[2014/04/25 09:50:35.105344, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[ProjectManagement]" doing parameter comment = Project Management Directories doing parameter path = /home/projects/ProjectManagement doing parameter browseable = yes doing parameter writable = yes doing parameter inherit permissions = yes [2014/04/25 09:50:35.107213, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[adi]" doing parameter comment = Adi Software Directories doing parameter path = /home/projects/adirel doing parameter browseable = yes doing parameter writable = yes [2014/04/25 09:50:35.107743, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[ariel]" doing parameter comment = Software Development Directories doing parameter path = /home/projects/ariel doing parameter browseable = yes doing parameter writable = yes [2014/04/25 09:50:35.108194, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[proteus]" doing parameter comment = Software Development Directories doing parameter path = /home/projects/proteus doing parameter browseable = yes doing parameter writable = yes [2014/04/25 09:50:35.108678, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[support]" doing parameter comment = Customer Support Directories doing parameter path = /home/users/support doing parameter browseable = yes doing parameter writable = yes doing parameter create mask = 0777 doing parameter force create mode = 0666 [2014/04/25 09:50:35.109351, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[scanner]" doing parameter comment = Customer Support Directories doing parameter path = /home/users/scanner doing parameter browseable = yes doing parameter writable = yes [2014/04/25 09:50:35.109796, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[hwdesign]" doing parameter comment = Hardware Design Directories doing parameter path = /home/projects/hwdesign doing parameter browseable = yes doing parameter writable = yes doing parameter inherit permissions = yes [2014/04/25 09:50:35.110348, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[HR Recruitment]" doing parameter comment = HR Recruitment doing parameter path = /home/projects/HR_Recruitment doing parameter browseable = yes doing parameter writable = yes doing parameter inherit permissions = yes [2014/04/25 09:50:35.110875, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[www]" doing parameter comment = Hardware Design Directories doing parameter path = /home/projects/www doing parameter browseable = yes doing parameter writable = yes [2014/04/25 09:50:35.111344, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[hr]" doing parameter comment = Human Resources doing parameter path = /home/projects/hr doing parameter browseable = yes doing parameter writable = yes [2014/04/25 09:50:35.111783, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[W000Axxxx]" doing parameter comment = Hardware Design W000Axxxx Directory doing parameter path = /home/projects/hwdesign/Release/W_Software/W000Axxxx doing parameter browseable = yes doing parameter writable = no [2014/04/25 09:50:35.112233, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[W_Software]" doing parameter comment = Hardware Design W_Software Directory doing parameter path = /home/projects/hwdesign/Release/W_Software doing parameter browseable = yes doing parameter writable = no [2014/04/25 09:50:35.112764, 2, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[printers]" doing parameter comment = All Printers doing parameter path = /var/tmp/samba doing parameter browseable = no doing parameter writable = no doing parameter printable = yes [2014/04/25 09:50:35.113413, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4877(lp_load_ex) pm_process() returned Yes [2014/04/25 09:50:35.113679, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1773(lp_add_ipc) adding IPC service [2014/04/25 09:50:35.113922, 5, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:115(make_user_info_map) Mapping user [ADI]\[schulz] from workstation [FANGTOOTH] [2014/04/25 09:50:35.114752, 10, pid=4217, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[TDOMCACHE/TIMESTAMP] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1398433835 seconds in the past) [2014/04/25 09:50:35.115129, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/trustdom_cache.c:195(trustdom_cache_fetch_timestamp) no timestamp for trusted domain cache located. [2014/04/25 09:50:35.115366, 10, pid=4217, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[TDOMCACHE/TIMESTAMP] and timeout=[Fri Apr 25 10:00:35 AM 2014 EDT] (600 seconds ahead) [2014/04/25 09:50:35.115603, 10, pid=4217, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[TDOMCACHE/TIMESTAMP] and timeout=[Fri Apr 25 10:00:35 AM 2014 EDT] (600 seconds ahead) [2014/04/25 09:50:35.115904, 8, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3289(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name ADI (sitename NULL) [2014/04/25 09:50:35.116191, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:211(saf_fetch) saf_fetch: Returning "STARFISH2" for "ADI" domain [2014/04/25 09:50:35.116385, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3102(get_dc_list) get_dc_list: preferred server list: "STARFISH2, starfish2" [2014/04/25 09:50:35.116642, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:102(sitename_fetch) sitename_fetch: No stored sitename for [2014/04/25 09:50:35.116781, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up STARFISH2#20 (sitename (null)) [2014/04/25 09:50:35.116959, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch) name STARFISH2#20 found. [2014/04/25 09:50:35.117386, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/04/25 09:50:35.117674, 9, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ADI server 192.168.2.178 [2014/04/25 09:50:35.117864, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:102(sitename_fetch) sitename_fetch: No stored sitename for [2014/04/25 09:50:35.117985, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up starfish2#20 (sitename (null)) [2014/04/25 09:50:35.118141, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch) name starfish2#20 found. [2014/04/25 09:50:35.118406, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/04/25 09:50:35.118574, 9, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ADI server 192.168.2.178 [2014/04/25 09:50:35.118757, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/04/25 09:50:35.118924, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3239(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2014/04/25 09:50:35.119045, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3240(get_dc_list) get_dc_list: 192.168.2.178:0 [2014/04/25 09:50:35.119226, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:916(name_status_find) name_status_find: looking up ADI#1c at 192.168.2.178 [2014/04/25 09:50:35.119449, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:299(namecache_status_fetch) namecache_status_fetch: no entry for NBT/ADI#1C.20.192.168.2.178 found. [2014/04/25 09:50:35.120001, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:499(open_socket_in) bind succeeded on port 0 [2014/04/25 09:50:35.123171, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:550(parse_nmb) parse_nmb: packet id = 30619 [2014/04/25 09:50:35.123541, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet) nmb packet from 192.168.2.178(35072) header: id=30619 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=ADI<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .STARFISH2 hex 10535441524649534832202020202020 answers 10 char .D.STARFISH2 hex 00440053544152464953483220202020 answers 20 char D.ADI hex 20202044004144492020202020202020 answers 30 char ...ADI hex 2020202000C400414449202020202020 answers 40 char ...ADI hex 2020202020201CC40041444920202020 answers 50 char .D.ADI hex 20202020202020201B44004144492020 answers 60 char ...ADI hex 202020202020202020201EC400414449 answers 70 char .D.. hex 2020202020202020202020201D440001 answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201C4 answers 90 char .STARFISH2 hex 00535441524649534832202020202020 answers a0 char .D.STARFISH2$ hex 03440053544152464953483224202020 answers b0 char .D.INet~Servic hex 2020034400494E65747E536572766963 answers c0 char es ...ADMINISTR hex 657320201CC40041444D494E49535452 answers d0 char ATOR .D.IS~STAR hex 41544F52202003440049537E53544152 answers e0 char FISH2....D.JFCEN hex 46495348320000000044004A4643454E answers f0 char TRAL .D.STA hex 5452414C202020202020034400535441 answers 100 char RFISH2 BD.S hex 52464953483220202020202042440053 answers 110 char TARFISH2 .D hex 5441524649534832202020202020BE44 answers 120 char ...[8.......... hex 0000065B38177F000000000000000000 answers 130 char ................ hex 00000000000000000000000000000000 answers 140 char ............... hex 000000000000000000000000000000 [2014/04/25 09:50:35.125769, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#00: flags = 0x44 [2014/04/25 09:50:35.125931, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#20: flags = 0x44 [2014/04/25 09:50:35.126052, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#00: flags = 0xc4 [2014/04/25 09:50:35.126170, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1c: flags = 0xc4 [2014/04/25 09:50:35.126324, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1b: flags = 0x44 [2014/04/25 09:50:35.126499, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1e: flags = 0xc4 [2014/04/25 09:50:35.126616, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1d: flags = 0x44 [2014/04/25 09:50:35.126733, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) __MSBROWSE__#01: flags = 0xc4 [2014/04/25 09:50:35.126850, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#03: flags = 0x44 [2014/04/25 09:50:35.126967, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2$#03: flags = 0x44 [2014/04/25 09:50:35.127083, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) INet~Services#1c: flags = 0xc4 [2014/04/25 09:50:35.127200, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADMINISTRATOR#03: flags = 0x44 [2014/04/25 09:50:35.127343, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) IS~STARFISH2#00: flags = 0x44 [2014/04/25 09:50:35.127460, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) JFCENTRAL#03: flags = 0x44 [2014/04/25 09:50:35.127577, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#42: flags = 0x44 [2014/04/25 09:50:35.127693, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#be: flags = 0x44 [2014/04/25 09:50:35.127872, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:962(name_status_find) name_status_find: name found, name STARFISH2 ip address is 192.168.2.178 [2014/04/25 09:50:35.128094, 9, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ADI server STARFISH2 [2014/04/25 09:50:35.128235, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:209(rpc_dc_name) rpc_dc_name: Returning DC STARFISH2 (192.168.2.178) for domain ADI [2014/04/25 09:50:35.128671, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:585(open_socket_out_send) Connecting to 192.168.2.178 at port 445 [2014/04/25 09:50:35.129550, 5, pid=4217, effective(0, 0), real(0, 0)] ../lib/util/util_net.c:848(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 [2014/04/25 09:50:35.136854, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/clientgen.c:124(cli_init_creds) cli_init_creds: user domain [2014/04/25 09:50:35.139527, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1604(rpc_pipe_bind_send) Bind RPC Pipe: host STARFISH2 auth_type 0, auth_level 1 [2014/04/25 09:50:35.140063, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2014/04/25 09:50:35.142006, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.142399, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.144569, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 52 [2014/04/25 09:50:35.145118, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x001634d1 (1455313) secondary_address_size : 0x000c (12) secondary_address : '\PIPE\lsass' _pad1 : DATA_BLOB length=2 [0000] 7C 0C |. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2014/04/25 09:50:35.146896, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.147043, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 68 bytes. [2014/04/25 09:50:35.147199, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1470(check_bind_response) check_bind_response: accepted! [2014/04/25 09:50:35.147372, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:2941(cli_rpc_pipe_open_noauth_transport) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine STARFISH2 and bound anonymously. [2014/04/25 09:50:35.147737, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2014/04/25 09:50:35.149669, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 [2014/04/25 09:50:35.150911, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.151130, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.153393, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 32 [2014/04/25 09:50:35.153687, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 78 5A 29 F5 EC 6E 8D 4C B0 75 05 04 ....xZ). .n.L.u.. [0010] C0 F7 42 BC 00 00 00 00 ..B..... [2014/04/25 09:50:35.155174, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:449(cli_pipe_validate_current_pdu) Got pdu len 48, data_len 24, ss_len 0 [2014/04/25 09:50:35.155330, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.155455, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 24 bytes. [2014/04/25 09:50:35.155673, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : f5295a78-6eec-4c8d-b075-0504c0f742bc result : NT_STATUS_OK [2014/04/25 09:50:35.156205, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : f5295a78-6eec-4c8d-b075-0504c0f742bc resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2014/04/25 09:50:35.156837, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x000d (13) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 [2014/04/25 09:50:35.157989, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.158233, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.160363, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 24 [2014/04/25 09:50:35.160643, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0028 (40) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000010 (16) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=16 [0000] FF FF FF FF 00 00 00 00 00 00 00 00 1A 00 00 80 ........ ........ [2014/04/25 09:50:35.161906, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:449(cli_pipe_validate_current_pdu) Got pdu len 40, data_len 16, ss_len 0 [2014/04/25 09:50:35.162031, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 40 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.162155, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 16 bytes. [2014/04/25 09:50:35.162357, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0xffffffff (4294967295) domains : * domains: struct lsa_DomainList count : 0x00000000 (0) domains : NULL result : NT_STATUS_NO_MORE_ENTRIES [2014/04/25 09:50:35.162943, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/trustdom_cache.c:344(enumerate_domain_trusts) enumerate_domain_trusts: shutting down connection... [2014/04/25 09:50:35.165550, 10, pid=4217, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[TDOMCACHE/TIMESTAMP] and timeout=[Wed Dec 31 07:10:00 PM 1969 EST] (-1398433235 seconds in the past) [2014/04/25 09:50:35.166031, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/trustdom_cache.c:164(trustdom_cache_fetch) no entry for trusted domain ADI found. [2014/04/25 09:50:35.166238, 5, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:61(make_user_info) attempting to make a user_info for schulz (schulz) [2014/04/25 09:50:35.166421, 5, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:72(make_user_info) making strings for schulz's user_info struct [2014/04/25 09:50:35.166621, 5, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:92(make_user_info) making blobs for schulz's user_info struct [2014/04/25 09:50:35.166746, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:128(make_user_info) made a user_info for schulz (schulz) [2014/04/25 09:50:35.166869, 3, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [ADI]\[schulz]@[FANGTOOTH] with the new password interface [2014/04/25 09:50:35.166992, 3, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [ADI]\[schulz]@[FANGTOOTH] [2014/04/25 09:50:35.167111, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:189(auth_check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2014/04/25 09:50:35.167232, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:191(auth_check_ntlm_password) challenge is: [2014/04/25 09:50:35.167381, 5, pid=4217, effective(0, 0), real(0, 0)] ../lib/util/util.c:556(dump_data) [0000] 9A 8E 31 5E 9F 07 0F 0F ..1^.... [2014/04/25 09:50:35.167552, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_builtin.c:44(check_guest_security) Check auth for: [schulz] [2014/04/25 09:50:35.167668, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:217(auth_check_ntlm_password) check_ntlm_password: guest had nothing to say [2014/04/25 09:50:35.167794, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [schulz] [2014/04/25 09:50:35.167921, 8, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1191(is_myname) is_myname("ADI") returns 0 [2014/04/25 09:50:35.168042, 6, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth) check_samstrict_security: ADI is not one of my local names (ROLE_DOMAIN_MEMBER) [2014/04/25 09:50:35.168163, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:217(auth_check_ntlm_password) check_ntlm_password: sam had nothing to say [2014/04/25 