[2006/03/15 14:26:43, 5] rpc_parse/parse_prs.c:(84) 000000 net_io_r_auth_2 [2006/03/15 14:26:43, 6] rpc_parse/parse_prs.c:(84) 000000 smb_io_chal [2006/03/15 14:26:43, 5] rpc_parse/parse_prs.c:(819) 0000 data: 00 00 00 00 00 00 00 00 [2006/03/15 14:26:43, 6] rpc_parse/parse_prs.c:(84) 000008 net_io_neg_flags [2006/03/15 14:26:43, 5] rpc_parse/parse_prs.c:(703) 0008 neg_flags: 400701ff [2006/03/15 14:26:43, 5] rpc_parse/parse_prs.c:(762) 000c status: NT_STATUS_NO_TRUST_SAM_ACCOUNT [2006/03/15 14:26:43, 6] libsmb/clientgen.c:(132) write_socket(16,45) [2006/03/15 14:26:43, 6] libsmb/clientgen.c:(135) write_socket(16,45) wrote 45 [2006/03/15 14:26:43, 10] lib/util_sock.c:(618) got smb length of 35 [2006/03/15 14:26:43, 5] lib/util.c:(454) [2006/03/15 14:26:43, 5] lib/util.c:(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=22534 smb_pid=12196 smb_uid=20482 smb_mid=165 smt_wct=0 smb_bcc=0 [2006/03/15 14:26:43, 10] libsmb/clientgen.c:(375) cli_rpc_pipe_close: closed pipe \NETLOGON to machine CIFS-DC [2006/03/15 14:26:43, 5] nsswitch/winbindd_ads.c:(891) trusted_domains: Could not open a connection to CIFS-DOMAIN for PIPE_NETLOGON (NT_STATUS_NO_TRUST_SAM_ACCOUNT) [2006/03/15 14:26:43, 10] nsswitch/winbindd_cache.c:(1494) Storing response for pid 12196, len 1300 [2006/03/15 14:30:19, 10] lib/util_sock.c:(520) read_data: read of 1836 returned 0. Error = Error 0 [2006/03/15 14:30:19, 0] nsswitch/winbindd_dual.c:(49) Got invalid request length: 0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=10.1.1.30 bcast=10.255.255.255 nmask=255.0.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.91 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.92 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.93 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.94 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 5] lib/util.c:(260) Netbios name list:- my_netbios_names[0]="AURORA" [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=10.1.1.30 bcast=10.255.255.255 nmask=255.0.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.91 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.92 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.93 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.94 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 5] lib/gencache.c:(59) Opening cache file at /tmp/gencache.tdb [2006/03/15 14:30:23, 5] libsmb/namecache.c:(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2006/03/15 14:30:23, 5] sam/idmap.c:(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2006/03/15 14:30:23, 5] sam/idmap.c:(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2006/03/15 14:30:23, 10] sam/idmap_tdb.c:(500) db_idmap_init: Opening tdbfile /tmp/winbindd_idmap.tdb [2006/03/15 14:30:23, 8] lib/util.c:(1820) fcntl_lock 8 34 0 1 2 [2006/03/15 14:30:23, 8] lib/util.c:(1855) fcntl_lock: Lock call successful [2006/03/15 14:30:23, 4] lib/time.c:(142) TimeInit: Serverzone is -7200 [2006/03/15 14:30:23, 2] lib/tallocmsg.c:(61) Registered MSG_REQ_POOL_USAGE [2006/03/15 14:30:23, 2] lib/dmallocmsg.c:(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2006/03/15 14:30:23, 2] nsswitch/winbindd_util.c:(173) Added domain CIFS-DOMAIN S-1-5-21-725345543-1844237615-2146883605 [2006/03/15 14:30:23, 2] nsswitch/winbindd_util.c:(173) Added domain BUILTIN S-1-5-32 [2006/03/15 14:30:23, 2] nsswitch/winbindd_util.c:(173) Added domain AURORA S-1-5-21-2040308238-506828212-2346554114 [2006/03/15 14:30:23, 10] nsswitch/winbindd_util.c:(906) open_winbindd_socket: opened socket fd 11 [2006/03/15 14:30:23, 10] nsswitch/winbindd_util.c:(918) open_winbindd_priv_socket: opened socket fd 13 [2006/03/15 14:30:23, 4] nsswitch/winbindd_dual.c:(512) child daemon request 40 [2006/03/15 14:30:23, 10] nsswitch/winbindd_dual.c:(388) process_request: request fn INIT_CONNECTION [2006/03/15 14:30:23, 8] nsswitch/winbindd_cm.c:(849) Connection to for domain CIFS-DOMAIN has NULL cli! [2006/03/15 14:30:23, 4] passdb/secrets.c:(282) Using cleartext machine password [2006/03/15 14:30:23, 8] libsmb/namequery.c:(1433) get_sorted_dc_list: attempting lookup using [wins host bcast] [2006/03/15 14:30:23, 10] libsmb/namequery.c:(1028) internal_resolve_name: looking up CIFS-DOMAIN#1c [2006/03/15 14:30:23, 10] lib/gencache.c:(272) Returning expired cache entry: key = NBT/CIFS-DOMAIN#1C, value = 172.16.20.227:0,10.10.10.1:0, timeout = Mon Mar 13 21:40:35 2006 [2006/03/15 14:30:23, 5] libsmb/namecache.c:(195) no entry for CIFS-DOMAIN#1C found. [2006/03/15 14:30:23, 10] lib/gencache.c:(217) Deleting cache entry (key = NBT/CIFS-DOMAIN#1C) [2006/03/15 14:30:23, 3] libsmb/namequery.c:(752) resolve_wins: Attempting wins lookup for name CIFS-DOMAIN<0x1c> [2006/03/15 14:30:23, 10] lib/gencache.c:(272) Returning expired cache entry: key = WINS_SRV_DEAD/172.16.20.227,0.0.0.0, value = DOWN, timeout = Mon Mar 13 21:04:12 2006 [2006/03/15 14:30:23, 4] lib/wins_srv.c:(111) wins_srv_is_dead: 172.16.20.227 is alive [2006/03/15 14:30:23, 6] lib/wins_srv.c:(308) Current wins server for tag '*' with source 0.0.0.0 is 172.16.20.227 [2006/03/15 14:30:23, 10] lib/gencache.c:(272) Returning expired cache entry: key = WINS_SRV_DEAD/172.16.20.227,0.0.0.0, value = DOWN, timeout = Mon Mar 13 21:04:12 2006 [2006/03/15 14:30:23, 4] lib/wins_srv.c:(111) wins_srv_is_dead: 172.16.20.227 is alive [2006/03/15 14:30:23, 3] libsmb/namequery.c:(791) resolve_wins: using WINS server 172.16.20.227 and tag '*' [2006/03/15 14:30:23, 10] lib/util_sock.c:(835) bind succeeded on port 0 [2006/03/15 14:30:23, 5] libsmb/nmblib.c:(777) Sending a packet of len 50 to (172.16.20.227) on port 137 [2006/03/15 14:30:23, 10] lib/util_sock.c:(289) read_udp_socket: lastip 10.10.10.1 lastport 137 read: 56 [2006/03/15 14:30:23, 10] libsmb/nmblib.c:(506) parse_nmb: packet id = 22930 [2006/03/15 14:30:23, 5] libsmb/nmblib.c:(755) Received a packet of len 56 from (10.10.10.1) port 137 [2006/03/15 14:30:23, 4] libsmb/nmblib.c:(112) nmb packet from 10.10.10.1(137) header: id=22930 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=3 qdcount=0 ancount=0 nscount=0 arcount=0 [2006/03/15 14:30:23, 3] libsmb/namequery.c:(440) Negative name query response, rcode 0x03: The name requested does not exist. [2006/03/15 14:30:23, 5] libsmb/namequery.c:(910) resolve_hosts: not appropriate for name type <0x1c> [2006/03/15 14:30:23, 3] libsmb/namequery.c:(694) name_resolve_bcast: Attempting broadcast lookup for name CIFS-DOMAIN<0x1c> [2006/03/15 14:30:23, 10] lib/util_sock.c:(835) bind succeeded on port 0 [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option SO_KEEPALIVE = 0 [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option SO_REUSEADDR = 4 [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option SO_BROADCAST = 32 [2006/03/15 14:30:23, 5] lib/util_sock.c:(204) Could not test socket option TCP_NODELAY. [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option IPTOS_LOWDELAY = 0 [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option IPTOS_THROUGHPUT = 0 [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option SO_SNDBUF = 57344 [2006/03/15 14:30:23, 5] lib/util_sock.c:(206) socket option SO_RCVBUF = 57344 [2006/03/15 14:30:23, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDLOWAT. [2006/03/15 14:30:23, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVLOWAT. [2006/03/15 14:30:23, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDTIMEO. [2006/03/15 14:30:23, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVTIMEO. [2006/03/15 14:30:23, 5] libsmb/nmblib.c:(777) Sending a packet of len 50 to (10.255.255.255) on port 137 [2006/03/15 14:30:23, 10] lib/util_sock.c:(289) read_udp_socket: lastip 10.10.10.1 lastport 137 read: 68 [2006/03/15 14:30:23, 10] libsmb/nmblib.c:(506) parse_nmb: packet id = 7402 [2006/03/15 14:30:23, 5] libsmb/nmblib.c:(755) Received a packet of len 68 from (10.10.10.1) port 137 [2006/03/15 14:30:23, 4] libsmb/nmblib.c:(112) nmb packet from 10.10.10.1(137) header: id=7402 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CIFS-DOMAIN<1c> rr_type=32 rr_class=1 ttl=300000 answers 0 char ............ hex E0000A0A0A01E000AC1014E3 [2006/03/15 14:30:23, 2] libsmb/namequery.c:(492) Got a positive name query response from 10.10.10.1 ( 10.10.10.1 172.16.20.227 ) [2006/03/15 14:30:23, 10] libsmb/namequery.c:(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/03/15 14:30:23, 5] libsmb/namecache.c:(131) namecache_store: storing 2 addresses for CIFS-DOMAIN#1c: 172.16.20.227:0,10.10.10.1:0 [2006/03/15 14:30:23, 10] lib/gencache.c:(130) Adding cache entry with key = NBT/CIFS-DOMAIN#1C; value = 172.16.20.227:0,10.10.10.1:0 and timeout = Wed Mar 15 14:41:23 2006 (660 seconds ahead) [2006/03/15 14:30:23, 10] libsmb/namequery.c:(1145) internal_resolve_name: returning 2 addresses: 172.16.20.227:0 10.10.10.1:0 [2006/03/15 14:30:23, 8] libsmb/namequery.c:(1316) Adding 2 DC's from auto lookup [2006/03/15 14:30:23, 10] libsmb/namequery.c:(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/03/15 14:30:23, 4] libsmb/namequery.c:(1406) get_dc_list: returning 2 ip addresses in an unordered list [2006/03/15 14:30:23, 4] libsmb/namequery.c:(1407) get_dc_list: 172.16.20.227:0 10.10.10.1:0 [2006/03/15 14:30:23, 8] lib/util.c:(1820) fcntl_lock 12 34 0 1 1 [2006/03/15 14:30:23, 3] lib/util.c:(1831) fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) [2006/03/15 14:30:23, 3] lib/util.c:(1850) fcntl_lock: lock failed at offset 0 count 1 op 34 type 1 (Resource temporarily unavailable) [2006/03/15 14:30:23, 4] libsmb/clidgram.c:(100) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from AURORA<00> to CIFS-DOMAIN<1c> IP 172.16.20.227 [2006/03/15 14:30:24, 5] nsswitch/winbindd_cm.c:(524) Received packet for \MAILSLOT\NET\GETDCAC1014E3 [2006/03/15 14:30:24, 8] nsswitch/winbindd_cm.c:(540) GetDC got invalid response type 21 [2006/03/15 14:30:24, 5] nsswitch/winbindd_cm.c:(524) Received packet for \MAILSLOT\NET\GETDCAC1014E3 [2006/03/15 14:30:24, 8] nsswitch/winbindd_cm.c:(540) GetDC got invalid response type 21 [2006/03/15 14:30:25, 5] nsswitch/winbindd_cm.c:(524) Received packet for \MAILSLOT\NET\GETDCAC1014E3 [2006/03/15 14:30:25, 8] nsswitch/winbindd_cm.c:(540) GetDC got invalid response type 21 [2006/03/15 14:30:25, 5] nsswitch/winbindd_cm.c:(524) Received packet for \MAILSLOT\NET\GETDCAC1014E3 [2006/03/15 14:30:25, 8] nsswitch/winbindd_cm.c:(540) GetDC got invalid response type 21 [2006/03/15 14:30:26, 5] nsswitch/winbindd_cm.c:(524) Received packet for \MAILSLOT\NET\GETDCAC1014E3 [2006/03/15 14:30:26, 8] nsswitch/winbindd_cm.c:(540) GetDC got invalid response type 21 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(188) name_status_find: looking up CIFS-DOMAIN#1c at 172.16.20.227 [2006/03/15 14:30:26, 10] lib/gencache.c:(294) Cache entry with key = NBT/CIFS-DOMAIN#1C.20.172.16.20.227 couldn't be found [2006/03/15 14:30:26, 5] libsmb/namecache.c:(308) namecache_status_fetch: no entry for NBT/CIFS-DOMAIN#1C.20.172.16.20.227 found. [2006/03/15 14:30:26, 10] lib/gencache.c:(217) Deleting cache entry (key = NBT/CIFS-DOMAIN#1C.20.172.16.20.227) [2006/03/15 14:30:26, 10] lib/util_sock.c:(835) bind succeeded on port 0 [2006/03/15 14:30:26, 5] libsmb/nmblib.c:(777) Sending a packet of len 50 to (172.16.20.227) on port 137 [2006/03/15 14:30:26, 10] lib/util_sock.c:(289) read_udp_socket: lastip 172.16.20.227 lastport 137 read: 319 [2006/03/15 14:30:26, 10] libsmb/nmblib.c:(506) parse_nmb: packet id = 29756 [2006/03/15 14:30:26, 5] libsmb/nmblib.c:(755) Received a packet of len 319 from (172.16.20.227) port 137 [2006/03/15 14:30:26, 4] libsmb/nmblib.c:(112) nmb packet from 172.16.20.227(137) header: id=29756 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=CIFS-DOMAIN<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .CIFS-DC hex 0A434946532D44432020202020202020 answers 10 char .D.CIFS-DC hex 004400434946532D4443202020202020 answers 20 char D.CIFS-DOMAIN hex 2020204400434946532D444F4D41494E answers 30 char ...CIFS-DOMA hex 2020202000C400434946532D444F4D41 answers 40 char IN ...CIFS-DO hex 494E202020201CC400434946532D444F answers 50 char MAIN ...CIFS- hex 4D41494E202020201EC400434946532D answers 60 char DOMAIN .D.CIF hex 444F4D41494E202020201D4400434946 answers 70 char S-DC .D.. hex 532D4443202020202020202003440001 answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201C4 answers 90 char .ADMINISTRATOR hex 0041444D494E4953545241544F522020 answers a0 char .D.CIFS-DOMAIN hex 034400434946532D444F4D41494E2020 answers b0 char .D...+........ hex 20201B4400000B2B10C4A70000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char ................ hex 00000000000000000000000000000000 answers e0 char ... hex 000000 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DC#00: flags = 0x44 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DC#20: flags = 0x44 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DOMAIN#00: flags = 0xc4 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DOMAIN#1c: flags = 0xc4 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DOMAIN#1e: flags = 0xc4 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DOMAIN#1d: flags = 0x44 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DC#03: flags = 0x44 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) __MSBROWSE__#01: flags = 0xc4 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) ADMINISTRATOR#03: flags = 0x44 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(70) CIFS-DOMAIN#1b: flags = 0x44 [2006/03/15 14:30:26, 10] libsmb/namequery.c:(227) name_status_find: name found, name CIFS-DC ip address is 172.16.20.227 [2006/03/15 14:30:26, 3] nsswitch/winbindd_cm.c:(94) cm_get_ipc_userpass: No auth-user defined [2006/03/15 14:30:26, 10] passdb/secrets.c:(809) secrets_named_mutex: got mutex for CIFS-DC [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,183) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,183) wrote 183 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 177 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=177 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=12284 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]= 9344 (0x2480) smb_vwv[12]=53822 (0xD23E) smb_vwv[13]=13446 (0x3486) smb_vwv[14]=50760 (0xC648) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=108 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 48 44 59 CE 71 4D 5C 42 8F E8 60 CE D2 CC 8B 37 HDY.qM\B ..`....7 [010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 30 `Z..+... ...P0N.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1A 30 18 A0 16 1B 14 63 69 66 73 2D 64 63 24 ..0..... cifs-dc$ [060] 40 43 49 46 53 2D 44 4F 4D 41 49 4E @CIFS-DO MAIN [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=177 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=12284 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]= 9344 (0x2480) smb_vwv[12]=53822 (0xD23E) smb_vwv[13]=13446 (0x3486) smb_vwv[14]=50760 (0xC648) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=108 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 48 44 59 CE 71 4D 5C 42 8F E8 60 CE D2 CC 8B 37 HDY.qM\B ..`....7 [010] 60 5A 06 06 2B 06 01 05 05 02 A0 50 30 4E A0 30 `Z..