Hi Sumit,
I put the sanitized output below because it's so much.
One quick question, does it matter that kerberos is trying to use the management
interface? Does it matter that it is trying over ipv6? We only use ipv4 at my company
AFAIK. I think ipv6 is set to auto-configure (or whatever it's called).
On Dec 19, 2013, at 01:26 PM, Sumit Bose <sbose(a)redhat.com> wrote:
On Thu, Dec 19, 2013 at 07:30:54PM +0100, Jakub Hrozek wrote:
On Wed, Dec 18, 2013 at 10:38:39PM +0000, Bryan Harris wrote:
On Dec 18, 2013, at 03:35 AM, Jakub Hrozek <jhrozek(a)redhat.com>
wrote:
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote:
On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
>Here is my output from klist -ke :
>root@client:~# klist -ke
>Keytab name: WRFILE:/etc/krb5.keytab
>KVNO Principal
>---- --------------------------------------------------------------------------
> 5 host/server.domain.local(a)DOMAIN.LOCAL (DES cbc mode with CRC-32)
> 5 host/server.domain.local(a)DOMAIN.LOCAL (DES cbc mode with RSA-MD5)
> 5 host/server.domain.local(a)DOMAIN.LOCAL (ArcFour with HMAC/md5)
> 5 host/server.domain.local(a)DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC)
> 5 host/server.domain.local(a)DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$(a)AD.EXAMPLE.COM in the keytab as well. Any chance you
used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already
contain this principal. In general, I think using Samba or realmd is
even easier and should be recommended.
When I try using the commands from the guide for using Samba, this is the output I
receive for doing with -U Administrator (see below for -k method).
net ads join -U Administrator
Enter Administrator's password:
[2013/12/18 16:35:48.221674, 0] libads/sasl.c:821(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Failed to join domain: failed to connect to AD: Invalid credentials
When I try using the -k method, this is the output.
kinit administrator
Password for administrator(a)DOMAIN.LOCAL:
root@client:/var/log/sssd# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator(a)DOMAIN.LOCAL
Valid starting Expires Service principal
12/18/13 16:34:33 12/19/13 02:34:34 krbtgt/DOMAIN.LOCAL(a)DOMAIN.LOCAL
renew until 12/25/13 16:34:33
root@client:/var/log/sssd# net ads join -k
Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over
rpc: Logon failure
Any ideas? Do you think it means I have a firewall problem? It lets me have a kerberos
ticket at least, I guess that's good?
You can run the net ads command with '-d 255' to get a full debug
output. This might help to see where the issue is.
Thanks for your help. Here is the command for net ads join with the -d 255 and the
resulting output.
net ads join -d 255 -U Administrator >& /home/bryan/bryan1.log
Password: (I type the password here)
[2013/12/20 16:30:43, 5] lib/debug.c:405(debug_dump_status)
INFO: Current debug levels:
all: True/255
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2013/12/20 16:30:43, 3] param/loadparm.c:9158(lp_load_ex)
lp_load_ex: refreshing parameters
[2013/12/20 16:30:43, 3] param/loadparm.c:4929(init_globals)
Initialising global parameters
[2013/12/20 16:30:43, 2] param/loadparm.c:4788(max_open_files)
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2013/12/20 16:30:43.705561, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2013/12/20 16:30:43.705588, 3] param/loadparm.c:7842(do_section)
Processing section "[global]"
doing parameter workgroup = domain
doing parameter client signing = yes
doing parameter client use spnego = yes
doing parameter kerberos method = secrets and keytab
doing parameter log file = /var/log/samba/%m.log
doing parameter password server = domain.local
doing parameter realm = domain.local
doing parameter security = ads
[2013/12/20 16:30:43.705683, 4] param/loadparm.c:9193(lp_load_ex)
pm_process() returned Yes
[2013/12/20 16:30:43.705702, 7] param/loadparm.c:9399(lp_servicenumber)
lp_servicenumber: couldn't find homes
[2013/12/20 16:30:43.705720, 10] param/loadparm.c:8403(set_server_role)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2013/12/20 16:30:43.705736, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2LE
[2013/12/20 16:30:43.705750, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2LE
[2013/12/20 16:30:43.705762, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16LE
[2013/12/20 16:30:43.705777, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16LE
[2013/12/20 16:30:43.705789, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2BE
[2013/12/20 16:30:43.705805, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2BE
[2013/12/20 16:30:43.705817, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16BE
[2013/12/20 16:30:43.705828, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16BE
[2013/12/20 16:30:43.705839, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF8
[2013/12/20 16:30:43.705850, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF8
[2013/12/20 16:30:43.705861, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-8
[2013/12/20 16:30:43.705873, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-8
[2013/12/20 16:30:43.705884, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset ASCII
[2013/12/20 16:30:43.705897, 5] lib/iconv.c:112(smb_register_charset)
Registered charset ASCII
[2013/12/20 16:30:43.705908, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset 646
[2013/12/20 16:30:43.705921, 5] lib/iconv.c:112(smb_register_charset)
Registered charset 646
[2013/12/20 16:30:43.705932, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset ISO-8859-1
[2013/12/20 16:30:43.705944, 5] lib/iconv.c:112(smb_register_charset)
Registered charset ISO-8859-1
[2013/12/20 16:30:43.705955, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS2-HEX
[2013/12/20 16:30:43.705966, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS2-HEX
[2013/12/20 16:30:43.705995, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706198, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706239, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706272, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706291, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706309, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706327, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706359, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706380, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706399, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706439, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706484, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706519, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706548, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:43.706605, 5] lib/util.c:276(init_names)
Netbios name list:-
my_netbios_names[0]="client"
[2013/12/20 16:30:43.706727, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=xxxx::250:xxxx:xxxx:xxxx%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2013/12/20 16:30:43.706835, 2] lib/interface.c:340(add_interface)
added interface eth1 ip=xxxx::250:xxxx:xxxx:xxxx%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
[2013/12/20 16:30:43.706869, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=CLIENT-IP-ADDRESS bcast=CLIENT-IP-ADDRESS.255
netmask=255.255.255.128
[2013/12/20 16:30:43.706887, 2] lib/interface.c:340(add_interface)
added interface eth1 ip=10.1.171.2 bcast=10.1.171.255 netmask=255.255.252.0
[2013/12/20 16:30:45.844246, 1] libnet/libnet_join.c:1963(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'client'
domain_name : *
domain_name : 'domain.local'
account_ou : NULL
admin_account : 'Administrator'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2013/12/20 16:30:45.844505, 10] libsmb/dsgetdcname.c:1132(dsgetdcname)
dsgetdcname: domain_name: domain.local, domain_guid: (null), site_name: (null), flags:
0x40001011
[2013/12/20 16:30:45.844529, 10] libsmb/dsgetdcname.c:46(debug_dsdcinfo_flags)
debug_dsdcinfo_flags: 0x40001011
DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED
DS_RETURN_DNS_NAME
[2013/12/20 16:30:45.844587, 5] lib/gencache.c:65(gencache_init)
Opening cache file at /var/run/samba/gencache.tdb
[2013/12/20 16:30:45.844657, 5] lib/gencache.c:108(gencache_init)
Opening cache file at /var/run/samba/gencache_notrans.tdb
[2013/12/20 16:30:45.844786, 10] lib/gencache.c:345(gencache_get_data_blob)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/domain.local, value =
Default-First-Site-Name, timeout = Mon Jan 18 21:14:07 2038
[2013/12/20 16:30:45.844863, 5] libads/dns.c:810(sitename_fetch)
sitename_fetch: Returning sitename for domain.local:
"Default-First-Site-Name"
[2013/12/20 16:30:45.844878, 10] libsmb/dsgetdcname.c:1045(dsgetdcname_rediscover)
dsgetdcname_rediscover
[2013/12/20 16:30:45.845720, 4] libads/dns.c:432(ads_dns_lookup_srv)
ads_dns_lookup_srv: 1 records returned in the answer section.
[2013/12/20 16:30:45.845759, 10] libads/dns.c:213(ads_dns_parse_rr_srv)
ads_dns_parse_rr_srv: Parsed server.domain.local [0, 100, 389]
[2013/12/20 16:30:45.845779, 10] libsmb/dsgetdcname.c:859(process_dc_dns)
LDAP ping to server.domain.local
[2013/12/20 16:30:45.847729, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = DSGETDCNAME/DOMAIN/domain and timeout = Fri Dec 20
16:45:45 2013
(900 seconds ahead)
[2013/12/20 16:30:45.864167, 10] libads/dns.c:775(sitename_store)
sitename_store: realm = [domain], sitename = [Default-First-Site-Name], expire =
[2147483647]
[2013/12/20 16:30:45.864197, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = AD_SITENAME/DOMAIN/domain and timeout = Mon Jan 18
21:14:07 2038
(759905002 seconds ahead)
[2013/12/20 16:30:45.864242, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = DSGETDCNAME/DOMAIN/domain.local and timeout = Fri Dec 20
16:45:45 2013
(900 seconds ahead)
[2013/12/20 16:30:45.864274, 10] libads/dns.c:775(sitename_store)
sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire =
[2147483647]
[2013/12/20 16:30:45.864290, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = AD_SITENAME/DOMAIN/domain.local and timeout = Mon Jan 18
21:14:07 2038
(759905002 seconds ahead)
[2013/12/20 16:30:45.864443, 3] libsmb/cliconnect.c:2209(cli_start_connection)
Connecting to host=server.domain.local
[2013/12/20 16:30:45.864479, 10] lib/gencache.c:345(gencache_get_data_blob)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/domain.local, value =
Default-First-Site-Name, timeout = Mon Jan 18 21:14:07 2038
[2013/12/20 16:30:45.864507, 5] libads/dns.c:810(sitename_fetch)
sitename_fetch: Returning sitename for domain.local:
"Default-First-Site-Name"
[2013/12/20 16:30:45.864526, 10] libsmb/namequery.c:1400(internal_resolve_name)
internal_resolve_name: looking up server.domain.local#20 (sitename
Default-First-Site-Name)
[2013/12/20 16:30:45.864549, 10] lib/gencache.c:345(gencache_get_data_blob)
Returning valid cache entry: key = NBT/server.domain.local#20, value =
SERVER-IP-ADDRESS173:0, timeout = Fri Dec 20 16:41:32 2013
[2013/12/20 16:30:45.864569, 5] libsmb/namecache.c:192(namecache_fetch)
name server.domain.local#20 found.
