smbd -V : 3.3.4-0.1.146-2113-SUSE-CODE10 Running: net -d 3 -U admuser@DOM.REALM.CO.COM ads join createcomputer="REG/CN/OU/Services/" Error: :1,/05/15 14:23:26, 5] lib/debug.c:debug_dump_status(407) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2009/05/15 14:23:26, 3] param/loadparm.c:lp_load_ex(8794) lp_load_ex: refreshing parameters [2009/05/15 14:23:26, 3] param/loadparm.c:init_globals(4629) Initialising global parameters [2009/05/15 14:23:26, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2009/05/15 14:23:26, 3] param/loadparm.c:do_section(7457) Processing section "[global]" doing parameter server string = HOST SuSE Samba Server doing parameter security = ADS doing parameter realm = DOM.REALM.CO.COM doing parameter netbios name = HOST [2009/05/15 14:23:26, 4] param/loadparm.c:handle_netbios_name(6810) handle_netbios_name: set global_myname to: HOST doing parameter workgroup = DOM doing parameter local master = No doing parameter domain master = No doing parameter domain logons = No doing parameter use kerberos keytab = No doing parameter password server = DOM.REALM.CO.COM doing parameter encrypt passwords = Yes doing parameter dns proxy = No doing parameter client use spnego = Yes doing parameter client ntlmv2 auth = Yes doing parameter client lanman auth = No doing parameter client plaintext auth = No doing parameter use spnego = Yes doing parameter lanman auth = No doing parameter ntlm auth = No doing parameter disable netbios = Yes doing parameter client schannel = Auto doing parameter server schannel = Auto doing parameter client signing = Auto doing parameter server signing = Auto doing parameter winbind enum users = No doing parameter winbind enum groups = No doing parameter deadtime = 5 doing parameter hostname lookups = Yes doing parameter hosts allow = localhost, 10. doing parameter hosts deny = ALL doing parameter interfaces = localhost, host-smb.uk.db.com doing parameter bind interfaces only = Yes doing parameter log level = 3 doing parameter log file = /var/log/samba/log.samba doing parameter max log size = 9000 doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY doing parameter nis homedir = No doing parameter hide dot files = Yes doing parameter include = /opt/samba/etc/smb.conf.standard [2009/05/15 14:23:26, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file "/opt/samba/etc/smb.conf.standard" doing parameter wide links = No doing parameter local master = No doing parameter domain master = No doing parameter preferred master = No doing parameter os level = 0 [2009/05/15 14:23:26, 4] param/loadparm.c:lp_load_ex(8838) pm_process() returned Yes [2009/05/15 14:23:26, 7] param/loadparm.c:lp_servicenumber(9043) lp_servicenumber: couldn't find homes [2009/05/15 14:23:26, 10] param/loadparm.c:set_server_role(8016) set_server_role: role = ROLE_DOMAIN_MEMBER [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UCS-2LE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UCS-2LE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF-16LE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF-16LE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UCS-2BE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UCS-2BE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF-16BE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF-16BE [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF8 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF8 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UTF-8 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UTF-8 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset ASCII [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset ASCII [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset 646 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset 646 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset ISO-8859-1 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset ISO-8859-1 [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(104) Attempting to register new charset UCS2-HEX [2009/05/15 14:23:26, 5] lib/iconv.c:smb_register_charset(112) Registered charset UCS2-HEX [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:26, 5] lib/util.c:init_names(269) Netbios name list:- my_netbios_names[0]="HOST" [2009/05/15 14:23:26, 2] lib/interface.c:add_interface(340) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2009/05/15 14:23:26, 2] lib/interface.c:add_interface(340) added interface eth0 ip=IPADRESS bcast=BCAST netmask=255.255.255.0 [2009/05/15 14:23:29, 1] libnet/libnet_join.c:libnet_Join(1871) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'HOST' domain_name : * domain_name : 'DOM.REALM.CO.COM' account_ou : 'REG/CN/OU/Services/' admin_account : 'admuser@DOM.REALM.CO.COM' admin_password : * machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:dsgetdcname(1167) dsgetdcname: domain_name: DOM.REALM.CO.COM, domain_guid: (null), site_name: (null), flags: 0x40001011 [2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:debug_dsdcinfo_flags(46) debug_dsdcinfo_flags: 0x40001011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME [2009/05/15 14:23:29, 5] lib/gencache.c:gencache_init(61) Opening