x00 (0) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000022d (557) context_id : 0x0000 (0) opnum : 0x003a (58) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=581, this_data=581, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 32 smb_signing_sign_pdu: sent SMB signature of [0000] 0E CF D6 3C 1C 96 F4 C1 .<. smb_signing_md5: sequence number 33 smb_signing_check_pdu: seq 33: got good SMB signature of [0000] 6F CB 02 22 0D 5E DB C6 o.".^ rpc_read_send: data_to_read: 12 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... Got pdu len 28, data_len 4, ss_len 0 rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 4 bytes. samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 64517aed-101c-4bfb-bc8e-a8c74359fc96 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 34 smb_signing_sign_pdu: sent SMB signature of [0000] C9 D8 44 44 94 D6 3C 7D DD<} smb_signing_md5: sequence number 35 smb_signing_check_pdu: seq 35: got good SMB signature of [0000] D3 A7 5A 6C 40 0D 1C 5D ӧZl@..] rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 90319241-5ffc-4b64-9059-30d241c12456 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 36 smb_signing_sign_pdu: sent SMB signature of [0000] 1C 75 15 D2 22 DB 37 51 .u."7Q smb_signing_md5: sequence number 37 smb_signing_check_pdu: seq 37: got good SMB signature of [0000] E9 4C D9 18 A3 BE 78 E8 L.x rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d9528808-d4ad-4f9d-96cb-00c85829265c &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host HQ-GC.norma.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 smb_signing_md5: sequence number 38 smb_signing_sign_pdu: sent SMB signature of [0000] 64 FB 30 86 2E 86 C2 D4 d0. smb_signing_md5: sequence number 39 smb_signing_check_pdu: seq 39: got good SMB signature of [0000] 29 0D 34 D7 A2 BB 0E 33 ).4ע.3 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK smb_signing_md5: sequence number 40 smb_signing_sign_pdu: sent SMB signature of [0000] 79 95 C3 EC 74 8D 9D C5 yt smb_signing_md5: sequence number 41 smb_signing_check_pdu: seq 41: got good SMB signature of [0000] 9F AD 07 A1 19 D8 EE A9 .. Locking key 534543524554532F5349 Allocated locked data 0x0x806832760 Unlocking key 534543524554532F5349 Locking key 534543524554532F4D41 Allocated locked data 0x0x8068a9240 Unlocking key 534543524554532F4D41 Locking key 534543524554532F4D41 Allocated locked data 0x0x8068a9240 Unlocking key 534543524554532F4D41 Locking key 534543524554532F4D41 Allocated locked data 0x0x8068a9240 Unlocking key 534543524554532F4D41 Locking key 534543524554532F4D41 Allocated locked data 0x0x8068a9240 Unlocking key 534543524554532F4D41 smb_signing_md5: sequence number 42 smb_signing_sign_pdu: sent SMB signature of [0000] B3 91 48 49 DD 88 E5 17 HI݈. smb_signing_md5: sequence number 43 smb_signing_check_pdu: seq 43: got good SMB signature of [0000] D6 7F F3 8C 0E 49 AF 99 ..I saf_join_store: domain = [SOFTLAB], server = [HQ-GC.norma.com], expire = [1376639794] Adding cache entry with key = SAFJOIN/DOMAIN/SOFTLAB and timeout = Fri Aug 16 13:56:34 2013 (3600 seconds ahead) saf_join_store: domain = [norma.com], server = [HQ-GC.norma.com], expire = [1376639794] Adding cache entry with key = SAFJOIN/DOMAIN/NORMA.COM and timeout = Fri Aug 16 13:56:34 2013 (3600 seconds ahead) sitename_fetch: Returning sitename for NORMA.COM: "Crystal" internal_resolve_name: looking up HQ-GC.norma.com#20 (sitename Crystal) name HQ-GC.norma.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs ads_try_connect: sending CLDAP request to 192.168.3.45 (realm: norma.com) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000011fd (4605) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 13bbf1dd-c5cd-4a86-864e-76c0c938147b forest : 'norma.com' dns_domain : 'norma.com' pdc_dns_name : 'HQ-GC.norma.com' domain_name : 'SOFTLAB' pdc_name : 'HQ-GC' user_name : '' server_site : 'HQ' client_site : 'Crystal' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [SOFTLAB], sitename = [Crystal], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/SOFTLAB and timeout = Tue Jan 19 09:14:07 2038 (770847453 seconds ahead) sitename_store: realm = [norma.com], sitename = [Crystal], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/NORMA.COM and timeout = Tue Jan 19 09:14:07 2038 (770847453 seconds ahead) Successfully contacted LDAP server 192.168.3.45 Opening connection to LDAP server 'HQ-GC.norma.com:389', timeout 15 seconds Connected to LDAP server 'HQ-GC.norma.com:389' Connected to LDAP server HQ-GC.norma.com ads_closest_dc: NBT_SERVER_CLOSEST flag set saf_store: domain = [SOFTLAB], server = [HQ-GC.norma.com], expire = [1376637094] Adding cache entry with key = SAF/DOMAIN/SOFTLAB and timeout = Fri Aug 16 13:11:34 2013 (900 seconds ahead) saf_store: domain = [norma.com], server = [HQ-GC.norma.com], expire = [1376637094] Adding cache entry with key = SAF/DOMAIN/NORMA.COM and timeout = Fri Aug 16 13:11:34 2013 (900 seconds ahead) time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore ads_sasl_spnego_krb5_bind failed with: Miscellaneous failure (see text)Did not find a plugin for ccache_ops : Did not find a plugin for ccache_ops, calling kinit kerberos_kinit_password: as dca@NORMA.COM using [MEMORY:net_ads] as ccache and config [/var/db/samba/smb_krb5/krb5.conf.SOFTLAB] kerberos_kinit_password dca@NORMA.COM failed: Looping detected inside krb5_get_in_tkt libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'SOFTLAB' dns_domain_name : 'norma.com' forest_name : 'norma.com' dn : NULL domain_sid : * domain_sid : S-1-5-21-3780126066-798514342-2262872178 modified_config : 0x00 (0) error_string : 'failed to connect to AD: Looping detected inside krb5_get_in_tkt' domain_is_ad : 0x01 (1) result : WERR_GENERAL_FAILURE lang_tdb_init: /usr/local/lib/samba/ru_RU.KOI8-R.msg: Failed to join domain: failed to connect to AD: Looping detected inside krb5_get_in_tkt return code = -1 [emz@ural85-gw0-omega:/var/db/samba]# ^Dexit Script done on Fri Aug 16 12:56:35 2013