The Samba-Bugzilla – Attachment 9141 Details for
Bug 10093
unable to joing to an ads domain, kinit failing with "looping detected"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
"net -d 10 ads join -U dca" logfile
join.log (text/plain), 98.58 KB, created by
drookie
on 2013-08-17 22:02:02 UTC
(
hide
)
Description:
"net -d 10 ads join -U dca" logfile
Filename:
MIME Type:
Creator:
drookie
Created:
2013-08-17 22:02:02 UTC
Size:
98.58 KB
patch
obsolete
>Script started on Fri Aug 16 12:56:23 2013 >[emz@ural85-gw0-omega:/var/db/samba]# net -d 10 ads join -U dca >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 >lp_load_ex: refreshing parameters >Initialising global parameters >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 >params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf" >Processing section "[global]" >doing parameter workgroup = SOFTLAB >doing parameter machine password timeout = 0 >doing parameter netbios name = CRYSTAL-OMEGA >handle_netbios_name: set global_myname to: CRYSTAL-OMEGA >doing parameter server string = CRYSTAL-OMEGA/Samba 3.6.17 on FreeBSD 10.0-CURRENT >doing parameter hosts allow = 192.168. 127. 172.16. >doing parameter guest account = pcguest >doing parameter map to guest = bad user >doing parameter log file = /var/log/samba/log.%m >doing parameter encrypt passwords = yes >doing parameter socket options = TCP_NODELAY >doing parameter dns proxy = no >doing parameter local master = no >doing parameter os level = 32 >doing parameter interfaces = vlan1 lo0 >doing parameter bind interfaces only = yes >doing parameter log level = 0 >doing parameter syslog = 11 >doing parameter deadtime = 15 >doing parameter wins server = 192.168.3.45 >doing parameter printcap name = cups >doing parameter printing = BSD >doing parameter unix charset = KOI8-R >Substituting charset 'KOI8-R' for LOCALE >doing parameter dos charset = 866 >Substituting charset 'KOI8-R' for LOCALE >doing parameter cups server = 192.168.3.1 >doing parameter host msdfs = no >doing parameter dos filemode = yes >doing parameter map acl inherit = yes >doing parameter security = ads >doing parameter realm = norma.com >doing parameter client ldap sasl wrapping = sign >doing parameter password server = hq-gc.norma.com, hq-dc.norma.com >doing parameter idmap config * : backend = tdb >doing parameter idmap config * : range = 20000-30000 >doing parameter winbind enum users = yes >doing parameter winbind enum groups = yes >doing parameter winbind use default domain = yes >doing parameter winbind separator = + >doing parameter encrypt passwords = yes >doing parameter template shell = /sbin/nologin >doing parameter template homedir = /home/%U >pm_process() returned Yes >lp_servicenumber: couldn't find homes >set_server_role: role = ROLE_DOMAIN_MEMBER >Substituting charset 'KOI8-R' for LOCALE >Netbios name list:- >my_netbios_names[0]="CRYSTAL-OMEGA" >added interface vlan1 ip=fd00::d01 bcast=fd00::dff netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 >added interface vlan1 ip=fd00::d03 bcast=fd00::dff netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 >added interface vlan1 ip=192.168.13.1 bcast=192.168.13.255 netmask=255.255.255.0 >added interface vlan1 ip=192.168.13.3 bcast=192.168.13.255 netmask=255.255.255.0 >added interface lo0 ip=::1 bcast=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff >added interface lo0 ip=fe80::1%lo0 bcast=fe80::ffff:ffff:ffff:ffff%lo0 netmask=ffff:ffff:ffff:ffff:: >added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Enter dca's password: >libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'CRYSTAL-OMEGA' > domain_name : * > domain_name : 'NORMA.COM' > account_ou : NULL > admin_account : 'dca' > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) >dsgetdcname: domain_name: NORMA.COM, domain_guid: (null), site_name: (null), flags: 0x40001011 >debug_dsdcinfo_flags: 0x40001011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME >Opening cache file at /var/db/samba/gencache.tdb >Opening cache file at /var/db/samba/gencache_notrans.tdb >sitename_fetch: Returning sitename for NORMA.COM: "Crystal" >dsgetdcname_rediscover >ads_dns_lookup_srv: 2 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed hq-gc.norma.com [0, 100, 389] >ads_dns_parse_rr_srv: Parsed hq-dc.norma.com [0, 100, 389] >LDAP ping to hq-gc.norma.com > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000011fd (4605) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 13bbf1dd-c5cd-4a86-864e-76c0c938147b > forest : 'norma.com' > dns_domain : 'norma.com' > pdc_dns_name : 'HQ-GC.norma.com' > domain_name : 'SOFTLAB' > pdc_name : 'HQ-GC' > user_name : '' > server_site : 'HQ' > client_site : 'Crystal' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >Adding cache entry with key = DSGETDCNAME/DOMAIN/SOFTLAB and timeout = Fri Aug 16 13:11:34 2013 > (900 seconds ahead) >sitename_store: realm = [SOFTLAB], sitename = [Crystal], expire = [2147483647] >Adding cache entry with key = AD_SITENAME/DOMAIN/SOFTLAB and timeout = Tue Jan 19 09:14:07 2038 > (770847453 seconds ahead) >Adding cache entry with key = DSGETDCNAME/DOMAIN/NORMA.COM and timeout = Fri Aug 16 13:11:34 2013 > (900 seconds ahead) >sitename_store: realm = [norma.com], sitename = [Crystal], expire = [2147483647] >Adding cache entry with key = AD_SITENAME/DOMAIN/NORMA.COM and timeout = Tue Jan 19 09:14:07 2038 > (770847453 seconds ahead) >Connecting to host=HQ-GC.norma.com >sitename_fetch: Returning sitename for NORMA.COM: "Crystal" >internal_resolve_name: looking up HQ-GC.norma.com#20 (sitename Crystal) >name HQ-GC.norma.com#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Running timed event "tevent_req_timedout" 0x80682fba0 >Connecting to 192.168.3.45 at port 445 >Running timed event "tevent_req_timedout" 0x80682fde0 >Connecting to 192.168.3.45 at port 139 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 4 > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 34176 > SO_RCVBUF = 66928 > SO_SNDLOWAT = 2048 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 >Substituting charset 'KOI8-R' for LOCALE >Doing spnego session setup (blob length=124) >got OID=1.2.840.48018.1.2.2 >got OID=1.2.840.113554.1.2.2 >got OID=1.2.840.113554.1.2.2.3 >got OID=1.3.6.1.4.1.311.2.2.10 >got principal=not_defined_in_RFC4178@please_ignore > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0007 (7) > DomainNameMaxLen : 0x0007 (7) > DomainName : * > DomainName : 'SOFTLAB' > WorkstationLen : 0x000d (13) > WorkstationMaxLen : 0x000d (13) > Workstation : * > Workstation : 'CRYSTAL-OMEGA' >smb_signing_sign_pdu: sent SMB signature of >[0000] 42 53 52 53 50 59 4C 20 BSRSPYL > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x000e (14) > TargetNameMaxLen : 0x000e (14) > TargetName : * > TargetName : 'SOFTLAB' > NegotiateFlags : 0x62898215 (1653178901) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : 41f3c8ed9688020c > Reserved : 0000000000000000 > TargetInfoLen : 0x007e (126) > TargetNameInfoMaxLen : 0x007e (126) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000007 (7) > pair: ARRAY(7) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x000e (14) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'SOFTLAB' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000a (10) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'HQ-GC' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x0012 (18) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'norma.com' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'HQ-GC.norma.com' > pair: struct AV_PAIR > AvId : MsvAvDnsTreeName (0x5) > AvLen : 0x0012 (18) > Value : union ntlmssp_AvValue(case 0x5) > AvDnsTreeName : 'norma.com' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : ÐÔ Á×Ç 16 12:56:35 2013 YEKT > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0x0) > ProductBuild : 0x1772 (6002) > Reserved : 000000 > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) >Got challenge flags: >Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : 0786fab417efd65068d7875f6620fe79119c13ed3f1e51b4 > NtChallengeResponseLen : 0x00aa (170) > NtChallengeResponseMaxLen: 