09:50:35.168317, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security) Check auth for: [schulz] [2014/04/25 09:50:35.168445, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2014/04/25 09:50:35.168569, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2014/04/25 09:50:35.168689, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2014/04/25 09:50:35.168807, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.168922, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.169482, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.169644, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_winbind.c:105(check_winbind_security) check_winbind_security: wbcAuthenticateUserEx failed: WBC_ERR_WINBIND_NOT_AVAILABLE [2014/04/25 09:50:35.169807, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_domain.c:320(check_ntdomain_security) Check auth for: [schulz] [2014/04/25 09:50:35.169956, 8, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3289(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name ADI (sitename NULL) [2014/04/25 09:50:35.170246, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:211(saf_fetch) saf_fetch: Returning "STARFISH2" for "ADI" domain [2014/04/25 09:50:35.170419, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3102(get_dc_list) get_dc_list: preferred server list: "STARFISH2, starfish2" [2014/04/25 09:50:35.170600, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:102(sitename_fetch) sitename_fetch: No stored sitename for [2014/04/25 09:50:35.170720, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up STARFISH2#20 (sitename (null)) [2014/04/25 09:50:35.170871, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch) name STARFISH2#20 found. [2014/04/25 09:50:35.171152, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/04/25 09:50:35.171360, 9, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ADI server 192.168.2.178 [2014/04/25 09:50:35.171528, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:102(sitename_fetch) sitename_fetch: No stored sitename for [2014/04/25 09:50:35.171647, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up starfish2#20 (sitename (null)) [2014/04/25 09:50:35.171798, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch) name starfish2#20 found. [2014/04/25 09:50:35.171995, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/04/25 09:50:35.172153, 9, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ADI server 192.168.2.178 [2014/04/25 09:50:35.172304, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/04/25 09:50:35.172433, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3239(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2014/04/25 09:50:35.172551, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3240(get_dc_list) get_dc_list: 192.168.2.178:0 [2014/04/25 09:50:35.172687, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:916(name_status_find) name_status_find: looking up ADI#1c at 192.168.2.178 [2014/04/25 09:50:35.172841, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:299(namecache_status_fetch) namecache_status_fetch: no entry for NBT/ADI#1C.20.192.168.2.178 found. [2014/04/25 09:50:35.173212, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:499(open_socket_in) bind succeeded on port 0 [2014/04/25 09:50:35.175879, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:550(parse_nmb) parse_nmb: packet id = 10399 [2014/04/25 09:50:35.176164, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/nmblib.c:108(debug_nmb_packet) nmb packet from 192.168.2.178(35072) header: id=10399 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=ADI<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .STARFISH2 hex 10535441524649534832202020202020 answers 10 char .D.STARFISH2 hex 00440053544152464953483220202020 answers 20 char D.ADI hex 20202044004144492020202020202020 answers 30 char ...ADI hex 2020202000C400414449202020202020 answers 40 char ...ADI hex 2020202020201CC40041444920202020 answers 50 char .D.ADI hex 20202020202020201B44004144492020 answers 60 char ...ADI hex 202020202020202020201EC400414449 answers 70 char .D.. hex 2020202020202020202020201D440001 answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201C4 answers 90 char .STARFISH2 hex 00535441524649534832202020202020 answers a0 char .D.STARFISH2$ hex 03440053544152464953483224202020 answers b0 char .D.INet~Servic hex 2020034400494E65747E536572766963 answers c0 char es ...ADMINISTR hex 657320201CC40041444D494E49535452 answers d0 char ATOR .D.IS~STAR hex 41544F52202003440049537E53544152 answers e0 char FISH2....D.JFCEN hex 46495348320000000044004A4643454E answers f0 char TRAL .D.STA hex 5452414C202020202020034400535441 answers 100 char RFISH2 BD.S hex 52464953483220202020202042440053 answers 110 char TARFISH2 .D hex 5441524649534832202020202020BE44 answers 120 char ...[8.......... hex 0000065B38177F000000000000000000 answers 130 char ................ hex 00000000000000000000000000000000 answers 140 char ............... hex 000000000000000000000000000000 [2014/04/25 09:50:35.178358, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#00: flags = 0x44 [2014/04/25 09:50:35.178504, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#20: flags = 0x44 [2014/04/25 09:50:35.178622, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#00: flags = 0xc4 [2014/04/25 09:50:35.178740, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1c: flags = 0xc4 [2014/04/25 09:50:35.178856, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1b: flags = 0x44 [2014/04/25 09:50:35.178972, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1e: flags = 0xc4 [2014/04/25 09:50:35.179088, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADI#1d: flags = 0x44 [2014/04/25 09:50:35.179203, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) __MSBROWSE__#01: flags = 0xc4 [2014/04/25 09:50:35.179351, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#03: flags = 0x44 [2014/04/25 09:50:35.179468, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2$#03: flags = 0x44 [2014/04/25 09:50:35.179583, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) INet~Services#1c: flags = 0xc4 [2014/04/25 09:50:35.179699, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) ADMINISTRATOR#03: flags = 0x44 [2014/04/25 09:50:35.179815, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) IS~STARFISH2#00: flags = 0x44 [2014/04/25 09:50:35.179931, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) JFCENTRAL#03: flags = 0x44 [2014/04/25 09:50:35.180047, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#42: flags = 0x44 [2014/04/25 09:50:35.180163, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:278(parse_node_status) STARFISH2#be: flags = 0x44 [2014/04/25 09:50:35.180321, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:962(name_status_find) name_status_find: name found, name STARFISH2 ip address is 192.168.2.178 [2014/04/25 09:50:35.180561, 9, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ADI server STARFISH2 [2014/04/25 09:50:35.180694, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:209(rpc_dc_name) rpc_dc_name: Returning DC STARFISH2 (192.168.2.178) for domain ADI [2014/04/25 09:50:35.181608, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:585(open_socket_out_send) Connecting to 192.168.2.178 at port 445 [2014/04/25 09:50:35.182378, 5, pid=4217, effective(0, 0), real(0, 0)] ../lib/util/util_net.c:848(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 [2014/04/25 09:50:35.188534, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/clientgen.c:124(cli_init_creds) cli_init_creds: user domain [2014/04/25 09:50:35.190720, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1604(rpc_pipe_bind_send) Bind RPC Pipe: host STARFISH2 auth_type 0, auth_level 1 [2014/04/25 09:50:35.191000, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2014/04/25 09:50:35.192683, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.192894, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.194773, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 52 [2014/04/25 09:50:35.195081, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x001634d2 (1455314) secondary_address_size : 0x000c (12) secondary_address : '\PIPE\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 80 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2014/04/25 09:50:35.196851, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.196981, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 68 bytes. [2014/04/25 09:50:35.197118, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1470(check_bind_response) check_bind_response: accepted! [2014/04/25 09:50:35.197251, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:2941(cli_rpc_pipe_open_noauth_transport) cli_rpc_pipe_open_noauth: opened pipe \netlogon to machine STARFISH2 and bound anonymously. [2014/04/25 