[2013/12/20 16:30:45.864630, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58530
[2013/12/20 16:30:45.864650, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58bf0
[2013/12/20 16:30:45.864664, 10] lib/events.c:131(run_events)
Running timed event "tevent_req_timedout" 0x7f9bf8e58530
[2013/12/20 16:30:45.864678, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e58530 "tevent_req_timedout"
[2013/12/20 16:30:45.864698, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58530
[2013/12/20 16:30:45.864712, 3] lib/util_sock.c:979(open_socket_out_send)
Connecting to SERVER-IP-ADDRESS173 at port 445
[2013/12/20 16:30:45.864753, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7b050
[2013/12/20 16:30:45.865466, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7b050 "tevent_req_timedout"
[2013/12/20 16:30:45.865492, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e58530 "tevent_req_timedout"
[2013/12/20 16:30:45.865522, 5] lib/util_sock.c:304(print_socket_options)
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 16384
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
[2013/12/20 16:30:45.865633, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865659, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865680, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865698, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865717, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865734, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865751, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865770, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865788, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865806, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865826, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865848, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865868, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865888, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2013/12/20 16:30:45.865936, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e568c0
[2013/12/20 16:30:45.865960, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.865974, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.866947, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e568c0 "tevent_req_timedout"
[2013/12/20 16:30:45.866979, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego)
Doing spnego session setup (blob length=136)
[2013/12/20 16:30:45.867034, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
[2013/12/20 16:30:45.867063, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego)
got principal=not_defined_in_RFC4178@please_ignore
[2013/12/20 16:30:45.867170, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
&negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0003 (3)
DomainNameMaxLen : 0x0003 (3)
DomainName : *
DomainName : 'domain'
WorkstationLen : 0x000b (11)
WorkstationMaxLen : 0x000b (11)
Workstation : *
Workstation : 'client'
[2013/12/20 16:30:45.867424, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.867440, 10] ../lib/util/util.c:278(_dump_data)
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
[2013/12/20 16:30:45.867462, 6] libsmb/clientgen.c:323(write_socket)
write_socket(7,166)
[2013/12/20 16:30:45.867487, 6] libsmb/clientgen.c:326(write_socket)
write_socket(7,166) wrote 166
[2013/12/20 16:30:45.868131, 10] lib/util_sock.c:731(read_smb_length_return_keepalive)
got smb length of 454
[2013/12/20 16:30:45.868163, 5] lib/util.c:617(show_msg)
[2013/12/20 16:30:45.868174, 5] lib/util.c:627(show_msg)
size=454
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=20998
smb_uid=2048
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 454 (0x1C6)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 235 (0xEB)
smb_bcc=411
[2013/12/20 16:30:45.868240, 10] ../lib/util/util.c:278(_dump_data)
[0000] A1 81 E8 30 81 E5 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 CF 04 81 CC 4E .....7.. .......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8
[0030] 00 00 00 15 82 89 62 C1 FB 05 17 2B 9F DB B8 00 ......b. ...+....
[0040] 00 00 00 00 00 00 00 8E 00 8E 00 3E 00 00 00 06 ........ ...>....
[0050] 01 B1 1D 00 00 00 0F 50 00 32 00 50 00 02 00 06
[0060] 00 50 00 32 00 50 00 01 00 16 00 41 00 47 00 45
[0070] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30
[0080] 00 04 00 12 00 70 00 32 00 70 00 2E 00 6C 00 6F
[0090] 00 63 00 61 00 6C 00 03 00 2A 00 41 00 47 00 45
[00A0] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30
[00B0] 00 2E 00 70 00 32 00 70 00 2E 00 6C 00 6F 00 63
[00C0] 00 61 00 6C 00 05 00 12 00 70 00 32 00 70 00 2E
[00D0] 00 6C 00 6F 00 63 00 61 00 6C 00 07 00 08 00 08 .l.o.c.a .l......
[00E0] 6A F5 1F D3 FD CE 01 00 00 00 00 57 00 69 00 6E j....... ...W.i.n
[00F0] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r
[0100] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 38 .v.e.r. .2.0.0.8
[0110] 00 20 00 52 00 32 00 20 00 53 00 74 00 61 00 6E . .R.2. .S.t.a.n
[0120] 00 64 00 61 00 72 00 64 00 20 00 37 00 36 00 30 .d.a.r.d . .7.6.0
[0130] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c
[0140] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1
[0150] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s
[0160] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r.
[0170] 00 32 00 30 00 30 00 38 00 20 00 52 00 32 00 20 .2.0.0.8 . .R.2.
[0180] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d
[0190] 00 20 00 36 00 2E 00 31 00 00 00 . .6...1 ...
[2013/12/20 16:30:45.868606, 5] lib/util.c:617(show_msg)
[2013/12/20 16:30:45.868615, 5] lib/util.c:627(show_msg)
size=454
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=20998
smb_uid=2048
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 454 (0x1C6)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 235 (0xEB)
smb_bcc=411
[2013/12/20 16:30:45.868683, 10] ../lib/util/util.c:278(_dump_data)
[0000] A1 81 E8 30 81 E5 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 CF 04 81 CC 4E .....7.. .......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8
[0030] 00 00 00 15 82 89 62 C1 FB 05 17 2B 9F DB B8 00 ......b. ...+....
[0040] 00 00 00 00 00 00 00 8E 00 8E 00 3E 00 00 00 06 ........ ...>....
[0050] 01 B1 1D 00 00 00 0F 50 00 32 00 50 00 02 00 06
[0060] 00 50 00 32 00 50 00 01 00 16 00 41 00 47 00 45
[0070] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30 .
[0080] 00 04 00 12 00 70 00 32 00 70 00 2E 00 6C 00 6F .
[0090] 00 63 00 61 00 6C 00 03 00 2A 00 41 00 47 00 45 .c.a.l.. .*
[00A0] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30
[00B0] 00 2E 00 70 00 32 00 70 00 2E 00 6C 00 6F 00 63 ...l.o.c
[00C0] 00 61 00 6C 00 05 00 12 00 70 00 32 00 70 00 2E .a.l.... .
[00D0] 00 6C 00 6F 00 63 00 61 00 6C 00 07 00 08 00 08 .l.o.c.a .l......
[00E0] 6A F5 1F D3 FD CE 01 00 00 00 00 57 00 69 00 6E j....... ...W.i.n
[00F0] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r
[0100] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 38 .v.e.r. .2.0.0.8
[0110] 00 20 00 52 00 32 00 20 00 53 00 74 00 61 00 6E . .R.2. .S.t.a.n
[0120] 00 64 00 61 00 72 00 64 00 20 00 37 00 36 00 30 .d.a.r.d . .7.6.0
[0130] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c
[0140] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1
[0150] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s
[0160] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r.
[0170] 00 32 00 30 00 30 00 38 00 20 00 52 00 32 00 20 .2.0.0.8 . .R.2.
[0180] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d
[0190] 00 20 00 36 00 2E 00 31 00 00 00 . .6...1 ...
[2013/12/20 16:30:45.869082, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
&challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x0006 (6)
TargetNameMaxLen : 0x0006 (6)
TargetName : *
TargetName : 'domain'
NegotiateFlags : 0x62898215 (1653178901)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : c1fb05172b9fdbb8
Reserved : 0000000000000000
TargetInfoLen : 0x008e (142)
TargetNameInfoMaxLen : 0x008e (142)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000007 (7)
pair: ARRAY(7)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x0006 (6)
Value : union ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'domain'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName (0x1)
AvLen : 0x0016 (22)
Value : union ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'server'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName (0x4)
AvLen : 0x0012 (18)
Value : union ntlmssp_AvValue(case 0x4)
AvDnsDomainName : 'domain.local'
pair: struct AV_PAIR
AvId : MsvAvDnsComputerName (0x3)
AvLen : 0x002a (42)
Value : union ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'server.domain.local'
pair: struct AV_PAIR
AvId : MsvAvDnsTreeName (0x5)
AvLen : 0x0012 (18)
Value : union ntlmssp_AvValue(case 0x5)
AvDnsTreeName : 'domain.local'
pair: struct AV_PAIR
AvId : MsvAvTimestamp (0x7)
AvLen : 0x0008 (8)
Value : union ntlmssp_AvValue(case 0x7)
AvTimestamp : Fri 20 Dec 2013 04:30:46 PM CST CST
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union ntlmssp_AvValue(case 0x0)
Version: struct VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1)
ProductBuild : 0x1db1 (7601)
Reserved : 000000
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF)
[2013/12/20 16:30:45.869592, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
Got challenge flags:
[2013/12/20 16:30:45.869607, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2013/12/20 16:30:45.869655, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2013/12/20 16:30:45.869666, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2013/12/20 16:30:45.869724, 5] libsmb/ntlmssp.c:1196(ntlmssp_client_challenge)
NTLMSSP challenge set by NTLM2
[2013/12/20 16:30:45.869738, 5] libsmb/ntlmssp.c:1197(ntlmssp_client_challenge)
challenge is:
[2013/12/20 16:30:45.869750, 5] ../lib/util/util.c:278(_dump_data)
[0000] C2 40 94 90 D4 45 3F D1 .@...E?.