+... ...P0N.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 1A 30 18 A0 16 1B 14 63 69 66 73 2D 64 63 24 ..0..... cifs-dc$ [060] 40 43 49 46 53 2D 44 4F 4D 41 49 4E @CIFS-DO MAIN [2006/03/15 14:30:26, 5] nsswitch/winbindd_cm.c:(297) connecting to CIFS-DC from AURORA with username [AURORA$]\[gZpkta7,FRu3Bp] [2006/03/15 14:30:26, 3] libsmb/cliconnect.c:(710) Doing spnego session setup (blob length=108) [2006/03/15 14:30:26, 3] libsmb/cliconnect.c:(735) got OID=1 2 840 48018 1 2 2 [2006/03/15 14:30:26, 3] libsmb/cliconnect.c:(735) got OID=1 2 840 113554 1 2 2 [2006/03/15 14:30:26, 3] libsmb/cliconnect.c:(735) got OID=1 2 840 113554 1 2 2 3 [2006/03/15 14:30:26, 3] libsmb/cliconnect.c:(735) got OID=1 3 6 1 4 1 311 2 2 10 [2006/03/15 14:30:26, 3] libsmb/cliconnect.c:(744) got principal=cifs-dc$@CIFS-DOMAIN [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,168) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,168) wrote 168 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 528 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=528 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=12284 smb_uid=45059 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 528 (0x210) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 411 (0x19B) smb_bcc=485 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] A1 82 01 97 30 82 01 93 A0 03 0A 01 01 A1 0C 06 ....0... ........ [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 BD 04 81 .+.....7 ........ [020] BA 4E 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 .NTLMSSP ........ [030] 00 30 00 00 00 15 02 89 60 5F 37 B2 5C 19 D0 59 .0...... `_7.\..Y [040] 63 00 00 00 00 00 00 00 00 74 00 74 00 46 00 00 c....... .t.t.F.. [050] 00 43 00 49 00 46 00 53 00 2D 00 44 00 4F 00 4D .C.I.F.S .-.D.O.M [060] 00 41 00 49 00 4E 00 02 00 16 00 43 00 49 00 46 .A.I.N.. ...C.I.F [070] 00 53 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E .S.-.D.O .M.A.I.N [080] 00 01 00 0E 00 43 00 49 00 46 00 53 00 2D 00 44 .....C.I .F.S.-.D [090] 00 43 00 04 00 16 00 63 00 69 00 66 00 73 00 2D .C.....c .i.f.s.- [0A0] 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 03 00 26 .d.o.m.a .i.n...& [0B0] 00 63 00 69 00 66 00 73 00 2D 00 64 00 63 00 2E .c.i.f.s .-.d.c.. [0C0] 00 63 00 69 00 66 00 73 00 2D 00 64 00 6F 00 6D .c.i.f.s .-.d.o.m [0D0] 00 61 00 69 00 6E 00 00 00 00 00 A3 81 BD 04 81 .a.i.n.. ........ [0E0] BA 4E 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 .NTLMSSP ........ [0F0] 00 30 00 00 00 15 02 89 60 5F 37 B2 5C 19 D0 59 .0...... `_7.\..Y [100] 63 00 00 00 00 00 00 00 00 74 00 74 00 46 00 00 c....... .t.t.F.. [110] 00 43 00 49 00 46 00 53 00 2D 00 44 00 4F 00 4D .C.I.F.S .-.D.O.M [120] 00 41 00 49 00 4E 00 02 00 16 00 43 00 49 00 46 .A.I.N.. ...C.I.F [130] 00 53 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E .S.-.D.O .M.A.I.N [140] 00 01 00 0E 00 43 00 49 00 46 00 53 00 2D 00 44 .....C.I .F.S.-.D [150] 00 43 00 04 00 16 00 63 00 69 00 66 00 73 00 2D .C.....c .i.f.s.- [160] 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 03 00 26 .d.o.m.a .i.n...& [170] 00 63 00 69 00 66 00 73 00 2D 00 64 00 63 00 2E .c.i.f.s .-.d.c.. [180] 00 63 00 69 00 66 00 73 00 2D 00 64 00 6F 00 6D .c.i.f.s .-.d.o.m [190] 00 61 00 69 00 6E 00 00 00 00 00 57 00 69 00 6E .a.i.n.. ...W.i.n [1A0] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 [1B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [1C0] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A [1D0] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e [1E0] 00 72 00 00 00 .r... [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=528 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=12284 smb_uid=45059 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 528 (0x210) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 411 (0x19B) smb_bcc=485 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] A1 82 01 97 30 82 01 93 A0 03 0A 01 01 A1 0C 06 ....0... ........ [010] 0A 2B 06 01 04 01 82 37 02 02 0A A2 81 BD 04 81 .+.....7 ........ [020] BA 4E 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 .NTLMSSP ........ [030] 00 30 00 00 00 15 02 89 60 5F 37 B2 5C 19 D0 59 .0...... `_7.\..Y [040] 63 00 00 00 00 00 00 00 00 74 00 74 00 46 00 00 c....... .t.t.F.. [050] 00 43 00 49 00 46 00 53 00 2D 00 44 00 4F 00 4D .C.I.F.S .-.D.O.M [060] 00 41 00 49 00 4E 00 02 00 16 00 43 00 49 00 46 .A.I.N.. ...C.I.F [070] 00 53 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E .S.-.D.O .M.A.I.N [080] 00 01 00 0E 00 43 00 49 00 46 00 53 00 2D 00 44 .....C.I .F.S.-.D [090] 00 43 00 04 00 16 00 63 00 69 00 66 00 73 00 2D .C.....c .i.f.s.- [0A0] 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 03 00 26 .d.o.m.a .i.n...& [0B0] 00 63 00 69 00 66 00 73 00 2D 00 64 00 63 00 2E .c.i.f.s .-.d.c.. [0C0] 00 63 00 69 00 66 00 73 00 2D 00 64 00 6F 00 6D .c.i.f.s .-.d.o.m [0D0] 00 61 00 69 00 6E 00 00 00 00 00 A3 81 BD 04 81 .a.i.n.. ........ [0E0] BA 4E 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 .NTLMSSP ........ [0F0] 00 30 00 00 00 15 02 89 60 5F 37 B2 5C 19 D0 59 .0...... `_7.\..Y [100] 63 00 00 00 00 00 00 00 00 74 00 74 00 46 00 00 c....... .t.t.F.. [110] 00 43 00 49 00 46 00 53 00 2D 00 44 00 4F 00 4D .C.I.F.S .-.D.O.M [120] 00 41 00 49 00 4E 00 02 00 16 00 43 00 49 00 46 .A.I.N.. ...C.I.F [130] 00 53 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E .S.-.D.O .M.A.I.N [140] 00 01 00 0E 00 43 00 49 00 46 00 53 00 2D 00 44 .....C.I .F.S.-.D [150] 00 43 00 04 00 16 00 63 00 69 00 66 00 73 00 2D .C.....c .i.f.s.- [160] 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 03 00 26 .d.o.m.a .i.n...& [170] 00 63 00 69 00 66 00 73 00 2D 00 64 00 63 00 2E .c.i.f.s .-.d.c.. [180] 00 63 00 69 00 66 00 73 00 2D 00 64 00 6F 00 6D .c.i.f.s .-.d.o.m [190] 00 61 00 69 00 6E 00 00 00 00 00 57 00 69 00 6E .a.i.n.. ...W.i.n [1A0] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 [1B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [1C0] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A [1D0] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e [1E0] 00 72 00 00 00 .r... [2006/03/15 14:30:26, 3] libsmb/ntlmssp.c:(917) Got challenge flags: [2006/03/15 14:30:26, 3] libsmb/ntlmssp.c:(63) Got NTLMSSP neg_flags=0x60890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2006/03/15 14:30:26, 3] libsmb/ntlmssp.c:(939) NTLMSSP: Set final flags: [2006/03/15 14:30:26, 3] libsmb/ntlmssp.c:(63) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2006/03/15 14:30:26, 5] libsmb/ntlmssp.c:(1013) NTLMSSP challenge set by NTLM2 [2006/03/15 14:30:26, 5] libsmb/ntlmssp.c:(1014) challenge is: [2006/03/15 14:30:26, 5] lib/util.c:(2058) [000] 8D 16 B2 2A 3C 99 19 7F ...*<... [2006/03/15 14:30:26, 3] libsmb/ntlmssp_sign.c:(332) NTLMSSP Sign/Seal - Initialising with flags: [2006/03/15 14:30:26, 3] libsmb/ntlmssp.c:(63) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,274) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,274) wrote 274 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 35 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=12284 smb_uid=45059 smb_mid=3 smt_wct=0 smb_bcc=0 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=12284 smb_uid=45059 smb_mid=3 smt_wct=0 smb_bcc=0 [2006/03/15 14:30:26, 4] nsswitch/winbindd_cm.c:(305) authenticated session setup failed with Logon failure [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,92) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,92) wrote 92 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 139 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=139 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=12284 smb_uid=47105 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 139 (0x8B) smb_vwv[ 2]= 0 (0x0) smb_bcc=98 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 43 00 49 00 46 .a.g.e.r ...C.I.F [050] 00 53 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E .S.