0x00aa (170) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 170) > v2: struct NTLMv2_RESPONSE > Response : cf2dc82ca6fc719f0e4c3866238603af > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : ÐÔ Á×Ç 16 12:56:34 2013 YEKT > ChallengeFromClient : d6e840076e1c7567 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000007 (7) > pair: ARRAY(7) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x000e (14) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'SOFTLAB' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000a (10) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'HQ-GC' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x0012 (18) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'norma.com' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'HQ-GC.norma.com' > pair: struct AV_PAIR > AvId : MsvAvDnsTreeName (0x5) > AvLen : 0x0012 (18) > Value : union ntlmssp_AvValue(case 0x5) > AvDnsTreeName : 'norma.com' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : ÐÔ Á×Ç 16 12:56:35 2013 YEKT > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > UserNameLen : 0x0006 (6) > UserNameMaxLen : 0x0006 (6) > UserName : * > UserName : 'dca' > WorkstationLen : 0x001a (26) > WorkstationMaxLen : 0x001a (26) > Workstation : * > Workstation : 'CRYSTAL-OMEGA' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 >[0000] A4 B3 73 E8 FA 1F F6 FE 9F 92 49 F2 FD B1 4F 98 ¤³sèú.öþ Iòý±O > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >smb_signing_sign_pdu: sent SMB signature of >[0000] 42 53 52 53 50 59 4C 20 BSRSPYL >smb_signing_activate: user_session_key >[0000] B5 AA 8C 51 7B 44 06 D2 E0 F5 8E F1 02 F1 13 31 µªQ{D.Ò àõñ.ñ.1 >smb_signing_activate: NULL response_data >smb_signing_md5: sequence number 1 >smb_signing_check_pdu: seq 1: got good SMB signature of >[0000] C7 23 FA 03 6D 82 82 82 Ç#ú.m >smb_signing_md5: sequence number 2 >smb_signing_sign_pdu: sent SMB signature of >[0000] 59 34 A6 A3 1F 9E 96 B1 Y4¦£.± >smb_signing_md5: sequence number 3 >smb_signing_check_pdu: seq 3: got good SMB signature of >[0000] 61 37 3F 5D 01 78 78 34 a7?].xx4 >cli_init_creds: user dca domain >smb_signing_md5: sequence number 4 >smb_signing_sign_pdu: sent SMB signature of >[0000] 5B A0 16 39 B4 CA 6A 0F [ .9´Êj. >smb_signing_md5: sequence number 5 >smb_signing_check_pdu: seq 5: got good SMB signature of >[0000] E7 78 79 23 45 79 FA E3 çxy#Eyúã >Bind RPC Pipe: host HQ-GC.norma.com auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 6 >smb_signing_sign_pdu: sent SMB signature of >[0000] 9C D1 C2 40 3F F2 5C 02 ÑÂ@?ò\. >smb_signing_md5: sequence number 7 >smb_signing_check_pdu: seq 7: got good SMB signature of >[0000] 5D BE 6A 5D 54 8D C3 54 ]¾j]TÃT >rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00045e5a (286298) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 16 8E . > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine HQ-GC.norma.com and bound anonymously. > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 8 >smb_signing_sign_pdu: sent SMB signature of >[0000] 01 8C A3 8B A7 83 3C 14 .£§<. >smb_signing_md5: sequence number 9 >smb_signing_check_pdu: seq 9: got good SMB signature of >[0000] 42 BB 2A EA BF F2 5F 6E B»*ê¿ò_n >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 FB E9 28 ED 57 1A 4F 4B B7 D4 7D 82 ....ûé(í W.OK·Ô} >[0010] E9 5E B8 28 00 00 00 00 é^¸(.... >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : ed28e9fb-1a57-4b4f-b7d4-7d82e95eb828 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : ed28e9fb-1a57-4b4f-b7d4-7d82e95eb828 > level : LSA_POLICY_INFO_DNS (12) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x002e (46) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 10 >smb_signing_sign_pdu: sent SMB signature of >[0000] AF 17 57 23 BE 92 87 90 ¯.W#¾ >smb_signing_md5: sequence number 11 >smb_signing_check_pdu: seq 11: got good SMB signature of >[0000] 0C 5D 65 E9 53 39 D4 4B .]eéS9ÔK >rpc_read_send: data_to_read: 184 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00c8 (200) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000b0 (176) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=176 >[0000] 00 00 02 00 0C 00 00 00 0E 00 10 00 04 00 02 00 ........ ........ >[0010] 12 00 14 00 08 00 02 00 12 00 14 00 0C 00 02 00 ........ ........ >[0020] DD F1 BB 13 CD C5 86 4A 86 4E 76 C0 C9 38 14 7B Ýñ».ÍÅJ NvÀÉ8.{ >[0030] 10 00 02 00 08 00 00 00 00 00 00 00 07 00 00 00 ........ ........ >[0040] 53 00 4F 00 46 00 54 00 4C 00 41 00 42 00 00 00 S.O.F.T. L.A.B... >[0050] 0A 00 00 00 00 00 00 00 09 00 00 00 6E 00 6F 00 ........ ....n.o. >[0060] 72 00 6D 00 61 00 2E 00 63 00 6F 00 6D 00 00 00 r.m.a... c.o.m... >[0070] 0A 00 00 00 00 00 00 00 09 00 00 00 6E 00 6F 00 ........ ....n.o. >[0080] 72 00 6D 00 61 00 2E 00 63 00 6F 00 6D 00 00 00 r.m.a... c.o.m... >[0090] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........ >[00A0] 72 25 50 E1 A6 5C 98 2F 72 B0 E0 86 00 00 00 00 r%Pá¦\/ r°à.... >Got pdu len 200, data_len 176, ss_len 0 >rpc_api_pipe: got frag len of 200 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 176 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'SOFTLAB' > dns_domain: struct lsa_StringLarge > length : 0x0012 (18) > size : 0x0014 (20) > string : * > string : 'norma.com' > dns_forest: struct lsa_StringLarge > length : 0x0012 (18) > size : 0x0014 (20) > string : * > string : 'norma.com' > domain_guid : 13bbf1dd-c5cd-4a86-864e-76c0c938147b > sid : * > sid : S-1-5-21-3780126066-798514342-2262872178 > result : NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : ed28e9fb-1a57-4b4f-b7d4-7d82e95eb828 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 12 >smb_signing_sign_pdu: sent SMB signature of >[0000] DA BF E7 47 CF 79 5B 33 Ú¿çGÏy[3 >smb_signing_md5: sequence number 13 >smb_signing_check_pdu: seq 13: got good SMB signature of >[0000] 67 43 76 22 4E 22 67 7F gCv"N"g. >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 ........ >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >smb_signing_md5: sequence number 14 >smb_signing_sign_pdu: sent SMB signature of >[0000] FB DF BF 68 EF AB 6D 1B ûß¿hï«m. >smb_signing_md5: sequence number 15 >smb_signing_check_pdu: seq 15: got good SMB signature of >[0000] D8 D6 02 C1 19 88 77 73 ØÖ.Á.ws >create_local_private_krb5_conf_for_domain: fname = /var/db/samba/smb_krb5/krb5.conf.SOFTLAB, realm = norma.com, domain = SOFTLAB >saf_fetch[join]: Returning "hq-dc.norma.com" for "norma.com" domain >get_dc_list: preferred server list: "hq-dc.norma.com, hq-gc.norma.com, hq-dc.norma.com" >sitename_fetch: Returning sitename for NORMA.COM: "Crystal" >internal_resolve_name: looking up hq-dc.norma.com#20 (sitename Crystal) >name hq-dc.norma.com#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain norma.com server 192.168.3.34 >sitename_fetch: Returning sitename for NORMA.COM: "Crystal" >internal_resolve_name: looking up hq-gc.norma.com#20 (sitename Crystal) >name hq-gc.norma.com#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain norma.com server 192.168.3.45 >sitename_fetch: Returning sitename for NORMA.COM: "Crystal" >internal_resolve_name: looking up hq-dc.norma.com#20 (sitename Crystal) >name hq-dc.norma.com#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain norma.com server 192.168.3.34 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 2 ip addresses in an ordered list >get_dc_list: 192.168.3.34:389 192.168.3.45:389 >get_kdc_ip_string: Returning kdc = 192.168.3.45 > kdc = 192.168.3.34 > >create_local_private_krb5_conf_for_domain: wrote file /var/db/samba/smb_krb5/krb5.conf.SOFTLAB with realm NORMA.COM KDC list = kdc = 192.168.3.45 > kdc = 192.168.3.34 > >smb_signing_md5: sequence number 16 >smb_signing_sign_pdu: sent SMB signature of >[0000] 7E 72 57 BB 5F E7 3C F8 ~rW»_ç<ø >smb_signing_md5: sequence number 17 >smb_signing_check_pdu: seq 17: got good SMB signature of >[0000] CF 35 3A C6 39 54 F4 D1 Ï5:Æ9TôÑ >Bind RPC Pipe: host HQ-GC.norma.com auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ac > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 18 >smb_signing_sign_pdu: sent SMB signature