cache file at /var/lib/samba/gencache.tdb [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 06:28:15 2106 [2009/05/15 14:23:29, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for DOM.REALM.CO.COM: "Default-First-Site-Name" [2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:dsgetdcname_rediscover(1080) dsgetdcname_rediscover [2009/05/15 14:23:29, 4] libads/dns.c:ads_dns_lookup_srv(432) ads_dns_lookup_srv: 2 records returned in the answer section. [2009/05/15 14:23:29, 10] libads/dns.c:ads_dns_parse_rr_srv(213) ads_dns_parse_rr_srv: Parsed dchost.dom.realm.co.com [0, 100, 389] [2009/05/15 14:23:29, 10] libads/dns.c:ads_dns_parse_rr_srv(213) ads_dns_parse_rr_srv: Parsed esbadengwvm2.dom.realm.co.com [0, 100, 389] [2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:process_dc_dns(894) LDAP ping to dchost.dom.realm.co.com &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000011fc (4604) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : 7edaa194-dc63-4f64-989e-10fbaa0a1c76 forest : 'realm.co.com' dns_domain : 'dom.realm.co.com' pdc_dns_name : 'dchost.dom.realm.co.com' domain : 'DOM' pdc_name : 'DCHOST' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set_data_blob(374) Adding cache entry with key = DSGETDCNAME/DOMAIN/DOM; blob size = 155 and timeout = Fri May 15 14:38:29 2009 (900 seconds ahead) [2009/05/15 14:23:29, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [DOM], sitename = [Default-First-Site-Name], expire = [4294967295] [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/DOM; value = Default-First-Site-Name and timeout = (null) (-1242393810 seconds ahead) [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set_data_blob(374) Adding cache entry with key = DSGETDCNAME/DOMAIN/DOM.REALM.CO.COM; blob size = 155 and timeout = Fri May 15 14:38:29 2009 (900 seconds ahead) [2009/05/15 14:23:29, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [dom.realm.co.com], sitename = [Default-First-Site-Name], expire = [4294967295] [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM; value = Default-First-Site-Name and timeout = (null) (-1242393810 seconds ahead) [2009/05/15 14:23:29, 3] libsmb/cliconnect.c:cli_start_connection(1649) Connecting to host=dchost.dom.realm.co.com [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM, value = Default-First-Site-Name, timeout = Sun Feb 7 06:28:15 2106 [2009/05/15 14:23:29, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for DOM.REALM.CO.COM: "Default-First-Site-Name" [2009/05/15 14:23:29, 10] libsmb/namequery.c:internal_resolve_name(1505) internal_resolve_name: looking up dchost.dom.realm.co.com#20 (sitename Default-First-Site-Name) [2009/05/15 14:23:29, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/LONADENGWVM2.DOM.REALM.CO.COM#20, value = 10.128.48.202:0, timeout = Fri May 15 14:33:58 2009 [2009/05/15 14:23:29, 5] libsmb/namecache.c:namecache_fetch(233) name dchost.dom.realm.co.com#20 found. [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2009/05/15 14:23:29, 3] lib/util_sock.c:open_socket_out(1400) Connecting to 10.128.48.202 at port 445 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 0 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 0 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/05/15 14:23:30, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,194) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,194) wrote 194 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 193 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=193 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=927 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=31616 (0x7B80) smb_vwv[12]=15008 (0x3AA0) smb_vwv[13]=24678 (0x6066) smb_vwv[14]=51669 (0xC9D5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=124 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 96 61 A9 DE 8D 94 C8 41 88 11 B5 6D 9C DE F6 4E .a.....A ...m...N [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=193 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=927 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=31616 (0x7B80) smb_vwv[12]=15008 (0x3AA0) smb_vwv[13]=24678 (0x6066) smb_vwv[14]=51669 (0xC9D5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=124 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 96 61 A9 DE 8D 94 C8 41 88 11 B5 6D 9C DE F6 4E .a.....A ...m...N [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... ...`0^.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 .*0(.&.$ not_defi [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore [2009/05/15 14:23:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) Doing spnego session setup (blob length=124) [2009/05/15 14:23:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 48018 1 2 2 [2009/05/15 14:23:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 113554 1 2 2 [2009/05/15 14:23:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 113554 1 2 2 3 [2009/05/15 14:23:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 3 6 1 4 1 311 2 2 10 [2009/05/15 14:23:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) got principal=not_defined_in_RFC4178@please_ignore [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,166) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,166) wrote 166 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 588 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=588 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=927 smb_uid=2050 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 588 (0x24C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 293 (0x125) smb_bcc=545 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] A1 82 01 21 30 82 01 1D A0 03 0A 01 01 A1 0C 06 ...!0... ........ [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 06 04 .+.....7 ........ [020] 82 01 02 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A ...NTLMS SP...... [030] 00 0A 00 38 00 00 00 15 82 89 62 34 57 BA 47 B5 ...8.... ..b4W.G. [040] 3B 6A BA 00 00 00 00 00 00 00 00 C0 00 C0 00 42 ;j...... .......B [050] 00 00 00 06 00 71 17 00 00 00 0F 5A 00 57 00 44 .....q.. ...Z.W.D [060] 00 42 00 47 00 02 00 0A 00 5A 00 57 00 44 00 42 .B.G.... .Z.W.D.B [070] 00 47 00 01 00 18 00 4C 00 4F 00 4E 00 41 00 44 .G.....L .O.N.A.D [080] 00 45 00 4E 00 47 00 57 00 56 00 4D 00 32 00 04 .E.N.G.W .V.M.2.. [090] 00 24 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A .$.z.w.d .b.g...z [0A0] 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E .w.a.d.s ...d.b.. [0B0] 00 63 00 6F 00 6D 00 03 00 3E 00 6C 00 6F 00 6E .c.o.m.. .>.l.o.n [0C0] 00 61 00 64 00 65 00 6E 00 67 00 77 00 76 00 6D .a.d.e.n .g.w.v.m [0D0] 00 32 00 2E 00 7A 00 77 00 64 00 62 00 67 00 2E .2...z.w .d.b.g.. [0E0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b [0F0] 00 2E 00 63 00 6F 00 6D 00 05 00 18 00 7A 00 77 ...c.o.m .....z.w [100] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c [110] 00 6F 00 6D 00 07 00 08 00 D4 02 3D 66 60 D5 C9 .o.m.... ...=f`.. [120] 01 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .....W.i .n.d.o.w [130] 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 .s. .S.e .r.v.e.r [140] 00 20 00 28 00 52 00 29 00 20 00 32 00 30 00 30 . .(.R.) . .2.0.0 [150] 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 .8. .E.n .t.e.r.p [160] 00 72 00 69 00 73 00 65 00 20 00 77 00 69 00 74 .r.i.s.e . .w.i.t [170] 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 00 70 .h.o.u.t . .H.y.p [180] 00 65 00 72 00 2D 00 56 00 20 00 36 00 30 00 30 .e.r.-.V . .6.0.0 [190] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c [1A0] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 [1B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [1C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [1D0] 00 28 00 52 00 29 00 20 00 32 00 30 00 30 00 38 .(.R.). .2.0.0.8 [1E0] 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 . .E.n.t .e.r.p.r [1F0] 00 69 00 73 00 65 00 20 00 77 00 69 00 74 00 68 .i.s.e. .w.i.t.h [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=588 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=927 smb_uid=2050 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 588 (0x24C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 293 (0x125) smb_bcc=545 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] A1 82 01 21 30 82 01 1D A0 03 0A 01 01 A1 0C 06 ...!0... ........ [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 82 01 06 04 .+.....7 ........ [020] 82 01 02 4E 54 4C 4D 53 53 50 00 02 00 00 00 0A ...NTLMS SP...... [030] 00 0A 00 38 00 00 00 15 82 89 62 34 57 BA 47 B5 ...8.... ..b4W.G. [040] 3B 6A BA 00 00 00 00 00 00 00 00 C0 00 C0 00 42 ;j...... .......B [050] 00 00 00 06 00 71 17 00 00 00 0F 5A 00 57 00 44 .....q.. ...Z.W.D [060] 00 42 00 47 00 02 00 0A 00 5A 00 57 00 44 00 42 .B.G.... .Z.W.D.B [070] 00 47 00 01 00 18 00 4C 00 4F 00 4E 00 41 00 44 .G.....L .O.N.A.D [080] 00 45 00 4E 00 47 00 57 00 56 00 4D 00 32 00 04 .E.N.G.W .V.M.2.. [090] 00 24 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A .$.z.w.d .b.g...z [0A0] 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E .w.a.d.s ...d.b.. [0B0] 00 63 00 6F 00 6D 00 03 00 3E 00 6C 00 6F 00 6E .c.o.m.. .>.l.o.n [0C0] 00 61 00 64 00 65 00 6E 00 67 00 77 00 76 00 6D .a.d.e.n .g.w.v.m [0D0] 00 32 00 2E 00 7A 00 77 00 64 00 62 00 67 00 2E .2...z.w .d.b.g.. [0E0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b [0F0] 00 2E 00 63 00 6F 00 6D 00 05 00 18 00 7A 00 77 ...c.o.m .....z.w [100] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c [110] 00 6F 00 6D 00 07 00 08 00 D4 02 3D 66 60 D5 C9 .o.m.... ...=f`.. [120] 01 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .....W.i .n.d.o.w [130] 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 .s. .S.e .r.v.e.r [140] 00 20 00 28 00 52 00 29 00 20 00 32 00 30 00 30 . .(.R.) . .2.0.0 [150] 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 .8. .E.n .t.e.r.p [160] 00 72 00 69 00 73 00 65 00 20 00 77 00 69 00 74 .r.i.s.e . .w.i.t [170] 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 00 70 .h.o.u.t . .H.y.p [180] 00 65 00 72 00 2D 00 56 00 20 00 36 00 30 00 30 .e.r.-.V . .6.0.0 [190] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c [1A0] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 [1B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [1C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [1D0] 00 28 00 52 00 29 00 20 00 32 00 30 00 30 00 38 .