[2013/12/20 16:30:45.869875, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
&authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
1199e79531025a6c00000000000000000000000000000000
NtChallengeResponseLen : 0x0018 (24)
NtChallengeResponseMaxLen: 0x0018 (24)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 24)
v1: struct NTLM_RESPONSE
Response :
55e815f291e9110c2d25740ec7051d315b5f4a95963d393b
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
UserNameLen : 0x001a (26)
UserNameMaxLen : 0x001a (26)
UserName : *
UserName : 'Administrator'
WorkstationLen : 0x0016 (22)
WorkstationMaxLen : 0x0016 (22)
Workstation : *
Workstation : 'client'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[2013/12/20 16:30:45.870065, 10] ../lib/util/util.c:278(_dump_data)
[0000] 66 EF E4 AE 19 31 E2 DC 60 85 65 3B DD 40 13 37 f....1.. `.e;.@.7
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
[2013/12/20 16:30:45.870230, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2013/12/20 16:30:45.870243, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2013/12/20 16:30:45.870307, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.870321, 10] ../lib/util/util.c:278(_dump_data)
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
[2013/12/20 16:30:45.870341, 6] libsmb/clientgen.c:323(write_socket)
write_socket(7,274)
[2013/12/20 16:30:45.870367, 6] libsmb/clientgen.c:326(write_socket)
write_socket(7,274) wrote 274
[2013/12/20 16:30:45.872026, 10] lib/util_sock.c:731(read_smb_length_return_keepalive)
got smb length of 228
[2013/12/20 16:30:45.872058, 5] lib/util.c:617(show_msg)
[2013/12/20 16:30:45.872068, 5] lib/util.c:627(show_msg)
size=228
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=20998
smb_uid=2048
smb_mid=3
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 228 (0xE4)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=185
[2013/12/20 16:30:45.872135, 10] ../lib/util/util.c:278(_dump_data)
[0000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d
[0010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v
[0020] 00 65 00 72 00 20 00 32 00 30 00 30 00 38 00 20 .e.r. .2 .0.0.8.
[0030] 00 52 00 32 00 20 00 53 00 74 00 61 00 6E 00 64 .R.2. .S .t.a.n.d
[0040] 00 61 00 72 00 64 00 20 00 37 00 36 00 30 00 31 .a.r.d. .7.6.0.1
[0050] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e
[0060] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1..
[0070] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[0080] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2
[0090] 00 30 00 30 00 38 00 20 00 52 00 32 00 20 00 53 .0.0.8. .R.2. .S
[00A0] 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 00 20 .t.a.n.d .a.r.d.
[00B0] 00 36 00 2E 00 31 00 00 00 .6...1.. .
[2013/12/20 16:30:45.872305, 5] lib/util.c:617(show_msg)
[2013/12/20 16:30:45.872313, 5] lib/util.c:627(show_msg)
size=228
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=20998
smb_uid=2048
smb_mid=3
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 228 (0xE4)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=185
[2013/12/20 16:30:45.872378, 10] ../lib/util/util.c:278(_dump_data)
[0000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d
[0010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v
[0020] 00 65 00 72 00 20 00 32 00 30 00 30 00 38 00 20 .e.r. .2 .0.0.8.
[0030] 00 52 00 32 00 20 00 53 00 74 00 61 00 6E 00 64 .R.2. .S .t.a.n.d
[0040] 00 61 00 72 00 64 00 20 00 37 00 36 00 30 00 31 .a.r.d. .7.6.0.1
[0050] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e
[0060] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1..
[0070] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[0080] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2
[0090] 00 30 00 30 00 38 00 20 00 52 00 32 00 20 00 53 .0.0.8. .R.2. .S
[00A0] 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 00 20 .t.a.n.d .a.r.d.
[00B0] 00 36 00 2E 00 31 00 00 00 .6...1.. .
[2013/12/20 16:30:45.872551, 10] libsmb/smb_signing.c:320(smb_signing_activate)
smb_signing_activate: user_session_key
[2013/12/20 16:30:45.872565, 10] ../lib/util/util.c:278(_dump_data)
[0000] 4D 0B 9B FF B2 93 E0 63 4A 65 D7 32 48 CA 64 53 M......c Je.2H.dS
[2013/12/20 16:30:45.872587, 10] libsmb/smb_signing.c:329(smb_signing_activate)
smb_signing_activate: NULL response_data
[2013/12/20 16:30:45.872598, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 1
[2013/12/20 16:30:45.872620, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 1: got good SMB signature of
[2013/12/20 16:30:45.872640, 10] ../lib/util/util.c:278(_dump_data)
[0000] 05 76 28 D3 A0 14 21 AB .v(...!.
[2013/12/20 16:30:45.872687, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58740
[2013/12/20 16:30:45.872704, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 2
[2013/12/20 16:30:45.872718, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.872729, 10] ../lib/util/util.c:278(_dump_data)
[0000] C2 D1 98 BA 38 1B 86 D2 ....8...
[2013/12/20 16:30:45.872751, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.872764, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.873123, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 3
[2013/12/20 16:30:45.873151, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 3: got good SMB signature of
[2013/12/20 16:30:45.873164, 10] ../lib/util/util.c:278(_dump_data)
[0000] B7 B3 61 FF 61 29 BF 83 ..a.a)..
[2013/12/20 16:30:45.873189, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e58740 "tevent_req_timedout"
[2013/12/20 16:30:45.873204, 10] libsmb/clientgen.c:553(cli_init_creds)
cli_init_creds: user Administrator domain
[2013/12/20 16:30:45.873310, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58c40
[2013/12/20 16:30:45.873330, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 4
[2013/12/20 16:30:45.873344, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.873356, 10] ../lib/util/util.c:278(_dump_data)
[0000] C3 0D B9 47 1B 70 E9 AC ...G.p..
[2013/12/20 16:30:45.873378, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.873392, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.873910, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 5
[2013/12/20 16:30:45.873937, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 5: got good SMB signature of
[2013/12/20 16:30:45.873950, 10] ../lib/util/util.c:278(_dump_data)
[0000] F2 85 3A 58 63 5A 5F A3 ..:XcZ_.
[2013/12/20 16:30:45.873978, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e58c40 "tevent_req_timedout"
[2013/12/20 16:30:45.874002, 5] rpc_client/cli_pipe.c:2663(rpc_pipe_bind_send)
Bind RPC Pipe: host server.domain.local auth_type 0, auth_level 1
[2013/12/20 16:30:45.874028, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000001
[2013/12/20 16:30:45.874097, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_rb
[2013/12/20 16:30:45.874110, 6] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_contexts: 01
001c context_id : 0000
001e num_transfer_syntaxes: 01
[2013/12/20 16:30:45.874151, 6] rpc_parse/parse_prs.c:89(prs_debug)
00001f smb_io_rpc_iface
[2013/12/20 16:30:45.874163, 7] rpc_parse/parse_prs.c:89(prs_debug)
000020 smb_io_uuid uuid
0020 data : 12345778
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 89 ab
0030 version: 00000000
[2013/12/20 16:30:45.874219, 6] rpc_parse/parse_prs.c:89(prs_debug)
000034 smb_io_rpc_iface
[2013/12/20 16:30:45.874232, 7] rpc_parse/parse_prs.c:89(prs_debug)
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
[2013/12/20 16:30:45.874277, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.874298, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72,
this_data=72, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.874324, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58c50
[2013/12/20 16:30:45.874337, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 6
[2013/12/20 16:30:45.874351, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.874364, 10] ../lib/util/util.c:278(_dump_data)
[0000] E5 43 16 FF A2 43 C6 45 .C...C.E
[2013/12/20 16:30:45.874386, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.874400, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.874832, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 7
[2013/12/20 16:30:45.874860, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 7: got good SMB signature of
[2013/12/20 16:30:45.874873, 10] ../lib/util/util.c:278(_dump_data)
[0000] 45 90 59 C5 D4 EB 07 59 E.Y....Y
[2013/12/20 16:30:45.874902, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e58c50 "tevent_req_timedout"
[2013/12/20 16:30:45.874923, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000001
[2013/12/20 16:30:45.874988, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7b770
[2013/12/20 16:30:45.875003, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7b770
[2013/12/20 16:30:45.875018, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.875038, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 68 bytes.
[2013/12/20 16:30:45.875053, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000001
[2013/12/20 16:30:45.875116, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_ba
[2013/12/20 16:30:45.875129, 6] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00004715
[2013/12/20 16:30:45.875155, 6] rpc_parse/parse_prs.c:89(prs_debug)
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \pipe\lsass.
[2013/12/20 16:30:45.875191, 6] rpc_parse/parse_prs.c:89(prs_debug)
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
[2013/12/20 16:30:45.875219, 6] rpc_parse/parse_prs.c:89(prs_debug)
000030 smb_io_rpc_iface
[2013/12/20 16:30:45.875231, 7] rpc_parse/parse_prs.c:89(prs_debug)
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
[2013/12/20 16:30:45.875275, 5] rpc_client/cli_pipe.c:2510(check_bind_response)
check_bind_response: accepted!