of >[0000] 76 5E A4 9B 5B 1D 35 7C v^¤[.5| >smb_signing_md5: sequence number 19 >smb_signing_check_pdu: seq 19: got good SMB signature of >[0000] B8 9E A7 A8 44 7B F1 E7 ¸§¨D{ñç >rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00045e5b (286299) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 00 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \samr to machine HQ-GC.norma.com and bound anonymously. > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'HQ-GC.norma.com' > access_mask : 0x00000030 (48) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 1: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000034 (52) > context_id : 0x0000 (0) > opnum : 0x0039 (57) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 20 >smb_signing_sign_pdu: sent SMB signature of >[0000] DF 8F 53 88 14 80 DB 90 ßS.Û >smb_signing_md5: sequence number 21 >smb_signing_check_pdu: seq 21: got good SMB signature of >[0000] E7 1C 4A A1 6F EA 08 7A ç.J¡oê.z >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 ED 7A 51 64 1C 10 FB 4B BC 8E A8 C7 ....ízQd ..ûK¼¨Ç >[0010] 43 59 FC 96 00 00 00 00 CYü.... >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 64517aed-101c-4bfb-bc8e-a8c74359fc96 > result : NT_STATUS_OK > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 64517aed-101c-4bfb-bc8e-a8c74359fc96 > access_mask : 0x00000211 (529) > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 1: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-3780126066-798514342-2262872178 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000034 (52) > context_id : 0x0000 (0) > opnum : 0x0007 (7) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 22 >smb_signing_sign_pdu: sent SMB signature of >[0000] B7 C6 EB EB 5D 36 1E A9 ·Æëë]6.© >smb_signing_md5: sequence number 23 >smb_signing_check_pdu: seq 23: got good SMB signature of >[0000] F0 A9 7D 7E 7D 48 E0 12 ð©}~}Hà. >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 41 92 31 90 FC 5F 64 4B 90 59 30 D2 ....A1 ü_dKY0Ò >[0010] 41 C1 24 56 00 00 00 00 AÁ$V.... >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 90319241-5ffc-4b64-9059-30d241c12456 > result : NT_STATUS_OK >Creating account with desired access mask: -536543056 > samr_CreateUser2: struct samr_CreateUser2 > in: struct samr_CreateUser2 > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 90319241-5ffc-4b64-9059-30d241c12456 > account_name : * > account_name: struct lsa_String > length : 0x001c (28) > size : 0x001c (28) > string : * > string : 'crystal-omega$' > acct_flags : 0x00000080 (128) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > access_mask : 0xe00500b0 (3758424240) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 1: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000004c (76) > context_id : 0x0000 (0) > opnum : 0x0032 (50) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=100, this_data=100, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 24 >smb_signing_sign_pdu: sent SMB signature of >[0000] DC E3 C1 2D A8 EB CD 18 ÜãÁ-¨ëÍ. >smb_signing_md5: sequence number 25 >smb_signing_check_pdu: seq 25: got good SMB signature of >[0000] 2B 47 89 63 16 D0 34 C2 +Gc.Ð4 >rpc_read_send: data_to_read: 40 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=32 >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 C0 ........ ....c..À >Got pdu len 56, data_len 32, ss_len 0 >rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 32 bytes. > samr_CreateUser2: struct samr_CreateUser2 > out: struct samr_CreateUser2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > access_granted : * > access_granted : 0x00000000 (0) > rid : * > rid : 0x00000000 (0) > result : NT_STATUS_USER_EXISTS > samr_LookupNames: struct samr_LookupNames > in: struct samr_LookupNames > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 90319241-5ffc-4b64-9059-30d241c12456 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x001c (28) > size : 0x001c (28) > string : * > string : 'crystal-omega$' > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000054 (84) > context_id : 0x0000 (0) > opnum : 0x0011 (17) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=108, this_data=108, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 26 >smb_signing_sign_pdu: sent SMB signature of >[0000] 25 E8 3B 42 C8 32 88 92 %è;BÈ2 >smb_signing_md5: sequence number 27 >smb_signing_check_pdu: seq 27: got good SMB signature of >[0000] B3 E7 13 8B 4C 12 82 B6 ³ç.L.