09:50:35.197911, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\STARFISH2' computer_name : * computer_name : 'BREAM' credentials : * credentials: struct netr_Credential data : baa3056c73eb2b94 [2014/04/25 09:50:35.198672, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000048 (72) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 [2014/04/25 09:50:35.199908, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.200123, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=96, this_data=96, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.202237, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 20 [2014/04/25 09:50:35.202546, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=12 [0000] 11 E9 D6 32 78 3E 3A 80 00 00 00 00 ...2x>:. .... [2014/04/25 09:50:35.203806, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:449(cli_pipe_validate_current_pdu) Got pdu len 36, data_len 12, ss_len 0 [2014/04/25 09:50:35.203930, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.204052, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 12 bytes. [2014/04/25 09:50:35.204231, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 11e9d632783e3a80 result : NT_STATUS_OK [2014/04/25 09:50:35.205570, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\STARFISH2' account_name : * account_name : 'BREAM$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'BREAM' credentials : * credentials: struct netr_Credential data : 47e767d9e4aaa1b3 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2014/04/25 09:50:35.207876, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x000f (15) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 [2014/04/25 09:50:35.209040, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.209281, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=128, this_data=128, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.212425, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 24 [2014/04/25 09:50:35.212702, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0028 (40) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000010 (16) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=16 [0000] 1D D3 94 34 B2 26 07 B6 FF FF 07 60 00 00 00 00 ...4.&.. ...`.... [2014/04/25 09:50:35.214026, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:449(cli_pipe_validate_current_pdu) Got pdu len 40, data_len 16, ss_len 0 [2014/04/25 09:50:35.214151, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 40 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.214299, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 16 bytes. [2014/04/25 09:50:35.214483, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 1dd39434b22607b6 negotiate_flags : * negotiate_flags : 0x6007ffff (1611137023) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_OK [2014/04/25 09:50:35.216253, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_netlogon.c:148(rpccli_netlogon_setup_creds) rpccli_netlogon_setup_creds: server STARFISH2 credential chain established. [2014/04/25 09:50:35.218442, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1604(rpc_pipe_bind_send) Bind RPC Pipe: host STARFISH2 auth_type 68, auth_level 6 [2014/04/25 09:50:35.218819, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct NL_AUTH_MESSAGE MessageType : NL_NEGOTIATE_REQUEST (0x0) Flags : 0x00000003 (3) 1: NL_FLAG_OEM_NETBIOS_DOMAIN_NAME 1: NL_FLAG_OEM_NETBIOS_COMPUTER_NAME 0: NL_FLAG_UTF8_DNS_DOMAIN_NAME 0: NL_FLAG_UTF8_DNS_HOST_NAME 0: NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME oem_netbios_domain : 'ADI' oem_netbios_computer : 'BREAM' [2014/04/25 09:50:35.219556, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=18 [0000] 00 00 00 00 03 00 00 00 41 44 49 00 42 52 45 41 ........ ADI.BREA [0010] 4D 00 M. [2014/04/25 09:50:35.220243, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0062 (98) auth_length : 0x0012 (18) call_id : 0x00000007 (7) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=26 [0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ [0010] 41 44 49 00 42 52 45 41 4D 00 ADI.BREA M. [2014/04/25 09:50:35.222086, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.222326, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=98, this_data=98, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.224324, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 72 [2014/04/25 09:50:35.224638, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0058 (88) auth_length : 0x000c (12) call_id : 0x00000007 (7) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x001634d3 (1455315) secondary_address_size : 0x000c (12) secondary_address : '\PIPE\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=20 [0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ [0010] 00 00 53 00 ..S. [2014/04/25 09:50:35.226559, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.226685, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 88 bytes. [2014/04/25 09:50:35.226821, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1470(check_bind_response) check_bind_response: accepted! [2014/04/25 09:50:35.226973, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:146(netlogon_creds_step) seed d967e747:b3a1aae4 [2014/04/25 09:50:35.227097, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:151(netlogon_creds_step) seed+time 2cc24f74:b3a1aae4 [2014/04/25 09:50:35.227584, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:156(netlogon_creds_step) CLIENT 6a04dce6:bec5fff3 [2014/04/25 09:50:35.227705, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:162(netlogon_creds_step) seed+time+1 2cc24f75:b3a1aae4 [2014/04/25 09:50:35.228158, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:167(netlogon_creds_step) SERVER d14855c0:80d77f41 [2014/04/25 09:50:35.228426, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_LogonGetCapabilities: struct netr_LogonGetCapabilities in: struct netr_LogonGetCapabilities server_name : * server_name : '\\STARFISH2' computer_name : * computer_name : 'BREAM' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : e6dc046af3ffc5be timestamp : Fri Apr 25 09:50:37 AM 2014 EDT return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 query_level : 0x00000001 (1) [2014/04/25 09:50:35.229568, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0020 (32) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000005c (92) context_id : 0x0000 (0) opnum : 0x0015 (21) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 [2014/04/25 09:50:35.230800, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x04 (4) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 [2014/04/25 09:50:35.231214, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:466(add_schannel_auth_footer) add_schannel_auth_footer: SCHANNEL seq_num=0 [2014/04/25 09:50:35.231620, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : 18b01e1b4fbc7d33 Checksum : 9f46cf5a4cd6fa7a Confounder : 4296e427a72d6dfa [2014/04/25 09:50:35.232112, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.232360, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=160, this_data=160, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.234492, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 80 [2014/04/25 09:50:35.234784, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0060 (96) auth_length : 0x0020 (32) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=72 [0000] 1A 29 75 BD 27 CA 80 A3 2C 3D 7D 89 17 F1 26 22 .)u.'... ,=}...&" [0010] 46 60 7A D5 9D D0 CD 34 B0 03 E9 0D B0 F5 66 3C F`z....4 ......f< [0020] 44 06 08 00 01 00 00 00 77 00 7A 00 FF FF 00 00 D....... w.z..... [0030] E3 4B B3 5A E5 1F 8D AF A0 38 3C 09 17 18 CD EB .K.Z.... .8<..... [0040] DA CC 34 2C 9F EB F9 01 ..4,.... [2014/04/25 09:50:35.236561, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:656(dcerpc_check_auth) Requested Privacy. [2014/04/25 09:50:35.236785, 6, pid=4217, effective(0, 0), real(0, 0)] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer) ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 8 [2014/04/25 09:50:35.236929, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:732(dcerpc_check_auth) SCHANNEL auth [2014/04/25 09:50:35.237203, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:449(cli_pipe_validate_current_pdu) Got pdu len 96, data_len 24, ss_len 8 [2014/04/25 09:50:35.237359, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 96 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.237484, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 24 bytes. [2014/04/25 09:50:35.237726, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_LogonGetCapabilities: struct netr_LogonGetCapabilities out: struct netr_LogonGetCapabilities return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 capabilities : * capabilities : union netr_Capabilities(case 1) server_capabilities : 0x00000000 (0) 0: NETLOGON_NEG_ACCOUNT_LOCKOUT 