[2013/12/20 16:30:45.875290, 10]
rpc_client/cli_pipe.c:3847(cli_rpc_pipe_open_noauth_transport)
cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine server.domain.local and bound
anonymously.
[2013/12/20 16:30:45.875316, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
[2013/12/20 16:30:45.875533, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000002
[2013/12/20 16:30:45.875598, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000002c
0014 context_id: 0000
0016 opnum : 0006
[2013/12/20 16:30:45.875626, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.875642, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68,
this_data=68, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.875661, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7ab90
[2013/12/20 16:30:45.875674, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 8
[2013/12/20 16:30:45.875687, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.875699, 10] ../lib/util/util.c:278(_dump_data)
[0000] 3C 59 CF F6 02 27 AC C8 <Y...'..
[2013/12/20 16:30:45.875728, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.875742, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.876306, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 9
[2013/12/20 16:30:45.876335, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 9: got good SMB signature of
[2013/12/20 16:30:45.876348, 10] ../lib/util/util.c:278(_dump_data)
[0000] 93 9A 6D D7 4E 19 66 45 ..m.N.fE
[2013/12/20 16:30:45.876373, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7ab90 "tevent_req_timedout"
[2013/12/20 16:30:45.876390, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000002
[2013/12/20 16:30:45.876455, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d1b0
[2013/12/20 16:30:45.876468, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d1b0
[2013/12/20 16:30:45.876482, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.876514, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.876528, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.876541, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.876562, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : c90388b2-2fa0-4542-8aa9-58d341bcc314
result : NT_STATUS_OK
[2013/12/20 16:30:45.876626, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : c90388b2-2fa0-4542-8aa9-58d341bcc314
level : LSA_POLICY_INFO_DNS (12)
[2013/12/20 16:30:45.876693, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002e
000a auth_len : 0000
000c call_id : 00000003
[2013/12/20 16:30:45.876759, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000016
0014 context_id: 0000
0016 opnum : 002e
[2013/12/20 16:30:45.876787, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.876803, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46,
this_data=46, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.876830, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7be60
[2013/12/20 16:30:45.876845, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 10
[2013/12/20 16:30:45.876858, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.876870, 10] ../lib/util/util.c:278(_dump_data)
[0000] 83 23 D0 F7 BD F3 19 77 .#.....w
[2013/12/20 16:30:45.876893, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.876907, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.877374, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 11
[2013/12/20 16:30:45.877403, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 11: got good SMB signature of
[2013/12/20 16:30:45.877416, 10] ../lib/util/util.c:278(_dump_data)
[0000] A9 AE D7 56 76 1E 83 DF ...Vv...
[2013/12/20 16:30:45.877440, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7be60 "tevent_req_timedout"
[2013/12/20 16:30:45.877458, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00c0
000a auth_len : 0000
000c call_id : 00000003
[2013/12/20 16:30:45.877523, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a9d0
[2013/12/20 16:30:45.877537, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a9d0
[2013/12/20 16:30:45.877550, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 000000a8
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.877582, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 192, data_len 168, ss_len 0
[2013/12/20 16:30:45.877596, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.877609, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 336 bytes.
[2013/12/20 16:30:45.877641, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0006 (6)
size : 0x0008 (8)
string : *
string : 'domain'
dns_domain: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'domain.local'
dns_forest: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'domain.local'
domain_guid : 98e9bb81-fc49-4cdd-9de2-8cee06eeee7e
sid : *
sid :
S-1-5-21-404543544-4040226311-1825311824
result : NT_STATUS_OK
[2013/12/20 16:30:45.877838, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : c90388b2-2fa0-4542-8aa9-58d341bcc314
[2013/12/20 16:30:45.877898, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002c
000a auth_len : 0000
000c call_id : 00000004
[2013/12/20 16:30:45.877964, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000014
0014 context_id: 0000
0016 opnum : 0000
[2013/12/20 16:30:45.877992, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.878008, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44,
this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.878026, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7c280
[2013/12/20 16:30:45.878040, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 12
[2013/12/20 16:30:45.878053, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.878065, 10] ../lib/util/util.c:278(_dump_data)
[0000] 58 30 6A 99 10 BB 67 0F X0j...g.
[2013/12/20 16:30:45.878088, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.878101, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.878570, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 13
[2013/12/20 16:30:45.878598, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 13: got good SMB signature of
[2013/12/20 16:30:45.878611, 10] ../lib/util/util.c:278(_dump_data)
[0000] 31 5E 28 79 99 D0 6B 4F 1^(y..kO
[2013/12/20 16:30:45.878635, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7c280 "tevent_req_timedout"
[2013/12/20 16:30:45.878652, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000004
[2013/12/20 16:30:45.878717, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e58170
[2013/12/20 16:30:45.878731, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e58170
[2013/12/20 16:30:45.878744, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.878776, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.878789, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.878811, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.878844, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2013/12/20 16:30:45.878910, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7a6a0
[2013/12/20 16:30:45.878925, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 14
[2013/12/20 16:30:45.878938, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.878949, 10] ../lib/util/util.c:278(_dump_data)
[0000] 21 C6 4B 54 9E F4 62 A8 !.KT..b.
[2013/12/20 16:30:45.878972, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.878985, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.879372, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 15
[2013/12/20 16:30:45.879399, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 15: got good SMB signature of
[2013/12/20 16:30:45.879412, 10] ../lib/util/util.c:278(_dump_data)
[0000] 4B 78 F9 83 32 0B AC F3 Kx..2...
[2013/12/20 16:30:45.879435, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7a6a0 "tevent_req_timedout"
[2013/12/20 16:30:45.879456, 10]
rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor)
rpc_pipe_destructor: closed \lsarpc
[2013/12/20 16:30:45.879507, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7bd10
[2013/12/20 16:30:45.879523, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 16
[2013/12/20 16:30:45.879537, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.879548, 10] ../lib/util/util.c:278(_dump_data)
[0000] 57 4A 89 B2 C7 84 6B 00 WJ....k.
[2013/12/20 16:30:45.879571, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.879585, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.880030, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 17
[2013/12/20 16:30:45.880060, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 17: got good SMB signature of
[2013/12/20 16:30:45.880072, 10] ../lib/util/util.c:278(_dump_data)
[0000] 53 C1 AF A5 CE 6A 62 57 S....jbW
[2013/12/20 16:30:45.880096, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7bd10 "tevent_req_timedout"
[2013/12/20 16:30:45.880116, 5] rpc_client/cli_pipe.c:2663(rpc_pipe_bind_send)
Bind RPC Pipe: host server.domain.local auth_type 0, auth_level 1
[2013/12/20 16:30:45.880132, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000005
[2013/12/20 16:30:45.880198, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_rb
[2013/12/20 16:30:45.880220, 6] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_contexts: 01
001c context_id : 0000
001e num_transfer_syntaxes: 01
[2013/12/20 16:30:45.880262, 6] rpc_parse/parse_prs.c:89(prs_debug)
00001f smb_io_rpc_iface
[2013/12/20 16:30:45.880275, 7] rpc_parse/parse_prs.c:89(prs_debug)
000020 smb_io_uuid uuid
0020 data : 12345778
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 89 ac
0030 version: 00000001
[2013/12/20 16:30:45.880321, 6] rpc_parse/parse_prs.c:89(prs_debug)
000034 smb_io_rpc_iface
[2013/12/20 16:30:45.880333, 7] rpc_parse/parse_prs.c:89(prs_debug)
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
[2013/12/20 16:30:45.880379, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.880396, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72,
this_data=72, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.880419, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7b770
[2013/12/20 16:30:45.880433, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 18
[2013/12/20 16:30:45.880446, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.880458, 10] ../lib/util/util.c:278(_dump_data)
[0000] CA 5C 8C 00 C2 AB FD 22 .\....."
[2013/12/20 16:30:45.880481, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.880494, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.881088, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 19
[2013/12/20 16:30:45.881117, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 19: got good SMB signature of
[2013/12/20 16:30:45.881129, 10] ../lib/util/util.c:278(_dump_data)
[0000] 54 82 F9 B4 2C E4 16 2E T...,...
[2013/12/20 16:30:45.881154, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7b770 "tevent_req_timedout"
[2013/12/20 16:30:45.881173, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000005
[2013/12/20 16:30:45.881241, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a000
[2013/12/20 16:30:45.881255, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a000
[2013/12/20 16:30:45.881268, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.881281, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 68 bytes.
[2013/12/20 16:30:45.881296, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000005
[2013/12/20 16:30:45.881369, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_ba
[2013/12/20 16:30:45.881382, 6] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00004716
[2013/12/20 16:30:45.881409, 6] rpc_parse/parse_prs.c:89(prs_debug)
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \pipe\lsass.
[2013/12/20 16:30:45.881434, 6] rpc_parse/parse_prs.c:89(prs_debug)
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
[2013/12/20 16:30:45.881461, 6] rpc_parse/parse_prs.c:89(prs_debug)
000030 smb_io_rpc_iface
[2013/12/20 16:30:45.881516, 7] rpc_parse/parse_prs.c:89(prs_debug)
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
[2013/12/20 16:30:45.881569, 5] rpc_client/cli_pipe.c:2510(check_bind_response)
check_bind_response: accepted!
[2013/12/20 16:30:45.881585, 10]
rpc_client/cli_pipe.c:3847(cli_rpc_pipe_open_noauth_transport)
cli_rpc_pipe_open_noauth: opened pipe \samr to machine server.domain.local and bound
anonymously.