-.D.O .M.A.I.N [060] 00 00 .. [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=139 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=12284 smb_uid=47105 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 139 (0x8B) smb_vwv[ 2]= 0 (0x0) smb_bcc=98 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 35 00 2E 00 30 00 00 00 57 00 69 00 6E 00 64 .5...0.. .W.i.n.d [020] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [030] 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 00 6E . .L.A.N . .M.a.n [040] 00 61 00 67 00 65 00 72 00 00 00 43 00 49 00 46 .a.g.e.r ...C.I.F [050] 00 53 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E .S.-.D.O .M.A.I.N [060] 00 00 .. [2006/03/15 14:30:26, 5] nsswitch/winbindd_cm.c:(345) Connected anonymously [2006/03/15 14:30:26, 10] libsmb/clientgen.c:(233) cli_init_creds: user domain [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,82) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,82) wrote 82 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 48 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 49 50 43 00 00 00 00 IPC.... [2006/03/15 14:30:26, 10] passdb/secrets.c:(821) secrets_named_mutex: released mutex for CIFS-DC [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,104) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,104) wrote 104 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 103 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(2044) Bind RPC Pipe[c006]: \lsarpc auth_type 0, auth_level 0 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1647) Bind Abstract Syntax: [000] 39 19 28 6A B1 0C 11 D0 9B A8 00 C0 4F D9 2E F5 9.(j.... ....O... [010] 00 00 00 00 .... [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..... ....+.H` [010] 00 00 00 02 .... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0048 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000001 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_rb [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_bba [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 max_tsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 max_rsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 assoc_gid: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0018 num_contexts: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 001c context_id : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 001e num_transfer_syntaxes: 01 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 00001f smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000020 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0020 data : 3919286a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0024 data : b10c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0026 data : 11d0 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0028 data : 9b a8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 002a data : 00 c0 4f d9 2e f5 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 version: 00000000 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000034 smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000034 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0034 data : 8a885d04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0038 data : 1ceb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 003a data : 11c9 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003c data : 9f e8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003e data : 08 00 2b 10 48 60 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0044 version: 00000002 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(770) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0xc006 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49158 (0xC006) smb_bcc=87 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,158) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,158) wrote 158 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 124 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 3D 2B 06 00 0C 00 5C 50 49 50 45 .....=+. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 3D 2B 06 00 0C 00 5C 50 49 50 45 .....=+. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0044 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000001 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(894) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0xc006 returned 68 bytes. [2006/03/15 14:30:26, 3] rpc_client/cli_pipe.c:(2081) rpc_pipe_bind: Remote machine CIFS-DC pipe \lsarpc fnum 0xc006 bind request returned ok. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0044 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000001 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_ba [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_bba [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 max_tsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 max_rsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 assoc_gid: 00062b3d [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000018 smb_io_rpc_addr_str [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0018 len: 000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 001a str: \PIPE\lsass. [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000026 smb_io_rpc_results [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0028 num_results: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 002c result : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 002e reason : 0000 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000030 smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000030 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 data : 8a885d04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0034 data : 1ceb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0036 data : 11c9 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0038 data : 9f e8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003a data : 08 00 2b 10 48 60 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0040 version: 00000002 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1701) check_bind_response: accepted! [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(2246) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine CIFS-DC and bound anonymously. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 ds_io_q_getprimdominfo [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0000 level: 0001 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 001a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000002 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 00000002 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0016 opnum : 0000 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(770) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0xc006 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49158 (0xC006) smb_bcc=41 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,112) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,112) wrote 112 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 236 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=236 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 180 (0xB4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=181 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 02 00 00 ........ ........ [010] 00 9C 00 00 00 00 00 00 00 D8 BF 3E 0B 01 00 00 ........ ...>.... [020] 00 05 00 00 00 03 00 00 01 D8 2A 0F 00 08 2D 0E ........ ..*...-. [030] 00 30 1E 41 0B 68 E2 11 76 52 8E 95 45 89 3A CE .0.A.h.. vR..E.:. [040] 59 F1 8D 21 1E 0C 00 00 00 00 00 00 00 0C 00 00 Y..!.... ........ [050] 00 43 00 49 00 46 00 53 00 2D 00 44 00 4F 00 4D .C.I.F.S .-.D.O.M [060] 00 41 00 49 00 4E 00 00 00 0C 00 00 00 00 00 00 .A.I.N.. ........ [070] 00 0C 00 00 00 63 00 69 00 66 00 73 00 2D 00 64 .....c.i .f.s.-.d [080] 00 6F 00 6D 00 61 00 69 00 6E 00 00 00 0C 00 00 .o.m.a.i .n...... [090] 00 00 00 00 00 0C 00 00 00 63 00 69 00 66 00 73 ........ .c.i.f.s [0A0] 00 2D 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 00 .-.d.o.m .a.i.n.. [0B0] 00 00 00 00 00 ..... [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=236 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 180 (0xB4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=181 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 02 03 10 00 00 00 B4 00 00 00 02 00 00 ........ ........ [010] 00 9C 00 00 00 00 00 00 00 D8 BF 3E 0B 01 00 00 ........ ...>.... [020] 00 05 00 00 00 03 00 00 01 D8 2A 0F 00 08 2D 0E ........ ..*...-. [030] 00 30 1E 41 0B 68 E2 11 76 52 8E 95 45 89 3A CE .0.A.h.. vR..E.:. [040] 59 F1 8D 21 1E 0C 00 00 00 00 00 00 00 0C 00 00 Y..!.... ........ [050] 00 43 00 49 00 46 00 53 00 2D 00 44 00 4F 00 4D .C.I.F.S .-.D.O.M [060] 00 41 00 49 00 4E 00 00 00 0C 00 00 00 00 00 00 .A.I.N.. ........ [070] 00 0C 00 00 00 63 00 69 00 66 00 73 00 2D 00 64 .....c.i .f.s.-.d [080] 00 6F 00 6D 00 61 00 69 00 6E 00 00 00 0C 00 00 .o.m.a.i .n...... [090] 00 00 00 00 00 0C 00 00 00 63 00 69 00 66 00 73 ........ .c.i.f.s [0A0] 00 2D 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 00 .-.d.o.m .a.i.n.. [0B0] 00 00 00 00 00 ..... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 02 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 00b4 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000002 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 0000009c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0016 cancel_ct : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0017 reserved : 00 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(577) cli_pipe_validate_current_pdu: got pdu len 180, data_len 156, ss_len 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(843) rpc_api_pipe: got PDU len of 180 at offset 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(894) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0xc006 returned 312 bytes. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 ds_io_r_getprimdominfo [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0000 ptr: 0b3ebfd8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0004 level: 0001 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0006 unknown0: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 machine_role: 0005 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a unknown: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c flags: 01000003 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 netbios_ptr: 000f2ad8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 dnsname_ptr: 000e2d08 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0018 forestname_ptr: 0b411e30 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 00001c smb_io_uuid domain_guid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 001c data : 7611e268 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0020 data : 8e52 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0022 data : 4595 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0024 data : 89 3a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0026 data : ce 59 f1 8d 21 1e [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 00002c smb_io_unistr2 netbios_domain [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 002c uni_max_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0034 uni_str_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0038 buffer : C.I.F.S.-.D.O.M.A.I.N... [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000050 smb_io_unistr2 dns_domain [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0050 uni_max_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0054 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0058 uni_str_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 005c buffer : c.i.f.s.-.d.o.m.a.i.n... [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000074 smb_io_unistr2 forest_domain [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0074 uni_max_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0078 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 007c uni_str_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0080 buffer : c.i.f.s.-.d.o.m.a.i.n... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(762) 0098 status: NT_STATUS_OK [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,45) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,45) wrote 45 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 35 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=9 smt_wct=0 smb_bcc=0 [2006/03/15 14:30:26, 10] libsmb/clientgen.c:(375) cli_rpc_pipe_close: closed pipe \lsarpc to machine CIFS-DC [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,104) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,104) wrote 104 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 103 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3840 (0xF00) smb_vwv[ 3]= 384 (0x180) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(2044) Bind RPC Pipe[800f]: \lsarpc auth_type 0, auth_level 0 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1647) Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AB .4Wx.4.. ...#Eg.. [010] 00 00 00 00 .... [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..... ....+.H` [010] 00 00 00 02 .... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0048 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000003 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_rb [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_bba [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 max_tsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 max_rsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 assoc_gid: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0018 num_contexts: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 001c context_id : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 001e num_transfer_syntaxes: 01 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 00001f smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000020 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0020 data : 12345778 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0024 data : 1234 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0026 data : abcd [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0028 data : ef 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 002a data : 01 23 45 67 89 ab [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 version: 00000000 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000034 smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000034 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0034 data : 8a885d04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0038 data : 1ceb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 003a data : 11c9 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003c data : 9f e8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003e data : 08 00 2b 10 48 60 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0044 version: 00000002 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(770) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32783 (0x800F) smb_bcc=87 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,158) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,158) wrote 158 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 124 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 3E 2B 06 00 0C 00 5C 50 49 50 45 .....