¶ >rpc_read_send: data_to_read: 44 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=36 >[0000] 01 00 00 00 00 00 02 00 01 00 00 00 07 58 00 00 ........ .....X.. >[0010] 01 00 00 00 04 00 02 00 01 00 00 00 01 00 00 00 ........ ........ >[0020] 00 00 00 00 .... >Got pdu len 60, data_len 36, ss_len 0 >rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 36 bytes. > samr_LookupNames: struct samr_LookupNames > out: struct samr_LookupNames > rids : * > rids: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00005807 (22535) > types : * > types: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00000001 (1) > result : NT_STATUS_OK > samr_OpenUser: struct samr_OpenUser > in: struct samr_OpenUser > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 90319241-5ffc-4b64-9059-30d241c12456 > access_mask : 0x02000000 (33554432) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 0: SAMR_USER_ACCESS_GET_ATTRIBUTES > 0: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 0: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > rid : 0x00005807 (22535) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000001c (28) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 28 >smb_signing_sign_pdu: sent SMB signature of >[0000] EE 21 3C 9F 51 14 4F A4 î!<Q.O¤ >smb_signing_md5: sequence number 29 >smb_signing_check_pdu: seq 29: got good SMB signature of >[0000] 56 43 A6 99 8F 84 4C E2 VC¦Lâ >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 08 88 52 D9 AD D4 9D 4F 96 CB 00 C8 .....RÙ ÔOË.È >[0010] 58 29 26 5C 00 00 00 00 X)&\.... >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > samr_OpenUser: struct samr_OpenUser > out: struct samr_OpenUser > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d9528808-d4ad-4f9d-96cb-00c85829265c > result : NT_STATUS_OK > samr_SetUserInfo: struct samr_SetUserInfo > in: struct samr_SetUserInfo > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d9528808-d4ad-4f9d-96cb-00c85829265c > level : UserControlInformation (16) > info : * > info : union samr_UserInfo(case 16) > info16: struct samr_UserInfo16 > acct_flags : 0x00000280 (640) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 1: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000001c (28) > context_id : 0x0000 (0) > opnum : 0x0025 (37) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 30 >smb_signing_sign_pdu: sent SMB signature of >[0000] C1 69 B7 AF 63 8B 74 CB Ái·¯ctË >smb_signing_md5: sequence number 31 >smb_signing_check_pdu: seq 31: got good SMB signature of >[0000] 02 2E FF 77 2D A2 AA 97 ..ÿw-¢ª >rpc_read_send: data_to_read: 12 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x001c (28) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000004 (4) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=4 >[0000] 00 00 00 00 .... >Got pdu len 28, data_len 4, ss_len 0 >rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 4 bytes. > samr_SetUserInfo: struct samr_SetUserInfo > out: struct samr_SetUserInfo > result : NT_STATUS_OK > samr_SetUserInfo2: struct samr_SetUserInfo2 > in: struct samr_SetUserInfo2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d9528808-d4ad-4f9d-96cb-00c85829265c > level : UserInternal5InformationNew (26) > info : * > info : union samr_UserInfo(case 26) > info26: struct samr_UserInfo26 > password: struct samr_CryptPasswordEx > data : 