I have been using rpcclient to obtain a list of shares on a Win2K SP4 host (EENSAFI) as follows: rpcclient eensafi -U 'scc%' -c netshareenum The remote "SCC" account has an empty password, and this works just fine. I have also enabled the standard Win2K "Guest" account, which also has an empty password, and I tried the same thing: rpcclient eensafi -U 'guest%' -c netshareenum In the latter case, I get the error message "result was WERR_ACCESS_DENIED" and no listing of shares. However, replacing "netshareenum" with "srvinfo" works in both cases, so there is apparently some privilege problem. I experimented a bit, and it seems that users belonging the the Win2K "Power Users" or "Administrators" group have no problem with "netshareenum", but members of ordinary "Users" or "Guests" are denied access. Here is the debugging output from rpclient trying to do a "netshareenum" as user "Guest": INFO: Current debug levels: all: True/1000 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 added interface ip=192.168.144.20 bcast=192.168.144.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="SPARTACUS" Connecting to host=eensafi internal_resolve_name: looking up eensafi#20 Opening cache file at /var/cache/samba/gencache.tdb Returning valid cache entry: key = NBT/EENSAFI#20, value = 192.168.144.217:0, timeout = Tue Feb 10 13:11:16 2004 name eensafi#20 found. Connecting to 192.168.144.217 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 16384 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 write_socket(4,183) write_socket(4,183) wrote 183 got smb length of 85 size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4138 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 2563 (0xA03) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 227 (0xE3) smb_vwv[11]= 384 (0x180) smb_vwv[12]= 9301 (0x2455) smb_vwv[13]= 6392 (0x18F8) smb_vwv[14]=50160 (0xC3F0) smb_vwv[15]=57345 (0xE001) smb_vwv[16]= 1 (0x1) smb_bcc=16 [000] A5 72 5D 5C 08 17 0A 4B 82 23 55 1B 79 8D 1A 2B .r]\...K .#U.y..+ size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4138 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 2563 (0xA03) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 227 (0xE3) smb_vwv[11]= 384 (0x180) smb_vwv[12]= 9301 (0x2455) smb_vwv[13]= 6392 (0x18F8) smb_vwv[14]=50160 (0xC3F0) smb_vwv[15]=57345 (0xE001) smb_vwv[16]= 1 (0x1) smb_bcc=16 [000] A5 72 5D 5C 08 17 0A 4B 82 23 55 1B 79 8D 1A 2B .r]\...K .#U.y..+ Serverzone is 28800 Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot write_socket(4,174) write_socket(4,174) wrote 174 got smb length of 432 size=432 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4138 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 432 (0x1B0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 315 (0x13B) smb_bcc=389 [000] A1 82 01 37 30 82 01 33 A0 03 0A 01 01 A1 0C 06 ...70..3 ........ [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 8D 04 81 .+.....7 ........ [020] 8A 4E 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E .NTLMSSP ........ [030] 00 30 00 00 00 15 02 8A 60 38 F6 66 1E E7 3D C1 .0...... `8.f..=. [040] 79 00 00 00 00 00 00 00 00 4C 00 4C 00 3E 00 00 y....... .L.L.>.. [050] 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 00 02 .E.E.N.S .A.F.I.. [060] 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 ...E.E.N .S.A.F.I [070] 00 01 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 .....E.E .N.S.A.F [080] 00 49 00 04 00 0E 00 65 00 65 00 6E 00 73 00 61 .I.....e .e.n.s.a [090] 00 66 00 69 00 03 00 0E 00 65 00 65 00 6E 00 73 .f.i.... .e.e.n.s [0A0] 00 61 00 66 00 69 00 00 00 00 00 A3 81 8D 04 81 .a.f.i.. ........ [0B0] 8A 4E 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E .NTLMSSP ........ [0C0] 00 30 00 00 00 15 02 8A 60 38 F6 66 1E E7 3D C1 .0...... `8.f..=. [0D0] 79 00 00 00 00 00 00 00 00 4C 00 4C 00 3E 00 00 y....... .L.L.>.. [0E0] 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 00 02 .E.E.N.S .A.F.I.. [0F0] 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 ...E.E.N .S.A.F.I [100] 00 01 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 .....E.E .N.S.A.F [110] 00 49 00 04 00 0E 00 65 00 65 00 6E 00 73 00 61 .I.....e .e.n.s.a [120] 00 66 00 69 00 03 00 0E 00 65 00 65 00 6E 00 73 .f.i.... .e.e.n.s [130] 00 61 00 66 00 69 00 00 00 00 00 57 00 69 00 6E .a.f.i.. ...W.i.n [140] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 [150] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [160] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A [170] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e [180] 00 72 00 00 00 .r... size=432 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4138 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 432 (0x1B0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 315 (0x13B) smb_bcc=389 [000] A1 82 01 37 30 82 01 33 A0 03 0A 01 01 A1 0C 06 ...70..3 ........ [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 8D 04 81 .+.....7 ........ [020] 8A 4E 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E .NTLMSSP ........ [030] 00 30 00 00 00 15 02 8A 60 38 F6 66 1E E7 3D C1 .0...... `8.f..=. [040] 79 00 00 00 00 00 00 00 00 4C 00 4C 00 3E 00 00 y....... .L.L.>.. [050] 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 00 02 .E.E.N.S .A.F.I.. [060] 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 ...E.E.N .S.A.F.I [070] 00 01 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 .....E.E .N.S.A.F [080] 00 49 00 04 00 0E 00 65 00 65 00 6E 00 73 00 61 .I.....e .e.n.s.a [090] 00 66 00 69 00 03 00 0E 00 65 00 65 00 6E 00 73 .f.i.... .e.e.n.s [0A0] 00 61 00 66 00 69 00 00 00 00 00 A3 81 8D 04 81 .a.f.i.. ........ [0B0] 8A 4E 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E .NTLMSSP ........ [0C0] 00 30 00 00 00 15 02 8A 60 38 F6 66 1E E7 3D C1 .0...... `8.f..=. [0D0] 79 00 00 00 00 00 00 00 00 4C 00 4C 00 3E 00 00 y....... .L.L.>.. [0E0] 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 00 02 .E.E.N.S .A.F.I.. [0F0] 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 00 49 ...E.E.N .S.A.F.I [100] 00 01 00 0E 00 45 00 45 00 4E 00 53 00 41 00 46 .....E.E .N.S.A.F [110] 00 49 00 04 00 0E 00 65 00 65 00 6E 00 73 00 61 .I.....e .e.n.s.a [120] 00 66 00 69 00 03 00 0E 00 65 00 65 00 6E 00 73 .f.i.... .e.e.n.s [130] 00 61 00 66 00 69 00 00 00 00 00 57 00 69 00 6E .a.f.i.. ...W.i.n [140] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 [150] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [160] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A [170] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e [180] 00 72 00 00 00 .r... Got challenge flags: Got NTLMSSP neg_flags=0x608a0215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH write_socket(4,280) write_socket(4,280) wrote 280 got smb length of 126 size=126 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4138 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 126 (0x7E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=83 [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 00 .o.w.s. .5...0.. [020] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [030] 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 4E .2.0.0.0 . .L.A.N [040] 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 72 . .M.a.n .a.g.e.r [050] 00 00 00 ... size=126 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4138 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 126 (0x7E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=83 [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 00 .o.w.s. .5...0.. [020] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [030] 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 4E .2.0.0.0 . .L.A.N [040] 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 72 . .M.a.n .a.g.e.r [050] 00 00 00 ... write_socket(4,82) write_socket(4,82) wrote 82 got smb length of 48 size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... cli_init_creds: user guest domain SPACECOMPUTER write_socket(4,104) write_socket(4,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[4000]: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_elements: 00000001 001c context_id : 0000 001e num_syntaxes: 01 00001f smb_io_rpc_iface 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 01 23 45 67 89 ab 0030 version: 00000000 000034 smb_io_rpc_iface 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:4000 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... write_socket(4,158) write_socket(4,158) wrote 158 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 EC A0 00 00 0C 00 5C 50 49 50 45 ........ ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 EC A0 00 00 0C 00 5C 50 49 50 45 ........ ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 0000a0ec 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: server pipe_name found: \PIPE\lsass bind_rpc_pipe: accepted! init_lsa_sec_qos init_open_pol: attr:0 da:33554432 init_lsa_obj_attr 000000 lsa_io_q_open_pol 0000 ptr : 00000001 0004 system_name: 005c 000008 lsa_io_obj_attr 0008 len : 00000018 000c ptr_root_dir: 00000000 0010 ptr_obj_name: 00000000 0014 attributes : 00000000 0018 ptr_sec_desc: 00000000 001c ptr_sec_qos : 00000001 000020 lsa_io_obj_qos sec_qos 0020 len : 0000000c 0024 sec_imp_level : 0002 0026 sec_ctxt_mode : 01 0027 effective_only: 00 lsa_io_sec_qos: length c does not match size 8 0028 des_access: 02000000 create_rpc_request: opnum: 0x6 data_len: 0x44 create_rpc_request: data_len: 44 auth_len: 0 alloc_hint: 34 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000034 0014 context_id: 0000 0016 opnum : 0006 data_len: 44 data_calc_len: 44 rpc_api_pipe: fnum:4000 size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=83 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 34 .......D .......4 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... write_socket(4,154) write_socket(4,154) wrote 154 got smb length of 104 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 E8 FB 82 ........ ........ [020] 7D DE 74 57 4A AD 41 13 2A 90 24 D8 56 00 00 00 }.tWJ.A. *.$.V... [030] 00 . size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 E8 FB 82 ........ ........ [020] 7D DE 74 57 4A AD 41 13 2A 90 24 D8 56 00 00 00 }.tWJ.A. *.$.V... [030] 00 . rpc_check_hdr: rdata->data_size = 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 48 rpc_api_pipe: fragment first and last both set created /tmp/reply_\PIPE\lsarpc_6.4.prs 000018 lsa_io_r_open_pol 000018 smb_io_pol_hnd 0018 data1: 00000000 001c data2: 7d82fbe8 0020 data3: 74de 0022 data4: 4a57 0024 data5: ad 41 13 2a 90 24 d8 56 002c status: NT_STATUS_OK init_q_query 000000 lsa_io_q_query 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 7d82fbe8 0008 data3: 74de 000a data4: 4a57 000c data5: ad 41 13 2a 90 24 d8 56 0014 info_class: 0005 create_rpc_request: opnum: 0x7 data_len: 0x2e create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000001e 0014 context_id: 0000 0016 opnum : 0007 data_len: 2e data_calc_len: 2e rpc_api_pipe: fnum:4000 size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=61 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 1E ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 E8 FB 82 7D DE ........ ......}. [030] 74 57 4A AD 41 13 2A 90 24 D8 56 05 00 tWJ.A.*. $.V.. write_socket(4,132) write_socket(4,132) wrote 132 got smb length of 160 size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 A8 82 0D 00 05 00 00 .P...... ........ [020] 00 0E 00 10 00 38 54 0D 00 D8 C3 0B 00 08 00 00 .....8T. ........ [030] 00 00 00 00 00 07 00 00 00 45 00 45 00 4E 00 53 ........ .E.E.N.S [040] 00 41 00 46 00 49 00 00 00 04 00 00 00 01 04 00 .A.F.I.. ........ [050] 00 00 00 00 05 15 00 00 00 F8 9F B4 74 FB DA 8B ........ ....t... [060] 7F 43 17 0A 32 00 00 00 00 .C..2... . size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 A8 82 0D 00 05 00 00 .P...... ........ [020] 00 0E 00 10 00 38 54 0D 00 D8 C3 0B 00 08 00 00 .....8T. ........ [030] 00 00 00 00 00 07 00 00 00 45 00 45 00 4E 00 53 ........ .E.E.N.S [040] 00 41 00 46 00 49 00 00 00 04 00 00 00 01 04 00 .A.F.I.. ........ [050] 00 00 00 00 05 15 00 00 00 F8 9F B4 74 FB DA 8B ........ ....t... [060] 7F 43 17 0A 32 00 00 00 00 .C..2... . rpc_check_hdr: rdata->data_size = 104 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 104 rpc_api_pipe: fragment first and last both set created /tmp/reply_\PIPE\lsarpc_7.4.prs 000018 lsa_io_r_query 0018 undoc_buffer: 000d82a8 001c info_class: 0005 000020 lsa_io_dom_query 0020 uni_dom_max_len: 000e 0022 uni_dom_str_len: 0010 0024 buffer_dom_name: 000d5438 0028 buffer_dom_sid : 000bc3d8 00002c smb_io_unistr2 unistr2 002c uni_max_len: 00000008 0030 undoc : 00000000 0034 uni_str_len: 00000007 0038 buffer : E.E.N.S.A.F.I. 000048 smb_io_dom_sid2 0048 num_auths: 00000004 00004c smb_io_dom_sid sid 004c sid_rev_num: 01 004d num_auths : 04 004e id_auth[0] : 00 004f id_auth[1] : 00 0050 id_auth[2] : 00 0051 id_auth[3] : 00 0052 id_auth[4] : 00 0053 id_auth[5] : 05 0054 sub_auths : 00000015 74b49ff8 7f8bdafb 320a1743 0064 status: NT_STATUS_OK init_lsa_q_close 000000 lsa_io_q_close 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 7d82fbe8 0008 data3: 74de 000a data4: 4a57 000c data5: ad 41 13 2a 90 24 d8 56 create_rpc_request: opnum: 0x0 data_len: 0x2c create_rpc_request: data_len: 2c auth_len: 0 alloc_hint: 1c 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000001c 0014 context_id: 0000 0016 opnum : 0000 data_len: 2c data_calc_len: 2c rpc_api_pipe: fnum:4000 size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=59 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 1C ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 E8 FB 82 7D DE ........ ......}. [030] 74 57 4A AD 41 13 2A 90 24 D8 56 tWJ.A.