[2013/12/20 16:30:45.881609, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Connect2: struct samr_Connect2
in: struct samr_Connect2
system_name : *
system_name : 'server.domain.local'
access_mask : 0x00000030 (48)
0: SAMR_ACCESS_CONNECT_TO_SERVER
0: SAMR_ACCESS_SHUTDOWN_SERVER
0: SAMR_ACCESS_INITIALIZE_SERVER
0: SAMR_ACCESS_CREATE_DOMAIN
1: SAMR_ACCESS_ENUM_DOMAINS
1: SAMR_ACCESS_LOOKUP_DOMAIN
[2013/12/20 16:30:45.881694, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0058
000a auth_len : 0000
000c call_id : 00000006
[2013/12/20 16:30:45.881759, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000040
0014 context_id: 0000
0016 opnum : 0039
[2013/12/20 16:30:45.881787, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.881804, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=88,
this_data=88, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.881823, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7c5b0
[2013/12/20 16:30:45.881837, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 20
[2013/12/20 16:30:45.881851, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.881863, 10] ../lib/util/util.c:278(_dump_data)
[0000] F7 F8 1F 76 E8 78 D3 B3 ...v.x..
[2013/12/20 16:30:45.881886, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.881901, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.882445, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 21
[2013/12/20 16:30:45.882473, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 21: got good SMB signature of
[2013/12/20 16:30:45.882495, 10] ../lib/util/util.c:278(_dump_data)
[0000] CB 5C E4 06 70 6D 8C 03 .\..pm..
[2013/12/20 16:30:45.882519, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7c5b0 "tevent_req_timedout"
[2013/12/20 16:30:45.882537, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000006
[2013/12/20 16:30:45.882602, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7aa90
[2013/12/20 16:30:45.882616, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7aa90
[2013/12/20 16:30:45.882628, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.882660, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.882674, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.882687, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.882711, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Connect2: struct samr_Connect2
out: struct samr_Connect2
connect_handle : *
connect_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 6262cece-f30f-478e-b8cf-8c6631a80dc6
result : NT_STATUS_OK
[2013/12/20 16:30:45.882774, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_OpenDomain: struct samr_OpenDomain
in: struct samr_OpenDomain
connect_handle : *
connect_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 6262cece-f30f-478e-b8cf-8c6631a80dc6
access_mask : 0x00000211 (529)
1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
0: SAMR_DOMAIN_ACCESS_SET_INFO_1
0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
0: SAMR_DOMAIN_ACCESS_SET_INFO_2
1: SAMR_DOMAIN_ACCESS_CREATE_USER
0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
0: SAMR_DOMAIN_ACCESS_SET_INFO_3
sid : *
sid : S-1-5-21-404543544-4040226311-1825311824
[2013/12/20 16:30:45.882912, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 004c
000a auth_len : 0000
000c call_id : 00000007
[2013/12/20 16:30:45.882977, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000034
0014 context_id: 0000
0016 opnum : 0007
[2013/12/20 16:30:45.883006, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.883030, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76,
this_data=76, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.883050, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7dbc0
[2013/12/20 16:30:45.883064, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 22
[2013/12/20 16:30:45.883078, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.883089, 10] ../lib/util/util.c:278(_dump_data)
[0000] EB 20 6E 4A E0 C3 1A 70 . nJ...p
[2013/12/20 16:30:45.883112, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.883127, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.883726, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 23
[2013/12/20 16:30:45.883754, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 23: got good SMB signature of
[2013/12/20 16:30:45.883767, 10] ../lib/util/util.c:278(_dump_data)
[0000] C6 1D FB 9B 6B 8B E2 7A ....k..z
[2013/12/20 16:30:45.883791, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7dbc0 "tevent_req_timedout"
[2013/12/20 16:30:45.883808, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 00000007
[2013/12/20 16:30:45.883884, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a710
[2013/12/20 16:30:45.883899, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a710
[2013/12/20 16:30:45.883913, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.883972, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.883988, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.884001, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.884026, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_OpenDomain: struct samr_OpenDomain
out: struct samr_OpenDomain
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5
result : NT_STATUS_OK
[2013/12/20 16:30:45.884085, 10] libnet/libnet_join.c:892(libnet_join_joindomain_rpc)
Creating account with desired access mask: -536543056
[2013/12/20 16:30:45.884101, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_CreateUser2: struct samr_CreateUser2
in: struct samr_CreateUser2
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5
account_name : *
account_name: struct lsa_String
length : 0x0018 (24)
size : 0x0018 (24)
string : *
string : 'client$'
acct_flags : 0x00000080 (128)
0: ACB_DISABLED
0: ACB_HOMDIRREQ
0: ACB_PWNOTREQ
0: ACB_TEMPDUP
0: ACB_NORMAL
0: ACB_MNS
0: ACB_DOMTRUST
1: ACB_WSTRUST
0: ACB_SVRTRUST
0: ACB_PWNOEXP
0: ACB_AUTOLOCK
0: ACB_ENC_TXT_PWD_ALLOWED
0: ACB_SMARTCARD_REQUIRED
0: ACB_TRUSTED_FOR_DELEGATION
0: ACB_NOT_DELEGATED
0: ACB_USE_DES_KEY_ONLY
0: ACB_DONT_REQUIRE_PREAUTH
0: ACB_PW_EXPIRED
0: ACB_NO_AUTH_DATA_REQD
access_mask : 0xe00500b0 (3758424240)
0: SAMR_USER_ACCESS_GET_NAME_ETC
0: SAMR_USER_ACCESS_GET_LOCALE
0: SAMR_USER_ACCESS_SET_LOC_COM
0: SAMR_USER_ACCESS_GET_LOGONINFO
1: SAMR_USER_ACCESS_GET_ATTRIBUTES
1: SAMR_USER_ACCESS_SET_ATTRIBUTES
0: SAMR_USER_ACCESS_CHANGE_PASSWORD
1: SAMR_USER_ACCESS_SET_PASSWORD
0: SAMR_USER_ACCESS_GET_GROUPS
0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
[2013/12/20 16:30:45.884388, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0060
000a auth_len : 0000
000c call_id : 00000008
[2013/12/20 16:30:45.884457, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000048
0014 context_id: 0000
0016 opnum : 0032
[2013/12/20 16:30:45.884485, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.884502, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=96,
this_data=96, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.884520, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7de50
[2013/12/20 16:30:45.884534, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 24
[2013/12/20 16:30:45.884548, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.884559, 10] ../lib/util/util.c:278(_dump_data)
[0000] 82 67 24 B4 9F E2 EA AE .g$.....
[2013/12/20 16:30:45.884582, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.884596, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.885344, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 25
[2013/12/20 16:30:45.885372, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 25: got good SMB signature of
[2013/12/20 16:30:45.885385, 10] ../lib/util/util.c:278(_dump_data)
[0000] F6 1B E3 EF 31 CB EC 80 ....1...
[2013/12/20 16:30:45.885409, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7de50 "tevent_req_timedout"
[2013/12/20 16:30:45.885435, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0038
000a auth_len : 0000
000c call_id : 00000008
[2013/12/20 16:30:45.885502, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7c970
[2013/12/20 16:30:45.885516, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7c970
[2013/12/20 16:30:45.885529, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000020
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.885561, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0
[2013/12/20 16:30:45.885574, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.885588, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 64 bytes.
[2013/12/20 16:30:45.885613, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_CreateUser2: struct samr_CreateUser2
out: struct samr_CreateUser2
user_handle : *
user_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
access_granted : *
access_granted : 0x00000000 (0)
rid : *
rid : 0x00000000 (0)
result : NT_STATUS_USER_EXISTS
[2013/12/20 16:30:45.885698, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_LookupNames: struct samr_LookupNames
in: struct samr_LookupNames
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5
num_names : 0x00000001 (1)
names: ARRAY(1)
names: struct lsa_String
length : 0x0018 (24)
size : 0x0018 (24)
string : *
string : 'client$'
[2013/12/20 16:30:45.885800, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0068
000a auth_len : 0000
000c call_id : 00000009
[2013/12/20 16:30:45.885867, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000050
0014 context_id: 0000
0016 opnum : 0011
[2013/12/20 16:30:45.885896, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.885912, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=104,
this_data=104, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.885931, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58740
[2013/12/20 16:30:45.885945, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 26
[2013/12/20 16:30:45.885958, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.885977, 10] ../lib/util/util.c:278(_dump_data)
[0000] 4C 3F DD 1B 11 2B E7 2A L?...+.*
[2013/12/20 16:30:45.886000, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.886014, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.886659, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 27
[2013/12/20 16:30:45.886687, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 27: got good SMB signature of
[2013/12/20 16:30:45.886700, 10] ../lib/util/util.c:278(_dump_data)
[0000] F8 6F 98 59 70 47 04 AF .o.YpG..
[2013/12/20 16:30:45.886724, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e58740 "tevent_req_timedout"
[2013/12/20 16:30:45.886741, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 003c
000a auth_len : 0000
000c call_id : 00000009
[2013/12/20 16:30:45.886807, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e58740
[2013/12/20 16:30:45.886821, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e58740
[2013/12/20 16:30:45.886843, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000024
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.886877, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0
[2013/12/20 16:30:45.886890, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.886904, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 72 bytes.