(.R.). .2.0.0.8 [1E0] 00 20 00 45 00 6E 00 74 00 65 00 72 00 70 00 72 . .E.n.t .e.r.p.r [1F0] 00 69 00 73 00 65 00 20 00 77 00 69 00 74 00 68 .i.s.e. .w.i.t.h [2009/05/15 14:23:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) Got challenge flags: [2009/05/15 14:23:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/05/15 14:23:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) NTLMSSP: Set final flags: [2009/05/15 14:23:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/05/15 14:23:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/05/15 14:23:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,478) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,478) wrote 478 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 304 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=304 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=927 smb_uid=2050 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 304 (0x130) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=261 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 [030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e [040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 77 .r.p.r.i .s.e. .w [050] 00 69 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 .i.t.h.o .u.t. .H [060] 00 79 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 .y.p.e.r .-.V. .6 [070] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v [080] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [090] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o [0A0] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e [0B0] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 [0C0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r [0D0] 00 70 00 72 00 69 00 73 00 65 00 20 00 77 00 69 .p.r.i.s .e. .w.i [0E0] 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 .t.h.o.u .t. .H.y [0F0] 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 00 2E .p.e.r.- .V. .6.. [100] 00 30 00 00 00 .0... [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=304 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=927 smb_uid=2050 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 304 (0x130) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=261 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 [030] 00 30 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 .0.0.8. .E.n.t.e [040] 00 72 00 70 00 72 00 69 00 73 00 65 00 20 00 77 .r.p.r.i .s.e. .w [050] 00 69 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 .i.t.h.o .u.t. .H [060] 00 79 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 .y.p.e.r .-.V. .6 [070] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v [080] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [090] 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F . .1...W .i.n.d.o [0A0] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e [0B0] 00 72 00 20 00 28 00 52 00 29 00 20 00 32 00 30 .r. .(.R .). .2.0 [0C0] 00 30 00 38 00 20 00 45 00 6E 00 74 00 65 00 72 .0.8. .E .n.t.e.r [0D0] 00 70 00 72 00 69 00 73 00 65 00 20 00 77 00 69 .p.r.i.s .e. .w.i [0E0] 00 74 00 68 00 6F 00 75 00 74 00 20 00 48 00 79 .t.h.o.u .t. .H.y [0F0] 00 70 00 65 00 72 00 2D 00 56 00 20 00 36 00 2E .p.e.r.- .V. .6.. [100] 00 30 00 00 00 .0... [2009/05/15 14:23:30, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) SMB signing enabled! [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) cli_simple_set_signing: user_session_key [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] AC B5 20 7C B5 01 03 FA 62 DF AA 34 32 46 FB 25 .. |.... b..42F.% [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) cli_simple_set_signing: NULL response_data [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 0 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] FD FA A5 59 E7 EA 02 4A ...Y...J [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 1 mid = 3 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 1 mid = 3 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 1 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 1: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] A2 AE 14 B6 AA A0 8F FD ........ [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 2 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] C6 51 EF 80 8D EE C3 EE .Q...... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 3 mid = 4 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,130) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,130) wrote 130 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 56 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 49 50 43 00 00 00 00 IPC.... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 3 mid = 4 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 3 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 3: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] E5 9C 28 F8 3E 4B 4C DA ..(.