*. $.V write_socket(4,130) write_socket(4,130) wrote 130 got smb length of 104 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . rpc_check_hdr: rdata->data_size = 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 48 rpc_api_pipe: fragment first and last both set created /tmp/reply_\PIPE\lsarpc_0.4.prs 000018 lsa_io_r_close 000018 smb_io_pol_hnd 0018 data1: 00000000 001c data2: 00000000 0020 data3: 0000 0022 data4: 0000 0024 data5: 00 00 00 00 00 00 00 00 002c status: NT_STATUS_OK write_socket(4,45) write_socket(4,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=10 smt_wct=0 smb_bcc=0 write_socket(4,104) write_socket(4,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=11 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 Bind RPC Pipe[4001]: \PIPE\srvsvc Bind Abstract Syntax: [000] C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 .O2Kp... .xZG.n.. [010] 03 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_elements: 00000001 001c context_id : 0000 001e num_syntaxes: 01 00001f smb_io_rpc_iface 0020 data : 4b324fc8 0024 data : 1670 0026 data : 01d3 0028 data : 12 78 5a 47 bf 6e e1 88 0030 version: 00000003 000034 smb_io_rpc_iface 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:4001 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 C8 ........ ........ [030] 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 03 O2Kp.... xZG.n... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... write_socket(4,158) write_socket(4,158) wrote 158 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 93 0B 01 00 0D 00 5C 50 49 50 45 ........ ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 93 0B 01 00 0D 00 5C 50 49 50 45 ........ ...\PIPE [020] 5C 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 \ntsvcs. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000005 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00010b93 000018 smb_io_rpc_addr_str 0018 len: 000d 001a str: \PIPE\ntsvcs. 000027 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: server pipe_name found: \PIPE\lsass bind_rpc_pipe: accepted! smb_io_enum_hnd init_q_net_share_enum 000000 srv_io_q_net_share_enum 0000 ptr_srv_name: 00000001 000004 smb_io_unistr2 0004 uni_max_len: 0000000a 0008 undoc : 00000000 000c uni_str_len: 0000000a 0010 buffer : \.\.E.E.N.S.A.F.I... 000024 srv_io_srv_share_ctr share_ctr 0024 info_level: 00000002 0028 switch_value: 00000002 002c ptr_share_info: 00000001 0030 num_entries: 00000000 0034 ptr_entries: 00000000 0038 preferred_len: ffffffff 00003c smb_io_enum_hnd enum_hnd 003c ptr_hnd: 00000000 create_rpc_request: opnum: 0xf data_len: 0x58 create_rpc_request: data_len: 58 auth_len: 0 alloc_hint: 48 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 000f data_len: 58 data_calc_len: 58 rpc_api_pipe: fnum:4001 size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=103 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 58 00 00 00 06 00 00 00 48 .......X .......H [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 45 00 4E .......\ .\.E.E.N [040] 00 53 00 41 00 46 00 49 00 00 00 02 00 00 00 02 .S.A.F.I ........ [050] 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 FF ........ ........ [060] FF FF FF 00 00 00 00 ....... write_socket(4,174) write_socket(4,174) wrote 174 got smb length of 112 size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 06 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 02 00 00 00 02 00 00 . ...... ........ [020] 00 E0 62 0E 00 00 00 00 00 00 00 00 00 00 00 00 ..b..... ........ [030] 00 00 00 00 00 05 00 00 00 ........ . size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 06 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 02 00 00 00 02 00 00 . ...... ........ [020] 00 E0 62 0E 00 00 00 00 00 00 00 00 00 00 00 00 ..b..... ........ [030] 00 00 00 00 00 05 00 00 00 ........ . rpc_check_hdr: rdata->data_size = 56 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 56 rpc_api_pipe: fragment first and last both set created /tmp/reply_\PIPE\srvsvc_15.4.prs 000018 srv_io_r_net_share_enum 000018 srv_io_srv_share_ctr share_ctr 0018 info_level: 00000002 001c switch_value: 00000002 0020 ptr_share_info: 000e62e0 0024 num_entries: 00000000 0028 ptr_entries: 00000000 002c total_entries: 00000000 000030 smb_io_enum_hnd enum_hnd 0030 ptr_hnd: 00000000 0034 status: WERR_ACCESS_DENIED result was WERR_ACCESS_DENIED write_socket(4,45) write_socket(4,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2048 smb_pid=4138 smb_uid=2048 smb_mid=14 smt_wct=0 smb_bcc=0
i don't see how what a win2k server returns is our bug. Perhaps I misunderstood your report. What exactly is the problem ?
I don't know if it's a Samba bug or not. All I know is that it doesn't work, and if it's not a bug, then there might be a very simple workaround for it. Simply put, why is it that the "NetShareEnum" command in rpcclient fails to work when logging on as user "Guest" -- is there a smb.conf setting that needs to be changed to make this work?
It's the 2k server not smbclient that returns access denied. CHeck your policy settings on the wk2 server. This is not our bug as far as I can determine.
database cleanup