>+. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 3E 2B 06 00 0C 00 5C 50 49 50 45 .....>+. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0044 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000003 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(894) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f returned 68 bytes. [2006/03/15 14:30:26, 3] rpc_client/cli_pipe.c:(2081) rpc_pipe_bind: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f bind request returned ok. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0044 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000003 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_ba [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_bba [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 max_tsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 max_rsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 assoc_gid: 00062b3e [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000018 smb_io_rpc_addr_str [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0018 len: 000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 001a str: \PIPE\lsass. [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000026 smb_io_rpc_results [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0028 num_results: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 002c result : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 002e reason : 0000 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000030 smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000030 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 data : 8a885d04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0034 data : 1ceb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0036 data : 11c9 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0038 data : 9f e8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003a data : 08 00 2b 10 48 60 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0040 version: 00000002 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1701) check_bind_response: accepted! [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(2246) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine CIFS-DC and bound anonymously. [2006/03/15 14:30:26, 5] rpc_parse/parse_lsa.c:(142) init_lsa_sec_qos [2006/03/15 14:30:26, 5] rpc_parse/parse_lsa.c:(325) init_q_open_pol2: attr:0 da:33554432 [2006/03/15 14:30:26, 5] rpc_parse/parse_lsa.c:(193) init_lsa_obj_attr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 lsa_io_q_open_pol2 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0000 ptr : 00000001 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000004 smb_io_unistr2 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0004 uni_max_len: 0000000a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0008 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c uni_str_len: 0000000a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0010 buffer : \.\.C.I.F.S.-.D.C... [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000024 lsa_io_obj_attr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0024 len : 00000018 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0028 ptr_root_dir: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 002c ptr_obj_name: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 attributes : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0034 ptr_sec_desc: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0038 ptr_sec_qos : 00000001 [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 00003c lsa_io_obj_qos sec_qos [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 003c len : 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0040 sec_imp_level : 0002 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0042 sec_ctxt_mode : 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0043 effective_only: 00 [2006/03/15 14:30:26, 3] rpc_parse/parse_lsa.c:(181) lsa_io_sec_qos: length c does not match size 8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0044 des_access: 02000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0060 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000004 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 00000048 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0016 opnum : 002c [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(770) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32783 (0x800F) smb_bcc=111 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 00 00 04 00 00 00 48 .......` .......H [020] 00 00 00 00 00 2C 00 01 00 00 00 0A 00 00 00 00 .....,.. ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 43 00 49 00 46 .......\ .\.C.I.F [040] 00 53 00 2D 00 44 00 43 00 00 00 18 00 00 00 00 .S.-.D.C ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ........ ........ [060] 00 00 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,182) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,182) wrote 182 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 104 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 D6 88 8A ........ ........ [020] 0D BF 63 E0 47 8F F7 4D E7 12 C1 83 7B 00 00 00 ..c.G..M ....{... [030] 00 . [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 D6 88 8A ........ ........ [020] 0D BF 63 E0 47 8F F7 4D E7 12 C1 83 7B 00 00 00 ..c.G..M ....{... [030] 00 . [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 02 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0030 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000004 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 00000018 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0016 cancel_ct : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0017 reserved : 00 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(894) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f returned 48 bytes. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 lsa_io_r_open_pol2 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000000 smb_io_pol_hnd [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0000 data1: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0004 data2: 0d8a88d6 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 data3: 63bf [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a data4: 47e0 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 000c data5: 8f f7 4d e7 12 c1 83 7b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(762) 0014 status: NT_STATUS_OK [2006/03/15 14:30:26, 5] rpc_parse/parse_lsa.c:(2231) init_q_query2 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 lsa_io_q_query_info2 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000000 smb_io_pol_hnd pol [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0000 data1: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0004 data2: 0d8a88d6 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 data3: 63bf [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a data4: 47e0 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 000c data5: 8f f7 4d e7 12 c1 83 7b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 info_class: 000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 002e [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000005 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 00000016 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0016 opnum : 002e [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(770) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=32783 (0x800F) smb_bcc=61 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 D6 88 8A 0D BF ........ ........ [030] 63 E0 47 8F F7 4D E7 12 C1 83 7B 0C 00 c.G..M.. ..{.. [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,132) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,132) wrote 132 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 272 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=272 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 216 (0xD8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 216 (0xD8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=217 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 05 00 00 ........ ........ [010] 00 C0 00 00 00 00 00 00 00 F0 3F 14 00 0C 00 00 ........ ..?..... [020] 00 16 00 18 00 08 2D 0E 00 16 00 18 00 D8 2A 0F ......-. ......*. [030] 00 16 00 18 00 60 CB 16 00 68 E2 11 76 52 8E 95 .....`.. .h..vR.. [040] 45 89 3A CE 59 F1 8D 21 1E 78 C6 10 00 0C 00 00 E.:.Y..! .x...... [050] 00 00 00 00 00 0B 00 00 00 43 00 49 00 46 00 53 ........ .C.I.F.S [060] 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E 00 00 .-.D.O.M .A.I.N.. [070] 00 0C 00 00 00 00 00 00 00 0B 00 00 00 63 00 69 ........ .....c.i [080] 00 66 00 73 00 2D 00 64 00 6F 00 6D 00 61 00 69 .f.s.-.d .o.m.a.i [090] 00 6E 00 00 00 0C 00 00 00 00 00 00 00 0B 00 00 .n...... ........ [0A0] 00 63 00 69 00 66 00 73 00 2D 00 64 00 6F 00 6D .c.i.f.s .-.d.o.m [0B0] 00 61 00 69 00 6E 00 00 00 04 00 00 00 01 04 00 .a.i.n.. ........ [0C0] 00 00 00 00 05 15 00 00 00 07 E5 3B 2B 2F D5 EC ........ ...;+/.. [0D0] 6D 15 D8 F6 7F 00 00 00 00 m....... . [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=272 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 216 (0xD8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 216 (0xD8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=217 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 02 03 10 00 00 00 D8 00 00 00 05 00 00 ........ ........ [010] 00 C0 00 00 00 00 00 00 00 F0 3F 14 00 0C 00 00 ........ ..?..... [020] 00 16 00 18 00 08 2D 0E 00 16 00 18 00 D8 2A 0F ......-. ......*. [030] 00 16 00 18 00 60 CB 16 00 68 E2 11 76 52 8E 95 .....`.. .h..vR.. [040] 45 89 3A CE 59 F1 8D 21 1E 78 C6 10 00 0C 00 00 E.:.Y..! .x...... [050] 00 00 00 00 00 0B 00 00 00 43 00 49 00 46 00 53 ........ .C.I.F.S [060] 00 2D 00 44 00 4F 00 4D 00 41 00 49 00 4E 00 00 .-.D.O.M .A.I.N.. [070] 00 0C 00 00 00 00 00 00 00 0B 00 00 00 63 00 69 ........ .....c.i [080] 00 66 00 73 00 2D 00 64 00 6F 00 6D 00 61 00 69 .f.s.-.d .o.m.a.i [090] 00 6E 00 00 00 0C 00 00 00 00 00 00 00 0B 00 00 .n...... ........ [0A0] 00 63 00 69 00 66 00 73 00 2D 00 64 00 6F 00 6D .c.i.f.s .-.d.o.m [0B0] 00 61 00 69 00 6E 00 00 00 04 00 00 00 01 04 00 .a.i.n.. ........ [0C0] 00 00 00 00 05 15 00 00 00 07 E5 3B 2B 2F D5 EC ........ ...;+/.. [0D0] 6D 15 D8 F6 7F 00 00 00 00 m....... . [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 02 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 00d8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000005 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 000000c0 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0016 cancel_ct : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0017 reserved : 00 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(577) cli_pipe_validate_current_pdu: got pdu len 216, data_len 192, ss_len 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(843) rpc_api_pipe: got PDU len of 216 at offset 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(894) rpc_api_pipe: Remote machine CIFS-DC pipe \lsarpc fnum 0x800f returned 384 bytes. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 lsa_io_r_query_info2 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0000 ptr: 00143ff0 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0004 info_class: 000c [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000006 lsa_io_dns_dom_info info12 [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000008 smb_io_unihdr nb_name [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 uni_str_len: 0016 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a uni_max_len: 0018 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c buffer : 000e2d08 [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000010 smb_io_unihdr dns_name [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 uni_str_len: 0016 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 uni_max_len: 0018 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 buffer : 000f2ad8 [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000018 smb_io_unihdr forest [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0018 uni_str_len: 0016 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 001a uni_max_len: 0018 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 001c buffer : 0016cb60 [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000020 smb_io_uuid dom_guid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0020 data : 7611e268 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0024 data : 8e52 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0026 data : 4595 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0028 data : 89 3a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 002a data : ce 59 f1 8d 21 1e [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 dom_sid: 0010c678 [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000034 smb_io_unistr2 nb_name [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0034 uni_max_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0038 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 003c uni_str_len: 0000000b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0040 buffer : C.I.F.S.-.D.O.M.A.I.N. [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000056 smb_io_unistr2 dns_name [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0058 uni_max_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 005c offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0060 uni_str_len: 0000000b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0064 buffer : c.i.f.s.-.d.o.m.a.i.n. [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 00007a smb_io_unistr2 forest [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 007c uni_max_len: 0000000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0080 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0084 uni_str_len: 0000000b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0088 buffer : c.i.f.s.