0738cb1cc629bf1bd0c936e549a2a7bdd8f358453545288344056d985b08dd21844f6866edb360e7eb8c65626a730433a50d27067ce28246d95fe4595ff5af1fce37489d20b0f6c3f87230661612be6ae4a204c696140caa08860d704387660446fbe065e75f06a540daa8a5b2e1eadba7edbce1a8b7a455020e01fc5dbe8b1791bb9ccb7387df80eaaa1e466228b93688c24abb49becd324b79052754ce0b92f11141265adeb1471c5395101e0c5ae6603cdc21f7ba4b20a4e2b12d0f624d143bca6c973d9e0151dab4668de80c1416dddef4cf74b00c7a454d2db0a398259f9796c864e64dab13ec44b3f23ebf97eadab559376ed32acebf100b764da57bc8bbf26a64f62d55e8e28c0c9dc6e854943159419e704498c57c11614b35518ce55eb05d3d24b50d76a5b160afbd6b4f3522a3d80bf0d8b4e67263ac8f62868e24b74a8725b4a96a18ebc9a0878bb0771fa1be4e0380c4dce8205677f0f541267a3cd73a35ca4fedce52d392ed43fa5beff1e99a4bc43c567e4be009ca8bad614e23817c7577cfa39e467a9365d0838eeb6b1435590b4331cd203b143063e14e8388d834e61b02faaece31c3212419e4287ca73c3bc2411addec2280bfa32e41621874d5f67957ac6778a1770e3a088b623cd849a536f3c355cc701d86584146b4282e4288b42c +> >8a20a11d2850490b218ca29a9d838473036f8d0c4c9cd5e10998a308329c50cb5417f0818c3b4bdaa9b28d59f8a7 > password_expired : 0x00 (0) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000022d (557) > context_id : 0x0000 (0) > opnum : 0x003a (58) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=581, this_data=581, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 32 >smb_signing_sign_pdu: sent SMB signature of >[0000] 0E CF D6 3C 1C 96 F4 C1 .ÏÖ<.ôÁ >smb_signing_md5: sequence number 33 >smb_signing_check_pdu: seq 33: got good SMB signature of >[0000] 6F CB 02 22 0D 5E DB C6 oË.".^ÛÆ >rpc_read_send: data_to_read: 12 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x001c (28) > auth_length : 0x0000 (0) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000004 (4) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=4 >[0000] 00 00 00 00 .... >Got pdu len 28, data_len 4, ss_len 0 >rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 4 bytes. > samr_SetUserInfo2: struct samr_SetUserInfo2 > out: struct samr_SetUserInfo2 > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 64517aed-101c-4bfb-bc8e-a8c74359fc96 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0001 (1) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 34 >smb_signing_sign_pdu: sent SMB signature of >[0000] C9 D8 44 44 94 D6 3C 7D ÉØDDÖ<} >smb_signing_md5: sequence number 35 >smb_signing_check_pdu: seq 35: got good SMB signature of >[0000] D3 A7 5A 6C 40 0D 1C 5D Ó§Zl@..] >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 ........ >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 90319241-5ffc-4b64-9059-30d241c12456 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000e (14) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0001 (1) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 36 >smb_signing_sign_pdu: sent SMB signature of >[0000] 1C 75 15 D2 22 DB 37 51 .u.Ò"Û7Q >smb_signing_md5: sequence number 37 >smb_signing_check_pdu: seq 37: got good SMB signature of >[0000] E9 4C D9 18 A3 BE 78 E8 éLÙ.£¾xè >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000e (14) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 ........ >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d9528808-d4ad-4f9d-96cb-00c85829265c > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000f (15) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0001 (1) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host HQ-GC.norma.com >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 38 >smb_signing_sign_pdu: sent SMB signature of >[0000] 64 FB 30 86 2E 86 C2 D4 dû0.ÂÔ >smb_signing_md5: sequence number 39 >smb_signing_check_pdu: seq 39: got good SMB signature of >[0000] 29 0D 34 D7 A2 BB 0E 33 ).4×¢».3 >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000f (15) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 ........ >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host HQ-GC.norma.com returned 24 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >smb_signing_md5: sequence number 40 >smb_signing_sign_pdu: sent SMB signature of >[0000] 79 95 C3 EC 74 8D 9D C5 yÃìtÅ >smb_signing_md5: sequence number 41 >smb_signing_check_pdu: seq 41: got good SMB signature of >[0000] 9F AD 07 A1 19 D8 EE A9 .¡.