[2013/12/20 16:30:45.886929, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_LookupNames: struct samr_LookupNames
out: struct samr_LookupNames
rids : *
rids: struct samr_Ids
count : 0x00000001 (1)
ids : *
ids: ARRAY(1)
ids : 0x00000456 (1110)
types : *
types: struct samr_Ids
count : 0x00000001 (1)
ids : *
ids: ARRAY(1)
ids : 0x00000001 (1)
result : NT_STATUS_OK
[2013/12/20 16:30:45.887034, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_OpenUser: struct samr_OpenUser
in: struct samr_OpenUser
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5
access_mask : 0x02000000 (33554432)
0: SAMR_USER_ACCESS_GET_NAME_ETC
0: SAMR_USER_ACCESS_GET_LOCALE
0: SAMR_USER_ACCESS_SET_LOC_COM
0: SAMR_USER_ACCESS_GET_LOGONINFO
0: SAMR_USER_ACCESS_GET_ATTRIBUTES
0: SAMR_USER_ACCESS_SET_ATTRIBUTES
0: SAMR_USER_ACCESS_CHANGE_PASSWORD
0: SAMR_USER_ACCESS_SET_PASSWORD
0: SAMR_USER_ACCESS_GET_GROUPS
0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
rid : 0x00000456 (1110)
[2013/12/20 16:30:45.887174, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0034
000a auth_len : 0000
000c call_id : 0000000a
[2013/12/20 16:30:45.887243, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000001c
0014 context_id: 0000
0016 opnum : 0022
[2013/12/20 16:30:45.887271, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.887288, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52,
this_data=52, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.887307, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7d6c0
[2013/12/20 16:30:45.887320, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 28
[2013/12/20 16:30:45.887334, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.887346, 10] ../lib/util/util.c:278(_dump_data)
[0000] 1E 0F 7A 41 9F D8 BF 29 ..zA...)
[2013/12/20 16:30:45.887369, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.887382, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.888049, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 29
[2013/12/20 16:30:45.888079, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 29: got good SMB signature of
[2013/12/20 16:30:45.888092, 10] ../lib/util/util.c:278(_dump_data)
[0000] 98 6C 53 89 BA D7 4C 36 .lS...L6
[2013/12/20 16:30:45.888116, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7d6c0 "tevent_req_timedout"
[2013/12/20 16:30:45.888133, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 0000000a
[2013/12/20 16:30:45.888198, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0
[2013/12/20 16:30:45.888211, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0
[2013/12/20 16:30:45.888224, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.888257, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.888270, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.888284, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.888307, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_OpenUser: struct samr_OpenUser
out: struct samr_OpenUser
user_handle : *
user_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 44b94794-e84c-4039-b91c-cbd77709aad4
result : NT_STATUS_OK
[2013/12/20 16:30:45.888375, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_SetUserInfo: struct samr_SetUserInfo
in: struct samr_SetUserInfo
user_handle : *
user_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 44b94794-e84c-4039-b91c-cbd77709aad4
level : UserControlInformation (16)
info : *
info : union samr_UserInfo(case 16)
info16: struct samr_UserInfo16
acct_flags : 0x00000280 (640)
0: ACB_DISABLED
0: ACB_HOMDIRREQ
0: ACB_PWNOTREQ
0: ACB_TEMPDUP
0: ACB_NORMAL
0: ACB_MNS
0: ACB_DOMTRUST
1: ACB_WSTRUST
0: ACB_SVRTRUST
1: ACB_PWNOEXP
0: ACB_AUTOLOCK
0: ACB_ENC_TXT_PWD_ALLOWED
0: ACB_SMARTCARD_REQUIRED
0: ACB_TRUSTED_FOR_DELEGATION
0: ACB_NOT_DELEGATED
0: ACB_USE_DES_KEY_ONLY
0: ACB_DONT_REQUIRE_PREAUTH
0: ACB_PW_EXPIRED
0: ACB_NO_AUTH_DATA_REQD
[2013/12/20 16:30:45.888587, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0034
000a auth_len : 0000
000c call_id : 0000000b
[2013/12/20 16:30:45.888653, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000001c
0014 context_id: 0000
0016 opnum : 0025
[2013/12/20 16:30:45.888681, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.888698, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52,
this_data=52, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.888716, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7c970
[2013/12/20 16:30:45.888730, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 30
[2013/12/20 16:30:45.888744, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.888756, 10] ../lib/util/util.c:278(_dump_data)
[0000] B0 F3 CD 5B 84 F1 0A DE ...[....
[2013/12/20 16:30:45.888778, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.888792, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.889663, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 31
[2013/12/20 16:30:45.889691, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 31: got good SMB signature of
[2013/12/20 16:30:45.889712, 10] ../lib/util/util.c:278(_dump_data)
[0000] 04 BE 98 5E 06 67 C6 E5 ...^.g..
[2013/12/20 16:30:45.889737, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7c970 "tevent_req_timedout"
[2013/12/20 16:30:45.889755, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 001c
000a auth_len : 0000
000c call_id : 0000000b
[2013/12/20 16:30:45.889821, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7c970
[2013/12/20 16:30:45.889851, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7c970
[2013/12/20 16:30:45.889866, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000004
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.889899, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0
[2013/12/20 16:30:45.889912, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.889925, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 8 bytes.
[2013/12/20 16:30:45.889944, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_SetUserInfo: struct samr_SetUserInfo
out: struct samr_SetUserInfo
result : NT_STATUS_OK
[2013/12/20 16:30:45.890022, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_SetUserInfo2: struct samr_SetUserInfo2
in: struct samr_SetUserInfo2
user_handle : *
user_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 44b94794-e84c-4039-b91c-cbd77709aad4
level : UserInternal5InformationNew (26)
info : *
info : union samr_UserInfo(case 26)
info26: struct samr_UserInfo26
password: struct samr_CryptPasswordEx
data :
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
password_expired : 0x00 (0)
[2013/12/20 16:30:45.890233, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0245
000a auth_len : 0000
000c call_id : 0000000c
[2013/12/20 16:30:45.890308, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 0000022d
0014 context_id: 0000
0016 opnum : 003a
[2013/12/20 16:30:45.890337, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.890354, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=581,
this_data=581, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.890373, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7d6c0
[2013/12/20 16:30:45.890387, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 32
[2013/12/20 16:30:45.890403, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.890415, 10] ../lib/util/util.c:278(_dump_data)
[0000] 63 87 BC CE 69 89 27 BD c...i.'.
[2013/12/20 16:30:45.890437, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.890451, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.939932, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 33
[2013/12/20 16:30:45.939963, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 33: got good SMB signature of
[2013/12/20 16:30:45.939976, 10] ../lib/util/util.c:278(_dump_data)
[0000] A7 8B AA 68 05 F4 37 B3 ...h..7.
[2013/12/20 16:30:45.940000, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7d6c0 "tevent_req_timedout"
[2013/12/20 16:30:45.940017, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 001c
000a auth_len : 0000
000c call_id : 0000000c
[2013/12/20 16:30:45.940082, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0
[2013/12/20 16:30:45.940096, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0
[2013/12/20 16:30:45.940109, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000004
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.940141, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0
[2013/12/20 16:30:45.940154, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.940167, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 8 bytes.
[2013/12/20 16:30:45.940190, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_SetUserInfo2: struct samr_SetUserInfo2
out: struct samr_SetUserInfo2
result : NT_STATUS_OK
[2013/12/20 16:30:45.940222, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 6262cece-f30f-478e-b8cf-8c6631a80dc6
[2013/12/20 16:30:45.940277, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002c
000a auth_len : 0000
000c call_id : 0000000d
[2013/12/20 16:30:45.940351, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000014
0014 context_id: 0000
0016 opnum : 0001
[2013/12/20 16:30:45.940381, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.940399, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44,
this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.940418, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7d910
[2013/12/20 16:30:45.940432, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 34
[2013/12/20 16:30:45.940445, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.940457, 10] ../lib/util/util.c:278(_dump_data)
[0000] 80 A8 94 28 37 C9 D5 21 ...(7..!
[2013/12/20 16:30:45.940480, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.940493, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.941020, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 35
[2013/12/20 16:30:45.941047, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 35: got good SMB signature of
[2013/12/20 16:30:45.941060, 10] ../lib/util/util.c:278(_dump_data)
[0000] 2D 07 D8 C4 C5 46 DF 75 -....F.u
[2013/12/20 16:30:45.941083, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7d910 "tevent_req_timedout"
[2013/12/20 16:30:45.941101, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 0000000d
[2013/12/20 16:30:45.941166, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d910
[2013/12/20 16:30:45.941179, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d910
[2013/12/20 16:30:45.941192, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.941224, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.941237, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.941250, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.941269, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2013/12/20 16:30:45.941326, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5
[2013/12/20 16:30:45.941388, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002c
000a auth_len : 0000
000c call_id : 0000000e
[2013/12/20 16:30:45.941452, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000014
0014 context_id: 0000
0016 opnum : 0001
[2013/12/20 16:30:45.941480, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.941497, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44,
this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.941515, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7da50
[2013/12/20 16:30:45.941529, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 36
[2013/12/20 16:30:45.941542, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.941554, 10] ../lib/util/util.c:278(_dump_data)
[0000] CF DC B5 3B 73 78 48 4E ...;sxHN
[2013/12/20 16:30:45.941576, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.941590, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.942089, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 37
[2013/12/20 16:30:45.942116, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 37: got good SMB signature of
[2013/12/20 16:30:45.942129, 10] ../lib/util/util.c:278(_dump_data)
[0000] 68 AE 49 5E 27 84 E7 09 h.I^'...