0: NETLOGON_NEG_PERSISTENT_SAMREPL 0: NETLOGON_NEG_ARCFOUR 0: NETLOGON_NEG_PROMOTION_COUNT 0: NETLOGON_NEG_CHANGELOG_BDC 0: NETLOGON_NEG_FULL_SYNC_REPL 0: NETLOGON_NEG_MULTIPLE_SIDS 0: NETLOGON_NEG_REDO 0: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 0: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_NOT_IMPLEMENTED [2014/04/25 09:50:35.239783, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1864(rpc_pipe_bind_step_two_done) We are checking against an old Samba version - NT_STATUS_NOT_IMPLEMENTED [2014/04/25 09:50:35.239948, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:3074(cli_rpc_pipe_open_schannel_with_key) cli_rpc_pipe_open_schannel_with_key: opened pipe \netlogon to machine STARFISH2 for domain ADI and bound using schannel. [2014/04/25 09:50:35.241906, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:86(saf_store) saf_store: domain = [ADI], server = [STARFISH2], expire = [1398434735] [2014/04/25 09:50:35.242299, 10, pid=4217, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for SAF/DOMAIN/ADI, we already got it [2014/04/25 09:50:35.242516, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:146(netlogon_creds_step) seed d967e747:b3a1aae4 [2014/04/25 09:50:35.242645, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:151(netlogon_creds_step) seed+time 2cc24f74:b3a1aae4 [2014/04/25 09:50:35.243110, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:156(netlogon_creds_step) CLIENT 6a04dce6:bec5fff3 [2014/04/25 09:50:35.243228, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:162(netlogon_creds_step) seed+time+1 2cc24f75:b3a1aae4 [2014/04/25 09:50:35.243712, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/auth/credentials.c:167(netlogon_creds_step) SERVER d14855c0:80d77f41 [2014/04/25 09:50:35.243924, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_LogonSamLogon: struct netr_LogonSamLogon in: struct netr_LogonSamLogon server_name : * server_name : '\\STARFISH2' computer_name : * computer_name : 'BREAM' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : e6dc046af3ffc5be timestamp : Fri Apr 25 09:50:37 AM 2014 EDT return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 logon_level : NetlogonNetworkInformation (2) logon : * logon : union netr_LogonLevel(case 2) network : * network: struct netr_NetworkInfo identity_info: struct netr_IdentityInfo domain_name: struct lsa_String length : 0x0006 (6) size : 0x0006 (6) string : * string : 'ADI' parameter_control : 0x00000820 (2080) 0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0: MSV1_0_UPDATE_LOGON_STATISTICS 0: MSV1_0_RETURN_USER_PARAMETERS 0: MSV1_0_DONT_TRY_GUEST_ACCOUNT 1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0: MSV1_0_RETURN_PASSWORD_EXPIRY 0: MSV1_0_USE_CLIENT_CHALLENGE 0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0: MSV1_0_RETURN_PROFILE_PATH 0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0: MSV1_0_DISABLE_PERSONAL_FALLBACK 0: MSV1_0_ALLOW_FORCE_GUEST 0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0: MSV1_0_ALLOW_MSVCHAPV2 0: MSV1_0_S4U2SELF 0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0: MSV1_0_SUBAUTHENTICATION_DLL_EX logon_id_low : 0x0000dead (57005) logon_id_high : 0x0000beef (48879) account_name: struct lsa_String length : 0x000c (12) size : 0x000c (12) string : * string : 'schulz' workstation: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : '\\FANGTOOTH' challenge : 9a8e315e9f070f0f nt: struct netr_ChallengeResponse length : 0x00ec (236) size : 0x00ec (236) data : * data : 2f106dfff709d49730650650eb89484c01010000000000009eb79f558d60cf01a49a524c46d02d7d000000000200060041004400490001000a0042005200450041004d0004000e006100640069002e0063006f006d0003001a0062007200650061006d002e006100640069002e0063006f006d000800300030000000000000000000000000200000f4c912000052c1d14a641a6cee5f6deaa819ceab672dbeddb2920150972af61b0a001000000000000000000000000000000000000900240063006900660073002f0062007200650061006d002e006100640069002e0063006f006d000000000000000000 lm: struct netr_ChallengeResponse length : 0x0018 (24) size : 0x0018 (24) data : * data : 000000000000000000000000000000000000000000000000 validation_level : 0x0003 (3) [2014/04/25 09:50:35.248227, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0020 (32) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000216 (534) context_id : 0x0000 (0) opnum : 0x0002 (2) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 [2014/04/25 09:50:35.249460, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x02 (2) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 [2014/04/25 09:50:35.249883, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:466(add_schannel_auth_footer) add_schannel_auth_footer: SCHANNEL seq_num=2 [2014/04/25 09:50:35.250236, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : 1ab8001d15d3458d Checksum : e78ae2ffdc28813c Confounder : c10ee3ea61ab8660 [2014/04/25 09:50:35.250790, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send) rpc_api_pipe: host STARFISH2 [2014/04/25 09:50:35.251008, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=600, this_data=600, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 [2014/04/25 09:50:35.254247, 5, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) rpc_read_send: data_to_read: 416 [2014/04/25 09:50:35.254564, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x01b0 (432) auth_length : 0x0020 (32) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000168 (360) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=408 [0000] EB C8 E4 86 5E 5E E6 9E 78 EC F4 E5 81 13 46 3A ....^^.. x.....F: [0010] AF C1 DC 26 4B 07 BD E1 09 A0 3B A6 2E 78 97 94 ...&K... ..;..x.. [0020] 51 56 B9 69 4F 2B 37 DF 2F DC D8 64 E6 27 E3 57 QV.iO+7. /..d.'.W [0030] DF 61 D4 38 CD C2 71 55 A8 CE 1E 03 B9 08 17 F4 .a.8..qU ........ [0040] E8 30 AE 46 6B 70 BE 72 96 11 56 8F 3A 38 F7 BD .0.Fkp.r ..V.:8.. [0050] 26 64 3B 60 55 2D 40 72 F9 9F 29 54 1D 98 63 4F &d;`U-@r ..)T..cO [0060] 0D 3B F5 0A 98 81 55 1C 05 56 C8 A7 BC F5 5D 5F .;....U. .V....]_ [0070] 41 F9 4C A3 EA 89 22 08 30 A2 6E B0 C7 E6 51 83 A.L...". 0.n...Q. [0080] AA AA 37 24 35 72 51 F2 86 B7 26 B9 59 9A 45 A2 ..7$5rQ. ..&.Y.E. [0090] 6E 5A 4F A7 51 4C 0B C3 8C 03 B2 E4 DB 96 28 E3 nZO.QL.. ......(. [00A0] 4D C3 7F 84 64 39 BE 98 5A 61 4D CB 71 F4 54 69 M...d9.. ZaM.q.Ti [00B0] 02 1E DD 00 73 A1 D1 05 04 6F C3 A7 91 8C B1 43 ....s... .o.....C [00C0] 09 C3 53 44 62 F0 0B 05 17 0E C3 77 4D 2B CA 3D ..SDb... ...wM+.= [00D0] A9 46 B8 09 A1 E9 4F B7 E3 D3 A1 77 FE 68 33 6D .F....O. ...w.h3m [00E0] BC 9F 31 D3 C2 58 09 2D DA BF D3 04 53 08 E0 ED ..1..X.- ....S... [00F0] C2 EE A3 A4 82 06 62 24 4C C7 3D CD A5 45 81 9D ......b$ L.=..E.. [0100] 09 13 D6 29 E6 93 D9 DA AC 9B 49 98 AB 44 98 6D ...).... ..I..D.m [0110] A3 6C A0 C0 2A AD BB C5 94 E2 C9 7D 0E 82 DD 6F .l..*... ...}...o [0120] A2 8B D3 8A B4 68 FB D7 45 E3 A0 C4 7D DE 40 1C .....h.. E...}.@. [0130] E6 26 00 80 7C AC 32 E2 58 2A E2 54 2B 01 1E 94 .&..|.2. X*.T+... [0140] 8E 95 C1 E0 3B E7 D0 17 72 FB 11 24 84 D5 7E 50 ....;... r..$..~P [0150] 19 59 84 63 3F F6 B6 C9 B9 D7 2E 81 DB D9 73 21 .Y.c?... ......s! [0160] E7 55 71 C8 78 41 4B DE 87 8E 9F 52 7C 40 B9 9F .Uq.xAK. ...R|@.. [0170] 44 06 08 00 01 00 00 00 77 00 7A 00 FF FF 00 00 D....... w.z..... [0180] 82 00 40 34 A2 09 F6 3F 0F 21 38 85 7B E6 05 53 ..@4...? .!8.{..S [0190] D4 B2 11 7D 25 0F F0 5D ...}%..] [2014/04/25 09:50:35.258552, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:656(dcerpc_check_auth) Requested Privacy. [2014/04/25 09:50:35.258681, 6, pid=4217, effective(0, 0), real(0, 0)] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer) ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 8 [2014/04/25 09:50:35.258810, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:732(dcerpc_check_auth) SCHANNEL auth [2014/04/25 09:50:35.259109, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:449(cli_pipe_validate_current_pdu) Got pdu len 432, data_len 360, ss_len 8 [2014/04/25 09:50:35.259234, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:906(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 432 at offset 0: NT_STATUS_OK [2014/04/25 09:50:35.259383, 10, pid=4217, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:961(rpc_api_pipe_got_pdu) rpc_api_pipe: host STARFISH2 returned 360 bytes. [2014/04/25 09:50:35.259837, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : c05548d1417fd780 timestamp : (time_t)0 validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Apr 25 09:49:07 AM 2014 EDT logoff_time : Mon Jan 18 10:14:07 PM 2038 EST kickoff_time : Mon Jan 18 10:14:07 PM 2038 EST last_password_change : Wed Dec 21 10:12:08 PM 2005 EST allow_password_change : Wed Dec 21 10:12:08 PM 2005 EST force_password_change : Mon Jan 18 10:14:07 PM 2038 EST account_name: struct lsa_String length : 0x000c (12) size : 0x000e (14) string : * string : 'schulz' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x0d0f (3343) bad_password_count : 0x0000 (0) rid : 0x00000454 (1108) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000002 (2) rids : * rids: ARRAY(2) rids: struct samr_RidWithAttribute rid : 0x00000490 (1168) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 174437a497002d3a726d10110c90dd54 logon_server: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'STARFISH2' logon_domain: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'ADI' domain_sid : * domain_sid : S-1-5-21-3086556783-1154713322-1448514472 LMSessKey: struct netr_LMSessionKey key : 174437a497002d3a acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK [2014/04/25 09:50:35.267730, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user ADI\schulz [2014/04/25 09:50:35.267878, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is adi\schulz [2014/04/25 09:50:35.270299, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:128(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is ADI\schulz [2014/04/25 09:50:35.271339, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:141(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADI\SCHULZ [2014/04/25 09:50:35.273326, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:153(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in adi\schulz [2014/04/25 09:50:35.273513, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [ADI\schulz]! [2014/04/25 09:50:35.273646, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user schulz [2014/04/25 09:50:35.273767, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is schulz [2014/04/25 09:50:35.274730, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [schulz]! [2014/04/25 09:50:35.275533, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/libsmb/samlogon_cache.c:148(netsamlogon_cache_store) netsamlogon_cache_store: SID [S-1-5-21-3086556783-1154713322-1448514472-1108] [2014/04/25 09:50:35.275707, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct netsamlogoncache_entry timestamp : Fri Apr 25 09:50:35 AM 2014 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Apr 25 09:49:07 AM 2014 EDT logoff_time : Mon Jan 18 10:14:07 PM 2038 EST kickoff_time : Mon Jan 18 10:14:07 PM 2038 EST last_password_change : Wed Dec 21 10:12:08 PM 2005 EST allow_password_change : Wed Dec 21 10:12:08 PM 2005 EST force_password_change : Mon Jan 18 10:14:07 PM 2038 EST account_name: struct lsa_String length : 0x000c (12) size : 0x000e (14) string : * string : 'schulz' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x0d0f (3343) bad_password_count : 0x0000 (0) rid : 0x00000454 (1108) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000002 (2) rids : * rids: ARRAY(2) rids: struct samr_RidWithAttribute rid : 0x00000490 (1168) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : c2ff440478b4636b5338f634abacf92e logon_server: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'STARFISH2' logon_domain: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'ADI' domain_sid : * domain_sid : S-1-5-21-3086556783-1154713322-1448514472 LMSessKey: struct netr_LMSessionKey key : c2ff440478b4636b acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL [2014/04/25 09:50:35.284813, 3, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:226(auth_check_ntlm_password) check_ntlm_password: winbind authentication for user [schulz] succeeded [2014/04/25 09:50:35.285148, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2014/04/25 09:50:35.285331, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2014/04/25 09:50:35.285460, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2014/04/25 09:50:35.285638, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.285757, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.286105, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.286287, 5, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:265(auth_check_ntlm_password) check_ntlm_password: PAM Account for user [schulz] succeeded [2014/04/25 09:50:35.286413, 2, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:278(auth_check_ntlm_password) check_ntlm_password: authentication for user [schulz] -> [schulz] -> [schulz] succeeded [2014/04/25 09:50:35.286549, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:168(auth3_check_password) Got NT session key of length 16 [2014/04/25 09:50:35.286672, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:175(auth3_check_password) Got LM session key of length 8 [2014/04/25 09:50:35.286811, 10, pid=4217, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:538(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2014/04/25 09:50:35.287007, 3, pid=4217, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2014/04/25 09:50:35.287128, 3, pid=4217, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2014/04/25 09:50:35.287847, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.288323, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:77(lookup_name) lookup_name: BREAM\schulz => domain=[BREAM], name=[schulz] [2014/04/25 09:50:35.288469, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:78(lookup_name) lookup_name: flags = 0x073 [2014/04/25 09:50:35.288615, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.288743, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.288868, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.288988, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.289104, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.289397, 5, pid=4217, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:594(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_schulz [2014/04/25 09:50:35.289572, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.289703, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.289822, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.289996, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.290114, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.290229, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.290501, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.290642, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:77(lookup_name) lookup_name: Unix User\schulz => domain=[Unix User], name=[schulz] [2014/04/25 09:50:35.290761, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:78(lookup_name) lookup_name: flags = 0x073 [2014/04/25 09:50:35.291012, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user schulz [2014/04/25 09:50:35.291135, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is schulz [2014/04/25 09:50:35.291299, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [schulz]! [2014/04/25 09:50:35.291463, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1359(sid_to_uid) sid S-1-22-1-310 -> uid 310 [2014/04/25 09:50:35.292709, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) sys_getgrouplist: user [schulz] [2014/04/25 09:50:35.298386, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 110 [2014/04/25 09:50:35.298660, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.298793, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.298919, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.299041, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.299159, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.299619, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.299757, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 110 -> sid S-1-22-2-110 [2014/04/25 09:50:35.300053, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 407 [2014/04/25 09:50:35.300182, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.300343, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.300466, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.300586, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.300758, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.300993, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.301120, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 407 -> sid S-1-22-2-407 [2014/04/25 09:50:35.301410, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 309 [2014/04/25 09:50:35.301538, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.301659, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.301780, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.301898, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.302014, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.302238, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.302394, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 309 -> sid S-1-22-2-309 [2014/04/25 09:50:35.302641, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 203 [2014/04/25 