>KL. [2009/05/15 14:23:30, 10] libsmb/clientgen.c:cli_init_creds(415) cli_init_creds: user admuser@DOM.REALM.CO.COM domain [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 23 3D F0 D5 9E 30 22 6C #=...0"l [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 5 mid = 5 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,104) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,104) wrote 104 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 103 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 5 mid = 5 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 5 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 5: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 1C 76 F3 5F F5 B0 2F 76 .v._../v [2009/05/15 14:23:30, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201) Bind RPC Pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 auth_type 0, auth_level 0 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2009/05/15 14:23:30, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2009/05/15 14:23:30, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2009/05/15 14:23:30, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=87 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 6 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 9A B3 DF 94 69 3C B4 5A ....i<.Z [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 7 mid = 6 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,158) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,158) wrote 158 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 124 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 2E 65 01 00 0C 00 5C 70 69 70 65 ......e. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 7 mid = 6 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 7 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 7: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] B9 49 DB B1 D9 AC BC 56 .I.....V [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 2E 65 01 00 0C 00 5C 70 69 70 65 ......e. ...\pipe [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 7 mid = 6 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 68 at offset 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 returned 68 bytes. [2009/05/15 14:23:30, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) rpc_pipe_bind: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 bind request returned ok. [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 0001652e [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \pipe\lsass. [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2009/05/15 14:23:30, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2009/05/15 14:23:30, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2009/05/15 14:23:30, 5] rpc_client/cli_pipe.c:check_bind_response(1845) check_bind_response: accepted! [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine dchost.dom.realm.co.com and bound anonymously. [2009/05/15 14:23:30, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2009/05/15 14:23:30, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0006 [2009/05/15 14:23:30, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=83 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 8 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] E8 CD FC 31 6E 62 A3 AE ...1nb.. [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 9 mid = 7 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,154) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,154) wrote 154 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 104 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 C0 F1 DB ........ ........ [020] E0 86 07 65 48 A7 BF F3 76 6C DF D8 19 00 00 00 ...eH... vl...... [030] 00 . [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 9 mid = 7 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 9 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 9: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] DC 41 B5 F1 A9 E4 A2 7C .A.....| [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 C0 F1 DB ........ ........ [020] E0 86 07 65 48 A7 BF F3 76 6C DF D8 19 00 00 00 ...eH... vl...... [030] 00 . [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 9 mid = 7 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 48 at offset 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 returned 48 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : e0dbf1c0-0786-4865-a7bf-f3766cdfd819 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : e0dbf1c0-0786-4865-a7bf-f3766cdfd819 level : LSA_POLICY_INFO_DNS (12) [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002e [2009/05/15 14:23:30, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=61 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 C0 F1 DB E0 86 ........ ........ [030] 07 65 48 A7 BF F3 76 6C DF D8 19 0C 00 .eH...vl ..... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 10 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 48 D1 35 07 F3 CA F3 26 H.5....& [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 11 mid = 8 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,132) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,132) wrote 132 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 272 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=272 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 216 (0xD8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 216 (0xD8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=217 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 03 00 00 ........ ........ [010] 00 C0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ [020] 00 0A 00 0C 00 04 00 02 00 24 00 26 00 08 00 02 ........ .$.&.... [030] 00 18 00 1A 00 0C 00 02 00 94 A1 DA 7E 63 DC 64 ........ ....~c.d [040] 4F 98 9E 10 FB AA 0A 1C 76 10 00 02 00 06 00 00 O....... v....... [050] 00 00 00 00 00 05 00 00 00 5A 00 57 00 44 00 42 ........ .Z.W.D.B [060] 00 47 00 00 00 13 00 00 00 00 00 00 00 12 00 00 .G...... ........ [070] 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A 00 77 .z.w.d.b .g...z.w [080] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c [090] 00 6F 00 6D 00 0D 00 00 00 00 00 00 00 0C 00 00 .o.m.... ........ [0A0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b [0B0] 00 2E 00 63 00 6F 00 6D 00 04 00 00 00 01 04 00 ...c.o.m ........ [0C0] 00 00 00 00 05 15 00 00 00 36 89 AE 48 D5 01 B6 ........ .6..H... [0D0] 69 5E 05 C3 2F 00 00 00 00 i^../... . [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 11 mid = 8 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 11 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 11: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 73 C3 0A AB 3C CD 7D C0 s...<.}. [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=272 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 216 (0xD8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 216 (0xD8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=217 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 03 00 00 ........ ........ [010] 00 C0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ [020] 00 0A 00 0C 00 04 00 02 00 24 00 26 00 08 00 02 ........ .$.&.... [030] 00 18 00 1A 00 0C 00 02 00 94 A1 DA 7E 63 DC 64 ........ ....~c.d [040] 4F 98 9E 10 FB AA 0A 1C 76 10 00 02 00 06 00 00 O....... v....... [050] 00 00 00 00 00 05 00 00 00 5A 00 57 00 44 00 42 ........ .Z.W.D.B [060] 00 47 00 00 00 13 00 00 00 00 00 00 00 12 00 00 .G...... ........ [070] 00 7A 00 77 00 64 00 62 00 67 00 2E 00 7A 00 77 .z.w.d.b .g...z.w [080] 00 61 00 64 00 73 00 2E 00 64 00 62 00 2E 00 63 .a.d.s.. .d.b...c [090] 00 6F 00 6D 00 0D 00 00 00 00 00 00 00 0C 00 00 .o.m.... ........ [0A0] 00 7A 00 77 00 61 00 64 00 73 00 2E 00 64 00 62 .z.w.a.d .s...d.b [0B0] 00 2E 00 63 00 6F 00 6D 00 04 00 00 00 01 04 00 ...c.o.m ........ [0C0] 00 00 00 00 05 15 00 00 00 36 89 AE 48 D5 01 B6 ........ .6..H... [0D0] 69 5E 05 C3 2F 00 00 00 00 i^../... . [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 11 mid = 8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00d8 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 000000c0 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 216, data_len 192, ss_len 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 216 at offset 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 returned 384 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x000a (10) size : 0x000c (12) string : * string : 'DOM' dns_domain: struct lsa_StringLarge length : 0x0024 (36) size : 0x0026 (38) string : * string : 'dom.realm.co.com' dns_forest: struct lsa_StringLarge length : 0x0018 (24) size : 0x001a (26) string : * string : 'realm.co.com' domain_guid : 7edaa194-dc63-4f64-989e-10fbaa0a1c76 sid : * sid : S-1-5-21-1219397942-1773535701-801310046 result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : e0dbf1c0-0786-4865-a7bf-f3766cdfd819 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0000 [2009/05/15 14:23:30, 5] rpc_client/cli_pipe.c:rpc_api_pipe(886) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=59 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 C0 F1 DB E0 86 ........ ........ [030] 07 65 48 A7 BF F3 76 6C DF D8 19 .eH...vl ... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 12 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 91 C9 AD 6A E9 0A EB 1A ...j.... [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 13 mid = 9 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,130) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,130) wrote 130 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 104 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 13 mid = 9 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 13 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 13: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 23 24 C9 FA DF F2 66 75 #$....fu [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 13 mid = 9 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/05/15 14:23:30, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998) rpc_api_pipe: got PDU len of 48 at offset 0 [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045) rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 returned 48 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 14 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 78 7B 2D 34 0A 39 9D 44 x{-4.9.D [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 15 mid = 10 [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(236) write_socket(6,45) [2009/05/15 14:23:30, 