[2013/12/20 16:30:45.942152, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7da50 "tevent_req_timedout"
[2013/12/20 16:30:45.942169, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 0000000e
[2013/12/20 16:30:45.942235, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a710
[2013/12/20 16:30:45.942248, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a710
[2013/12/20 16:30:45.942261, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.942293, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.942307, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.942320, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.942339, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2013/12/20 16:30:45.942404, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 44b94794-e84c-4039-b91c-cbd77709aad4
[2013/12/20 16:30:45.942456, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002c
000a auth_len : 0000
000c call_id : 0000000f
[2013/12/20 16:30:45.942521, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000014
0014 context_id: 0000
0016 opnum : 0001
[2013/12/20 16:30:45.942548, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send)
rpc_api_pipe: host server.domain.local
[2013/12/20 16:30:45.942565, 10] libsmb/clitrans.c:925(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44,
this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0
[2013/12/20 16:30:45.942583, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7da50
[2013/12/20 16:30:45.942598, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 38
[2013/12/20 16:30:45.942611, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.942623, 10] ../lib/util/util.c:278(_dump_data)
[0000] A6 03 8C A2 D0 9A 6E C6 ......n.
[2013/12/20 16:30:45.942646, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.942659, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.943127, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 39
[2013/12/20 16:30:45.943154, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 39: got good SMB signature of
[2013/12/20 16:30:45.943167, 10] ../lib/util/util.c:278(_dump_data)
[0000] 07 8F 4E F0 31 B8 F7 7B ..N.1..{
[2013/12/20 16:30:45.943191, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7da50 "tevent_req_timedout"
[2013/12/20 16:30:45.943208, 5] rpc_parse/parse_prs.c:89(prs_debug)
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 0000000f
[2013/12/20 16:30:45.943274, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7c970
[2013/12/20 16:30:45.943288, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7c970
[2013/12/20 16:30:45.943301, 5] rpc_parse/parse_prs.c:89(prs_debug)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
[2013/12/20 16:30:45.943333, 10]
rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2013/12/20 16:30:45.943346, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
[2013/12/20 16:30:45.943359, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu)
rpc_api_pipe: host server.domain.local returned 48 bytes.
[2013/12/20 16:30:45.943387, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2013/12/20 16:30:45.943448, 11] lib/events.c:321(s3_event_debug)
s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7a780
[2013/12/20 16:30:45.943462, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 40
[2013/12/20 16:30:45.943476, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.943487, 10] ../lib/util/util.c:278(_dump_data)
[0000] AE A1 07 79 99 21 B9 3F ...y.!.?
[2013/12/20 16:30:45.943510, 11] lib/events.c:321(s3_event_debug)
s3_event: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.943523, 11] lib/events.c:321(s3_event_debug)
s3_event: Run immediate event "tevent_queue_immediate_trigger":
0x7f9bf8e57040
[2013/12/20 16:30:45.943906, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 41
[2013/12/20 16:30:45.943934, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 41: got good SMB signature of
[2013/12/20 16:30:45.943946, 10] ../lib/util/util.c:278(_dump_data)
[0000] B3 C0 EB 4B 9E AA 00 95 ...K....
[2013/12/20 16:30:45.943969, 11] lib/events.c:321(s3_event_debug)
s3_event: Destroying timer event 0x7f9bf8e7a780 "tevent_req_timedout"
[2013/12/20 16:30:45.943984, 10]
rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor)
rpc_pipe_destructor: closed \samr
[2013/12/20 16:30:45.944010, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
Locking key 534543524554532F5349442F503250
[2013/12/20 16:30:45.944033, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
Allocated locked data 0x0x7f9bf8e7e400
[2013/12/20 16:30:45.944049, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
Unlocking key 534543524554532F5349442F503250
[2013/12/20 16:30:45.944085, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
Locking key 534543524554532F4D414348494E455F50415353574F52442E505245562F503250
[2013/12/20 16:30:45.944101, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
Allocated locked data 0x0x7f9bf8e7a000
[2013/12/20 16:30:45.944120, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
Unlocking key 534543524554532F4D414348494E455F50415353574F52442E505245562F503250
[2013/12/20 16:30:45.949841, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
Locking key 534543524554532F4D414348494E455F50415353574F52442F503250
[2013/12/20 16:30:45.949874, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
Allocated locked data 0x0x7f9bf8e7b770
[2013/12/20 16:30:45.949892, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
Unlocking key 534543524554532F4D414348494E455F50415353574F52442F503250
[2013/12/20 16:30:45.956476, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
Locking key 534543524554532F4D414348494E455F4C4153545F4348414E47455F54494D452F503250
[2013/12/20 16:30:45.956507, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
Allocated locked data 0x0x7f9bf8e7a000
[2013/12/20 16:30:45.956524, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
Unlocking key 534543524554532F4D414348494E455F4C4153545F4348414E47455F54494D452F503250
[2013/12/20 16:30:45.961813, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
Locking key 534543524554532F4D414348494E455F5345435F4348414E4E454C5F545950452F503250
[2013/12/20 16:30:45.961844, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
Allocated locked data 0x0x7f9bf8e58740
[2013/12/20 16:30:45.961859, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
Unlocking key 534543524554532F4D414348494E455F5345435F4348414E4E454C5F545950452F503250
[2013/12/20 16:30:45.961891, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 42
[2013/12/20 16:30:45.961906, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2013/12/20 16:30:45.961918, 10] ../lib/util/util.c:278(_dump_data)
[0000] FD BE 0D 26 4E 92 62 4F ...&N.bO
[2013/12/20 16:30:45.961940, 6] libsmb/clientgen.c:323(write_socket)
write_socket(7,39)
[2013/12/20 16:30:45.961965, 6] libsmb/clientgen.c:326(write_socket)
write_socket(7,39) wrote 39
[2013/12/20 16:30:45.962399, 10] lib/util_sock.c:731(read_smb_length_return_keepalive)
got smb length of 35
[2013/12/20 16:30:45.962431, 5] lib/util.c:617(show_msg)
[2013/12/20 16:30:45.962440, 5] lib/util.c:627(show_msg)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=2048
smb_pid=20998
smb_uid=2048
smb_mid=24
smt_wct=0
smb_bcc=0
[2013/12/20 16:30:45.962494, 10] libsmb/smb_signing.c:115(smb_signing_md5)
smb_signing_md5: sequence number 43
[2013/12/20 16:30:45.962507, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu)
smb_signing_check_pdu: seq 43: got good SMB signature of
[2013/12/20 16:30:45.962519, 10] ../lib/util/util.c:278(_dump_data)
[0000] 8A 70 3C 58 5A 93 74 A0 .p<XZ.t.
[2013/12/20 16:30:45.962574, 10] libsmb/namequery.c:112(saf_join_store)
saf_join_store: domain = [domain], server = [server.domain.local], expire =
[1387582245]
[2013/12/20 16:30:45.962597, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = SAFJOIN/DOMAIN/domain and timeout = Fri Dec 20 17:30:45
2013
(3600 seconds ahead)
[2013/12/20 16:30:45.962634, 10] libsmb/namequery.c:112(saf_join_store)
saf_join_store: domain = [domain.local], server = [server.domain.local], expire =
[1387582245]
[2013/12/20 16:30:45.962649, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = SAFJOIN/DOMAIN/domain.local and timeout = Fri Dec 20
17:30:45 2013
(3600 seconds ahead)
[2013/12/20 16:30:45.962937, 11] libads/ldap.c:602(ads_connect)
ads_connect: entering
ads: struct ads_struct
is_mine : true
ads: struct server
realm : 'domain.local'
workgroup : 'domain'
ldap_server : 'server.domain.local'
foreign : false
ads: struct auth
realm : NULL
password : '(PASSWORD ommited)'
user_name : 'Administrator'
kdc_server : NULL
flags : 0x00000100 (256)
0: ADS_AUTH_DISABLE_KERBEROS
0: ADS_AUTH_NO_BIND
0: ADS_AUTH_ANON_BIND
0: ADS_AUTH_SIMPLE_BIND
0: ADS_AUTH_ALLOW_NTLMSSP
0: ADS_AUTH_SASL_SIGN
0: ADS_AUTH_SASL_SEAL
0: ADS_AUTH_SASL_FORCE
time_offset : 0x00000000 (0)
tgt_expire : (time_t)0
tgs_expire : (time_t)0
renewable : (time_t)0
ads: struct config
flags : 0x00000000 (0)
0: DS_SERVER_PDC
0: DS_SERVER_GC
0: DS_SERVER_LDAP
0: DS_SERVER_DS
0: DS_SERVER_KDC
0: DS_SERVER_TIMESERV
0: DS_SERVER_CLOSEST
0: DS_SERVER_WRITABLE
0: DS_SERVER_GOOD_TIMESERV
0: DS_SERVER_NDNC
0: DS_SERVER_SELECT_SECRET_DOMAIN_6
0: DS_SERVER_FULL_SECRET_DOMAIN_6
0: DS_DNS_CONTROLLER
0: DS_DNS_DOMAIN
0: DS_DNS_FOREST
realm : NULL
bind_path : NULL
ldap_server_name : NULL
server_site_name : NULL
client_site_name : NULL
current_time : (time_t)0
schema_path : NULL
config_path : NULL
ads: struct ldap
ld : NULL
ss :
last_attempt : Fri 20 Dec 2013 04:30:45 PM CST CST
port : 0x00000000 (0)
wrap_type : 0x0001 (1)
sbiod : NULL
mem_ctx : NULL
wrap_ops : NULL
wrap_private_data : NULL
ads: struct in
ofs : 0x00000000 (0)
needed : 0x00000000 (0)
left : 0x00000000 (0)
max_wrapped : 0x00000000 (0)
min_wrapped : 0x00000000 (0)
size : 0x00000000 (0)
buf: ARRAY(0)
ads: struct out
ofs : 0x00000000 (0)
left : 0x00000000 (0)
max_unwrapped : 0x00000000 (0)
sig_size : 0x00000000 (0)
size : 0x00000000 (0)
buf: ARRAY(0)
[2013/12/20 16:30:45.963275, 10] lib/gencache.c:345(gencache_get_data_blob)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/domain.local, value =
Default-First-Site-Name, timeout = Mon Jan 18 21:14:07 2038
[2013/12/20 16:30:45.963309, 5] libads/dns.c:810(sitename_fetch)
sitename_fetch: Returning sitename for domain.local:
"Default-First-Site-Name"
[2013/12/20 16:30:45.963324, 10] libsmb/namequery.c:1400(internal_resolve_name)
internal_resolve_name: looking up server.domain.local#20 (sitename
Default-First-Site-Name)
[2013/12/20 16:30:45.963343, 10] lib/gencache.c:345(gencache_get_data_blob)
Returning valid cache entry: key = NBT/server.domain.local#20, value =
SERVER-IP-ADDRESS173:0, timeout = Fri Dec 20 16:41:32 2013
[2013/12/20 16:30:45.963363, 5] libsmb/namecache.c:192(namecache_fetch)
name server.domain.local#20 found.