09:50:35.302766, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.302886, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.303006, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.303122, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.303238, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.303490, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.303615, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 203 -> sid S-1-22-2-203 [2014/04/25 09:50:35.303860, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 405 [2014/04/25 09:50:35.303984, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.304104, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.304223, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.304372, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.304487, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.304757, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.304883, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 405 -> sid S-1-22-2-405 [2014/04/25 09:50:35.305140, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 310 [2014/04/25 09:50:35.305300, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.305427, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.305547, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.305667, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.305783, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.306007, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.306132, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 310 -> sid S-1-22-2-310 [2014/04/25 09:50:35.306405, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 14 [2014/04/25 09:50:35.306534, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.306657, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.306777, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.306895, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.307011, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.307232, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.307388, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 14 -> sid S-1-22-2-14 [2014/04/25 09:50:35.307645, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 404 [2014/04/25 09:50:35.307772, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.307893, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.308014, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.308132, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.308250, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.308554, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.308681, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 404 -> sid S-1-22-2-404 [2014/04/25 09:50:35.308832, 1, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2936(lp_idmap_range) idmap range not specified for domain '*' [2014/04/25 09:50:35.308964, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:340(create_local_nt_token) Create local NT token for S-1-22-1-310 [2014/04/25 09:50:35.309319, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1435(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2014/04/25 09:50:35.309464, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.309587, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.309709, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.309826, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.309940, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.310192, 10, pid=4217, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-544 [2014/04/25 09:50:35.310373, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.310495, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-32-544 [2014/04/25 09:50:35.310621, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.310742, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.310860, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.310977, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.311093, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.311385, 10, pid=4217, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-544 [2014/04/25 09:50:35.311619, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_util.c:157(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2014/04/25 09:50:35.311760, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.312031, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1435(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2014/04/25 09:50:35.312166, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.312326, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.312500, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.312619, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.312736, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.312972, 10, pid=4217, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-545 [2014/04/25 09:50:35.313115, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.313238, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-32-545 [2014/04/25 09:50:35.313395, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.313516, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.313636, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.313754, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.313869, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.314116, 10, pid=4217, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-545 [2014/04/25 09:50:35.314374, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_util.c:128(create_builtin_users) create_builtin_users: Failed to create Users [2014/04/25 09:50:35.314511, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.314637, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.314758, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.314878, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.314995, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.315110, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.315746, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.315915, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-310] [2014/04/25 09:50:35.316066, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-110] [2014/04/25 09:50:35.316217, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-407] [2014/04/25 09:50:35.316440, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-309] [2014/04/25 09:50:35.316589, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-203] [2014/04/25 09:50:35.316736, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-405] [2014/04/25 09:50:35.316884, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-310] [2014/04/25 09:50:35.317032, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-14] [2014/04/25 09:50:35.317180, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-404] [2014/04/25 09:50:35.317364, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:176(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2014/04/25 09:50:35.317551, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2014/04/25 09:50:35.317697, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2014/04/25 09:50:35.318085, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1280(sids_to_unixids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2014/04/25 09:50:35.318221, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.318378, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.318500, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.318619, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.318737, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.318944, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.319068, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-1-0 [2014/04/25 09:50:35.319195, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.319344, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.319464, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.319584, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.319700, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.319885, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.320008, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-1-0 [2014/04/25 09:50:35.320178, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.320325, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.320445, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.320561, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.320676, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.320859, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.320980, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-2 [2014/04/25 09:50:35.321104, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.321223, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.321368, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.321486, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.321601, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.321784, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.321905, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-2 [2014/04/25 