6] libsmb/clientgen.c:write_socket(239) write_socket(6,45) wrote 45 [2009/05/15 14:23:30, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/05/15 14:23:30, 5] lib/util.c:show_msg(645) [2009/05/15 14:23:30, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2050 smb_pid=927 smb_uid=2050 smb_mid=10 smt_wct=0 smb_bcc=0 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 15 mid = 10 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 15 [2009/05/15 14:23:30, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 15: got good SMB signature of [2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233) [000] 4E F7 B5 D3 C1 4B FB 1C N....K.. [2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366) rpc_pipe_destructor: closed host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 [2009/05/15 14:23:30, 5] libads/ldap.c:ads_try_connect(203) ads_try_connect: sending CLDAP request to dchost.dom.realm.co.com (realm: dom.realm.co.com) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000011fc (4604) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : 7edaa194-dc63-4f64-989e-10fbaa0a1c76 forest : 'realm.co.com' dns_domain : 'dom.realm.co.com' pdc_dns_name : 'dchost.dom.realm.co.com' domain : 'DOM' pdc_name : 'LONADENGWVM2' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2009/05/15 14:23:30, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [DOM], sitename = [Default-First-Site-Name], expire = [4294967295] [2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/DOM; value = Default-First-Site-Name and timeout = (null) (-1242393811 seconds ahead) [2009/05/15 14:23:30, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [dom.realm.co.com], sitename = [Default-First-Site-Name], expire = [4294967295] [2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM; value = Default-First-Site-Name and timeout = (null) (-1242393811 seconds ahead) [2009/05/15 14:23:30, 3] libads/ldap.c:ads_connect(621) Successfully contacted LDAP server IPADDRESS [2009/05/15 14:23:30, 10] libads/ldap.c:ldap_open_with_timeout(62) Opening connection to LDAP server 'dchost.dom.realm.co.com:389', timeout 15 seconds [2009/05/15 14:23:30, 10] libads/ldap.c:ldap_open_with_timeout(76) Connected to LDAP server 'dchost.dom.realm.co.com:389' [2009/05/15 14:23:30, 3] libads/ldap.c:ads_connect(675) Connected to LDAP server dchost.dom.realm.co.com [2009/05/15 14:23:30, 10] libads/ldap.c:ads_closest_dc(165) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2009/05/15 14:23:30, 10] libsmb/namequery.c:saf_store(86) saf_store: domain = [DOM], server = [dchost.dom.realm.co.com], expire = [1242394710] [2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/DOM; value = dchost.dom.realm.co.com and timeout = Fri May 15 14:38:30 2009 (900 seconds ahead) [2009/05/15 14:23:30, 10] libsmb/namequery.c:saf_store(86) saf_store: domain = [dom.realm.co.com], server = [dchost.dom.realm.co.com], expire = [1242394710] [2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/DOM.REALM.CO.COM; value = dchost.dom.realm.co.com and timeout = Fri May 15 14:38:30 2009 (900 seconds ahead) [2009/05/15 14:23:30, 4] libads/ldap.c:ads_current_time(2860) time offset is 26 seconds [2009/05/15 14:23:30, 4] libads/sasl.c:ads_sasl_bind(1112) Found SASL mechanism GSS-SPNEGO [2009/05/15 14:23:30, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2009/05/15 14:23:30, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2009/05/15 14:23:30, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2009/05/15 14:23:30, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2009/05/15 14:23:30, 3] libads/sasl.c:ads_sasl_spnego_bind(789) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2009/05/15 14:23:30, 3] libsmb/clikrb5.c:ads_krb5_mk_req(677) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2009/05/15 14:23:30, 10] libads/sasl.c:ads_sasl_spnego_bind(810) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2009/05/15 14:23:30, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) kerberos_kinit_password: as admuser@DOM.REALM.CO.COM@DOM.REALM.CO.COM using [MEMORY:net_ads] as ccache and config [(null)] [2009/05/15 14:23:30, 0] libads/kerberos.c:ads_kinit_password(362) kerberos_kinit_password admuser@DOM.REALM.CO.COM@DOM.REALM.CO.COM failed: Malformed representation of principal [2009/05/15 14:23:30, 1] libnet/libnet_join.c:libnet_Join(1902) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'dom' dns_domain_name : 'dom.realm.co.com' forest_name : 'realm.co.com' dn : NULL domain_sid : * domain_sid : S-1-5-21-1219397942-1773535701-801310046 modified_config : 0x00 (0) error_string : 'failed to connect to AD: Malformed representation of principal' domain_is_ad : 0x01 (1) result : WERR_DEFAULT_JOIN_REQUIRED [2009/05/15 14:23:30, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/lib64/samba/POSIX.msg: No such file or directory [2009/05/15 14:23:30, 2] utils/net.c:main(770) return code = -1 Failed to join domain: failed to connect to AD: Malformed representation of principal
Created attachment 4161 [details] Debug Level 10 Log (as pasted into comments)
http://kb.mit.edu/confluence/display/ist/Error+Message+Malformed+representation+of+principal+while+logging+in. Related? Checking required?