[2013/12/20 16:30:45.963409, 5] libads/ldap.c:226(ads_try_connect)
ads_try_connect: sending CLDAP request to SERVER-IP-ADDRESS173 (realm: domain.local)
[2013/12/20 16:30:45.964265, 10] libads/dns.c:775(sitename_store)
sitename_store: realm = [domain], sitename = [Default-First-Site-Name], expire =
[2147483647]
[2013/12/20 16:30:45.964294, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = AD_SITENAME/DOMAIN/domain and timeout = Mon Jan 18
21:14:07 2038
(759905002 seconds ahead)
[2013/12/20 16:30:45.964335, 10] libads/dns.c:775(sitename_store)
sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire =
[2147483647]
[2013/12/20 16:30:45.964351, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = AD_SITENAME/DOMAIN/domain.local and timeout = Mon Jan 18
21:14:07 2038
(759905002 seconds ahead)
[2013/12/20 16:30:45.964387, 3] libads/ldap.c:634(ads_connect)
Successfully contacted LDAP server SERVER-IP-ADDRESS173
[2013/12/20 16:30:45.964404, 10] libads/ldap.c:62(ldap_open_with_timeout)
Opening connection to LDAP server 'server.domain.local:389', timeout 15 seconds
[2013/12/20 16:30:45.965502, 10] libads/ldap.c:76(ldap_open_with_timeout)
Connected to LDAP server 'server.domain.local:389'
[2013/12/20 16:30:45.965534, 3] libads/ldap.c:688(ads_connect)
Connected to LDAP server server.domain.local
[2013/12/20 16:30:45.965550, 10] libads/ldap.c:165(ads_closest_dc)
ads_closest_dc: NBT_SERVER_CLOSEST flag set
[2013/12/20 16:30:45.965575, 10] libsmb/namequery.c:83(saf_store)
saf_store: domain = [domain], server = [server.domain.local], expire = [1387579545]
[2013/12/20 16:30:45.965615, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = SAF/DOMAIN/domain and timeout = Fri Dec 20 16:45:45 2013
(900 seconds ahead)
[2013/12/20 16:30:45.965653, 10] libsmb/namequery.c:83(saf_store)
saf_store: domain = [domain.local], server = [server.domain.local], expire =
[1387579545]
[2013/12/20 16:30:45.965670, 10] lib/gencache.c:180(gencache_set_data_blob)
Adding cache entry with key = SAF/DOMAIN/domain.local and timeout = Fri Dec 20 16:45:45
2013
(900 seconds ahead)
[2013/12/20 16:30:45.966165, 4] libads/ldap.c:2852(ads_current_time)
time offset is 0 seconds
[2013/12/20 16:30:45.966546, 4] libads/sasl.c:1114(ads_sasl_bind)
Found SASL mechanism GSS-SPNEGO
[2013/12/20 16:30:45.967046, 3] libads/sasl.c:782(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2013/12/20 16:30:45.967071, 3] libads/sasl.c:782(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2013/12/20 16:30:45.967083, 3] libads/sasl.c:782(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2013/12/20 16:30:45.967095, 3] libads/sasl.c:782(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2013/12/20 16:30:45.967107, 3] libads/sasl.c:782(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2013/12/20 16:30:45.967118, 3] libads/sasl.c:791(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore
[2013/12/20 16:30:45.967436, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2013/12/20 16:30:45.967495, 10] libads/sasl.c:812(ads_sasl_spnego_bind)
ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit
[2013/12/20 16:30:45.967578, 10] libads/kerberos.c:188(kerberos_kinit_password_ext)
kerberos_kinit_password: as Administrator(a)domain.local using [MEMORY:net_ads] as ccache
and config [(null)]
[2013/12/20 16:30:45.984471, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Sat, 21 Dec 2013
02:30:45 CST
[2013/12/20 16:30:45.984511, 10] libsmb/clikrb5.c:821(ads_krb5_mk_req)
ads_krb5_mk_req: Ticket (ldap/server.domain.local(a)domain.local) in ccache
(MEMORY:net_ads) is valid until: (Sat, 21 Dec 2013 02:30:45 CST - 1387614645)
[2013/12/20 16:30:45.984537, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2013/12/20 16:30:45.987578, 10] libsmb/clikrb5.c:1036(get_krb5_smb_session_key)
Got KRB5 session key of length 16
[2013/12/20 16:30:45.988339, 0] libads/sasl.c:821(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
[2013/12/20 16:30:45.988812, 11] libads/ldap.c:730(ads_connect)
ads_connect: leaving with: Invalid credentials
ads: struct ads_struct
is_mine : true
ads: struct server
realm : 'domain.local'
workgroup : 'domain'
ldap_server : 'server.domain.local'
foreign : false
ads: struct auth
realm : 'domain.local'
password : '(PASSWORD ommited)'
user_name : 'Administrator'
kdc_server : 'SERVER-IP-ADDRESS173'
flags : 0x00000100 (256)
0: ADS_AUTH_DISABLE_KERBEROS
0: ADS_AUTH_NO_BIND
0: ADS_AUTH_ANON_BIND
0: ADS_AUTH_SIMPLE_BIND
0: ADS_AUTH_ALLOW_NTLMSSP
0: ADS_AUTH_SASL_SIGN
0: ADS_AUTH_SASL_SEAL
0: ADS_AUTH_SASL_FORCE
time_offset : 0x00000000 (0)
tgt_expire : Sat 21 Dec 2013 02:30:45 AM CST CST
tgs_expire : Sat 21 Dec 2013 02:30:45 AM CST CST
renewable : (time_t)0
ads: struct config
flags : 0x000033fd (13309)
1: DS_SERVER_PDC
1: DS_SERVER_GC
1: DS_SERVER_LDAP
1: DS_SERVER_DS
1: DS_SERVER_KDC
1: DS_SERVER_TIMESERV
1: DS_SERVER_CLOSEST
1: DS_SERVER_WRITABLE
1: DS_SERVER_GOOD_TIMESERV
0: DS_SERVER_NDNC
0: DS_SERVER_SELECT_SECRET_DOMAIN_6
1: DS_SERVER_FULL_SECRET_DOMAIN_6
0: DS_DNS_CONTROLLER
0: DS_DNS_DOMAIN
0: DS_DNS_FOREST
realm : 'domain.local'
bind_path : 'dc=domain,dc=LOCAL'
ldap_server_name : 'server.domain.local'
server_site_name : 'Default-First-Site-Name'
client_site_name : 'Default-First-Site-Name'
current_time : Fri 20 Dec 2013 04:30:45 PM CST CST
schema_path : NULL
config_path : NULL
ads: struct ldap
ld : *
ss : SERVER-IP-ADDRESS173
last_attempt : Fri 20 Dec 2013 04:30:45 PM CST CST
port : 0x00000185 (389)
wrap_type : 0x0001 (1)
sbiod : NULL
mem_ctx : *
wrap_ops : NULL
wrap_private_data : NULL
ads: struct in
ofs : 0x00000000 (0)
needed : 0x00000000 (0)
left : 0x00000000 (0)
max_wrapped : 0x00000000 (0)
min_wrapped : 0x00000000 (0)
size : 0x00000000 (0)
buf: ARRAY(0)
ads: struct out
ofs : 0x00000000 (0)
left : 0x00000000 (0)
max_unwrapped : 0x00000000 (0)
sig_size : 0x00000000 (0)
size : 0x00000000 (0)
buf: ARRAY(0)
[2013/12/20 16:30:45.989210, 1] libnet/libnet_join.c:1994(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'domain'
dns_domain_name : 'domain.local'
forest_name : 'domain.local'
dn : NULL
domain_sid : *
domain_sid : S-1-5-21-404543544-4040226311-1825311824
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: Invalid
credentials'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
[2013/12/20 16:30:45.989291, 10] intl/lang_tdb.c:138(lang_tdb_init)
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
[2013/12/20 16:30:45.989334, 2] utils/net.c:916(main)
return code = -1
Failed to join domain: failed to connect to AD: Invalid credentials
Bryan