Øî© >Locking key 534543524554532F5349 >Allocated locked data 0x0x806832760 >Unlocking key 534543524554532F5349 >Locking key 534543524554532F4D41 >Allocated locked data 0x0x8068a9240 >Unlocking key 534543524554532F4D41 >Locking key 534543524554532F4D41 >Allocated locked data 0x0x8068a9240 >Unlocking key 534543524554532F4D41 >Locking key 534543524554532F4D41 >Allocated locked data 0x0x8068a9240 >Unlocking key 534543524554532F4D41 >Locking key 534543524554532F4D41 >Allocated locked data 0x0x8068a9240 >Unlocking key 534543524554532F4D41 >smb_signing_md5: sequence number 42 >smb_signing_sign_pdu: sent SMB signature of >[0000] B3 91 48 49 DD 88 E5 17 ³HIÝå. >smb_signing_md5: sequence number 43 >smb_signing_check_pdu: seq 43: got good SMB signature of >[0000] D6 7F F3 8C 0E 49 AF 99 Ö.ó.I¯ >saf_join_store: domain = [SOFTLAB], server = [HQ-GC.norma.com], expire = [1376639794] >Adding cache entry with key = SAFJOIN/DOMAIN/SOFTLAB and timeout = Fri Aug 16 13:56:34 2013 > (3600 seconds ahead) >saf_join_store: domain = [norma.com], server = [HQ-GC.norma.com], expire = [1376639794] >Adding cache entry with key = SAFJOIN/DOMAIN/NORMA.COM and timeout = Fri Aug 16 13:56:34 2013 > (3600 seconds ahead) >sitename_fetch: Returning sitename for NORMA.COM: "Crystal" >internal_resolve_name: looking up HQ-GC.norma.com#20 (sitename Crystal) >name HQ-GC.norma.com#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >ads_try_connect: sending CLDAP request to 192.168.3.45 (realm: norma.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000011fd (4605) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 13bbf1dd-c5cd-4a86-864e-76c0c938147b > forest : 'norma.com' > dns_domain : 'norma.com' > pdc_dns_name : 'HQ-GC.norma.com' > domain_name : 'SOFTLAB' > pdc_name : 'HQ-GC' > user_name : '' > server_site : 'HQ' > client_site : 'Crystal' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [SOFTLAB], sitename = [Crystal], expire = [2147483647] >Adding cache entry with key = AD_SITENAME/DOMAIN/SOFTLAB and timeout = Tue Jan 19 09:14:07 2038 > (770847453 seconds ahead) >sitename_store: realm = [norma.com], sitename = [Crystal], expire = [2147483647] >Adding cache entry with key = AD_SITENAME/DOMAIN/NORMA.COM and timeout = Tue Jan 19 09:14:07 2038 > (770847453 seconds ahead) >Successfully contacted LDAP server 192.168.3.45 >Opening connection to LDAP server 'HQ-GC.norma.com:389', timeout 15 seconds >Connected to LDAP server 'HQ-GC.norma.com:389' >Connected to LDAP server HQ-GC.norma.com >ads_closest_dc: NBT_SERVER_CLOSEST flag set >saf_store: domain = [SOFTLAB], server = [HQ-GC.norma.com], expire = [1376637094] >Adding cache entry with key = SAF/DOMAIN/SOFTLAB and timeout = Fri Aug 16 13:11:34 2013 > (900 seconds ahead) >saf_store: domain = [norma.com], server = [HQ-GC.norma.com], expire = [1376637094] >Adding cache entry with key = SAF/DOMAIN/NORMA.COM and timeout = Fri Aug 16 13:11:34 2013 > (900 seconds ahead) >time offset is 0 seconds >Found SASL mechanism GSS-SPNEGO >ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore >ads_sasl_spnego_krb5_bind failed with: Miscellaneous failure (see text)¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥Did not find a plugin for ccache_ops : Did not find a plugin for ccache_ops¥¥¥¥¥¥¥¥¥¥¥¥, calling kinit >kerberos_kinit_password: as dca@NORMA.COM using [MEMORY:net_ads] as ccache and config [/var/db/samba/smb_krb5/krb5.conf.SOFTLAB] >kerberos_kinit_password dca@NORMA.COM failed: Looping detected inside krb5_get_in_tkt >libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'SOFTLAB' > dns_domain_name : 'norma.com' > forest_name : 'norma.com' > dn : NULL > domain_sid : * > domain_sid : S-1-5-21-3780126066-798514342-2262872178 > modified_config : 0x00 (0) > error_string : 'failed to connect to AD: Looping detected inside krb5_get_in_tkt' > domain_is_ad : 0x01 (1) > result : WERR_GENERAL_FAILURE >lang_tdb_init: /usr/local/lib/samba/ru_RU.KOI8-R.msg: îÅÔ ÔÁËÏÇÏ ÆÁÊÌÁ ÉÌÉ ËÁÔÁÌÏÇÁ >Failed to join domain: failed to connect to AD: Looping detected inside krb5_get_in_tkt >return code = -1 >[emz@ural85-gw0-omega:/var/db/samba]# ^Dexit > >Script done on Fri Aug 16 12:56:35 2013
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 10093
:
9140
| 9141