Can you try to join with just -Uadmuser? Thanks, Volker
That works as expected, so I guess the @REALM was causing the issue, even though it works like that on 3.0.34. Is there any way to control the contents of the generated krb5.conf.WORKGROUP file? My system krb5.conf has these as [libdefaults]: default_realm = REALM default_tkt_enctypes = aes256-cts aes128-cts arcfour-hmac des-cbc-md5 des-cbc-crc default_tgs_enctypes = aes256-cts aes128-cts arcfour-hmac des-cbc-md5 des-cbc-crc permitted_enctypes = aes256-cts aes128-cts arcfour-hmac des-cbc-md5 des-cbc-crc udp_preference_limit = 1 However net ads join is creating the following: default_realm = REALM default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 It also fails to use the valid ticket cache under /tmp/krb5cc_0, is this also expected? I'll submit the full Debug 10 log once I've cleaned it. Thanks, Alex
Created attachment 4209 [details] New net ads join output - debug 10 net -d 10 -U admuser ads join createcomputer="REG/CN/OU/Services/"
We have the same problem with the debian lenny 3.2.5 version. Our use case is that we need to allow an administrator from a top level domain in a forest join machines to child domains, this bug is blocking that ability. The problem seems to have to do with the join code moving to libnet/libnet_join.c and when it is called from net_ads the opt_user_name is passed which is the full user name in our case since we put the user name in the LOGNAME environment. In the past code in utils/net_ads.c would parse that into the ads->auth.user_name and ads->auth.realm parts and that was used, now it gets passed through and the default realm is appended to it in ads_connect causing the problem. I have a patch to libads/ldap.c that fixes it for our case: Index: ldap.c =================================================================== --- ldap.c (revision 97512) +++ ldap.c (working copy) @@ -397,6 +397,7 @@ ADS_STATUS status; NTSTATUS ntstatus; char addr[INET6_ADDRSTRLEN]; + char *cp; ZERO_STRUCT(ads->ldap); ads->ldap.last_attempt = time(NULL); @@ -437,7 +438,21 @@ } if (!ads->auth.realm) { - ads->auth.realm = SMB_STRDUP(ads->config.realm); + /* + * If the username is of the form "name@realm", + * extract the realm and convert to upper case. + * This is only used to establish the connection. + */ + if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) { + *cp++ = '\0'; + SAFE_FREE(ads->auth.realm); + ads->auth.realm = smb_xstrdup(cp); + strupper_m(ads->auth.realm); + } + else { + /* otherwise take the default realm from the config */ + ads->auth.realm = SMB_STRDUP(ads->config.realm); + } } if (!ads->auth.kdc_server) {
Volker, is this a blocker for 3.3.8?
I wouldn't call it a blocker. Re-assigning to Günther, the libnet join stuff is mostly his code. Volker
I'll take this as I've got someone hitting it. The patch does fix it, but I'm going to just test it and make sure I'm happy with the actual fix.
Ok, I really think this belongs in a more central place, but for now, since every bit of samba does its own parsing, I'll do this here. However, I don't want to do it at this level, but instead higher up in libnet. The potential is too high to break things at the ads_connect() level, I think.
Created attachment 5901 [details] Patch for 3.5
Created attachment 5902 [details] Patch for 3.4
Karolin, can you add these to 3.4 and 3.4, assuming Günther approves?
Reassigning to Günther for review.
Comment on attachment 5901 [details] Patch for 3.5 looks good
Comment on attachment 5902 [details] Patch for 3.4 looks good
Karolin, please add to 3.4 and 3.5git
Pushed to v3-5-test and v3-4-test. Closing out bug report. Thanks!