09:50:35.322029, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.322148, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.322289, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.322408, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.322524, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.322707, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.322828, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-11 [2014/04/25 09:50:35.322952, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.323075, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/04/25 09:50:35.323193, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/04/25 09:50:35.323369, 5, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/04/25 09:50:35.323487, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/04/25 09:50:35.323671, 4, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/04/25 09:50:35.323794, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-11 [2014/04/25 09:50:35.323941, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:585(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2014/04/25 09:50:35.324066, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:585(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2014/04/25 09:50:35.324191, 10, pid=4217, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:585(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2014/04/25 09:50:35.324355, 10, pid=4217, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (12): SID[ 0]: S-1-22-1-310 SID[ 1]: S-1-22-2-110 SID[ 2]: S-1-22-2-407 SID[ 3]: S-1-22-2-309 SID[ 4]: S-1-22-2-203 SID[ 5]: S-1-22-2-405 SID[ 6]: S-1-22-2-310 SID[ 7]: S-1-22-2-14 SID[ 8]: S-1-22-2-404 SID[ 9]: S-1-1-0 SID[ 10]: S-1-5-2 SID[ 11]: S-1-5-11 Privileges (0x 0): Rights (0x 0): [2014/04/25 09:50:35.325118, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 310 Primary group is 110 and contains 8 supplementary groups Group[ 0]: 110 Group[ 1]: 407 Group[ 2]: 309 Group[ 3]: 203 Group[ 4]: 405 Group[ 5]: 310 Group[ 6]: 14 Group[ 7]: 404 [2014/04/25 09:50:35.325934, 7, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5167(lp_servicenumber) lp_servicenumber: couldn't find schulz [2014/04/25 09:50:35.326077, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user schulz [2014/04/25 09:50:35.326199, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is schulz [2014/04/25 09:50:35.326363, 5, pid=4217, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [schulz]! [2014/04/25 09:50:35.326481, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/password.c:144(register_homes_share) Adding homes service for user 'schulz' using home directory: '/home/users/schulz' [2014/04/25 09:50:35.326879, 8, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1619(add_a_service) add_a_service: Creating snum = 31 for schulz [2014/04/25 09:50:35.327004, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1669(hash_a_service) hash_a_service: hashing index 31 for service name schulz [2014/04/25 09:50:35.327153, 3, pid=4217, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1725(lp_add_home) adding home's share [schulz] for user 'schulz' at '/home/users/schulz' [2014/04/25 09:50:35.327450, 5, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /opt/local/samba4/var/lock/smbXsrv_session_global.tdb [2014/04/25 09:50:35.327590, 10, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/opt/local/samba4/var/lock/smbXsrv_session_global.tdb 2: 3: [2014/04/25 09:50:35.327724, 10, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 8BA66485 [2014/04/25 09:50:35.327944, 10, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb8ac9d48 [2014/04/25 09:50:35.328365, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:853(smbXsrv_session_global_store) [2014/04/25 09:50:35.328452, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:855(smbXsrv_session_global_store) smbXsrv_session_global_store: key '8BA66485' stored [2014/04/25 09:50:35.328579, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x8ba66485 (2342937733) session_wire_id : 0x000000000000a287 (41607) creation_time : Fri Apr 25 09:50:35 AM 2014 EDT expiration_time : Wed Dec 31 07:00:00 PM 1969 EST auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x0000000c (12) sids: ARRAY(12) sids : S-1-22-1-310 sids : S-1-22-2-110 sids : S-1-22-2-407 sids : S-1-22-2-309 sids : S-1-22-2-203 sids : S-1-22-2-405 sids : S-1-22-2-310 sids : S-1-22-2-14 sids : S-1-22-2-404 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-11 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000136 (310) gid : 0x000000000000006e (110) ngroups : 0x00000008 (8) groups: ARRAY(8) groups : 0x000000000000006e (110) groups : 0x0000000000000197 (407) groups : 0x0000000000000135 (309) groups : 0x00000000000000cb (203) groups : 0x0000000000000195 (405) groups : 0x0000000000000136 (310) groups : 0x000000000000000e (14) groups : 0x0000000000000194 (404) info : * info: struct auth_user_info account_name : * account_name : 'schulz' domain_name : * domain_name : 'ADI' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : * logon_server : 'STARFISH2' last_logon : Fri Apr 25 09:49:07 AM 2014 EDT last_logoff : Mon Jan 18 10:14:07 PM 2038 EST acct_expiry : Mon Jan 18 10:14:07 PM 2038 EST last_password_change : Wed Dec 21 10:12:08 PM 2005 EST allow_password_change : Wed Dec 21 10:12:08 PM 2005 EST force_password_change : Mon Jan 18 10:14:07 PM 2038 EST logon_count : 0x0d0f (3343) bad_password_count : 0x0000 (0) acct_flags : 0x00000210 (528) authenticated : 0x01 (1) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'schulz' sanitized_username : * sanitized_username : 'schulz' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000001079 (4217) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x546fe652a6d4f629 (6084334864261510697) local_address : 'ipv4:192.168.2.141:445' remote_address : 'ipv4:192.168.2.226:49321' remote_name : '192.168.2.226' auth_session_info_seqnum : 0x00000001 (1) [2014/04/25 09:50:35.337661, 10, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 8BA66485 [2014/04/25 09:50:35.337819, 5, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /opt/local/samba4/var/lock/smbXsrv_session_global.tdb [2014/04/25 09:50:35.337943, 10, pid=4217, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/04/25 09:50:35.338072, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1269(smbXsrv_session_update) [2014/04/25 09:50:35.338190, 10, pid=4217, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1277(smbXsrv_session_update) smbXsrv_session_update: global_id (0x8ba66485) stored [2014/04/25 09:50:35.338338, 1, pid=4217, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0x0000a287 (41607) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x8ba66485 (2342937733) session_wire_id : 0x000000000000a287 (41607) creation_time : Fri Apr 25 09:50:35 AM 2014 EDT expiration_time : Wed Dec 31 07:00:00 PM 1969 EST auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x0000000c (12) sids: ARRAY(12) sids : S-1-22-1-310 sids : S-1-22-2-110 sids : S-1-22-2-407 sids : S-1-22-2-309 sids : S-1-22-2-203 sids : S-1-22-2-405 sids : S-1-22-2-310 sids : S-1-22-2-14 sids : S-1-22-2-404 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-11 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000136 (310) gid : 0x000000000000006e (110) ngroups : 0x00000008 (8) groups: ARRAY(8) groups : 0x000000000000006e (110) groups : 0x0000000000000197 (407) groups : 0x0000000000000135 (309) groups : 0x00000000000000cb (203) groups : 0x0000000000000195 (405) groups : 0x0000000000000136 (310) groups : 0x000000000000000e (14) groups : 0x0000000000000194 (404) info : * info: struct auth_user_info account_name : * account_name : 'schulz' domain_name : * domain_name : 'ADI' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : * logon_server : 'STARFISH2' last_logon : Fri Apr 25 09:49:07 AM 2014 EDT last_logoff : Mon Jan 18 10:14:07 PM 2038 EST acct_expiry : Mon Jan 18 10:14:07 PM 2038 EST last_password_change : Wed Dec 21 10:12:08 PM 2005 EST allow_password_change : Wed Dec 21 10:12:08 PM 2005 EST force_password_change : Mon Jan 18 10:14:07 PM 2038 EST logon_count : 0x0d0f (3343) bad_password_count : 0x0000 (0) acct_flags : 0x00000210 (528) authenticated : 0x01 (1) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'schulz' sanitized_username : * sanitized_username : 'schulz' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000001079 (4217) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x546fe652a6d4f629 (6084334864261510697) local_address : 'ipv4:192.168.2.141:445' remote_address : 'ipv4:192.168.2.226:49321' remote_name : '192.168.2.226' auth_session_info_seqnum : 0x00000001 (1) status : NT_STATUS_OK idle_time : Fri Apr 25 09:50:35 AM 2014 EDT nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) gensec : * compat : * tcon_table : NULL