-.d.o.m.a.i.n. [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 00009e smb_io_dom_sid2 dom_sid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 00a0 num_auths: 00000004 [2006/03/15 14:30:26, 8] rpc_parse/parse_prs.c:(84) 0000a4 smb_io_dom_sid sid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00a4 sid_rev_num: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00a5 num_auths : 04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00a6 id_auth[0] : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00a7 id_auth[1] : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00a8 id_auth[2] : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00a9 id_auth[3] : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00aa id_auth[4] : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 00ab id_auth[5] : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(959) 00ac sub_auths : 00000015 2b3be507 6decd52f 7ff6d815 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(762) 00bc status: NT_STATUS_OK [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,45) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,45) wrote 45 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 35 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=14 smt_wct=0 smb_bcc=0 [2006/03/15 14:30:26, 10] libsmb/clientgen.c:(375) cli_rpc_pipe_close: closed pipe \lsarpc to machine CIFS-DC [2006/03/15 14:30:26, 10] nsswitch/winbindd_cache.c:(1494) Storing response for pid 12284, len 1300 [2006/03/15 14:30:26, 10] nsswitch/winbindd_cache.c:(1534) Retrieving response for pid 12284 [2006/03/15 14:30:26, 5] nsswitch/winbindd_util.c:(414) Received child initialization response for domain CIFS-DOMAIN [2006/03/15 14:30:26, 4] nsswitch/winbindd_dual.c:(512) child daemon request 17 [2006/03/15 14:30:26, 10] nsswitch/winbindd_dual.c:(388) process_request: request fn LIST_TRUSTDOM [2006/03/15 14:30:26, 3] nsswitch/winbindd_misc.c:(120) [12283]: list trusted domains [2006/03/15 14:30:26, 5] nsswitch/winbindd_cache.c:(140) get_cache: Setting ADS methods for domain CIFS-DOMAIN [2006/03/15 14:30:26, 10] nsswitch/winbindd_cache.c:(1402) trusted_domains: [Cached] - doing backend query for info for domain CIFS-DOMAIN [2006/03/15 14:30:26, 3] nsswitch/winbindd_ads.c:(879) ads: trusted_domains [2006/03/15 14:30:26, 4] passdb/secrets.c:(282) Using cleartext machine password [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,108) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,108) wrote 108 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 103 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=15 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(2044) Bind RPC Pipe[c00c]: \NETLOGON auth_type 0, auth_level 0 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1647) Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4.. ...#Eg.. [010] 00 00 00 01 .... [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..... ....+.H` [010] 00 00 00 02 .... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0b [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0048 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000006 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_rb [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_bba [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 max_tsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 max_rsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 assoc_gid: 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0018 num_contexts: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 001c context_id : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 001e num_transfer_syntaxes: 01 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 00001f smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000020 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0020 data : 12345678 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0024 data : 1234 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0026 data : abcd [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0028 data : ef 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 002a data : 01 23 45 67 cf fb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 version: 00000001 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000034 smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000034 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0034 data : 8a885d04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0038 data : 1ceb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 003a data : 11c9 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003c data : 9f e8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003e data : 08 00 2b 10 48 60 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0044 version: 00000002 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(770) rpc_api_pipe: Remote machine CIFS-DC pipe \NETLOGON fnum 0xc00c [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49164 (0xC00C) smb_bcc=87 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(132) write_socket(11,158) [2006/03/15 14:30:26, 6] libsmb/clientgen.c:(135) write_socket(11,158) wrote 158 [2006/03/15 14:30:26, 10] lib/util_sock.c:(618) got smb length of 124 [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [010] 00 B8 10 B8 10 3F 2B 06 00 0C 00 5C 50 49 50 45 .....?+. ...\PIPE [020] 5C 6C 73 61 73 73 00 0E 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/03/15 14:30:26, 5] lib/util.c:(454) [2006/03/15 14:30:26, 5] lib/util.c:(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=6148 smb_pid=12284 smb_uid=47105 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/03/15 14:30:26, 10] lib/util.c:(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [010] 00 B8 10 B8 10 3F 2B 06 00 0C 00 5C 50 49 50 45 .....?+. ...\PIPE [020] 5C 6C 73 61 73 73 00 0E 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0044 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000006 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(894) rpc_api_pipe: Remote machine CIFS-DC pipe \NETLOGON fnum 0xc00c returned 68 bytes. [2006/03/15 14:30:26, 3] rpc_client/cli_pipe.c:(2081) rpc_pipe_bind: Remote machine CIFS-DC pipe \NETLOGON fnum 0xc00c bind request returned ok. [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 0c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 0044 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000006 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_ba [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_bba [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0010 max_tsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0012 max_rsize: 10b8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0014 assoc_gid: 00062b3f [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000018 smb_io_rpc_addr_str [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0018 len: 000c [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 001a str: \PIPE\lsass. [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000026 smb_io_rpc_results [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0028 num_results: 01 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 002c result : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 002e reason : 0000 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000030 smb_io_rpc_iface [2006/03/15 14:30:26, 7] rpc_parse/parse_prs.c:(84) 000030 smb_io_uuid uuid [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0030 data : 8a885d04 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0034 data : 1ceb [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0036 data : 11c9 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 0038 data : 9f e8 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003a data : 08 00 2b 10 48 60 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0040 version: 00000002 [2006/03/15 14:30:26, 5] rpc_client/cli_pipe.c:(1701) check_bind_response: accepted! [2006/03/15 14:30:26, 10] rpc_client/cli_pipe.c:(2246) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine CIFS-DC and bound anonymously. [2006/03/15 14:30:26, 4] rpc_client/cli_netlogon.c:(46) cli_net_req_chal: LSA Request Challenge from AURORA to \\CIFS-DC [2006/03/15 14:30:26, 5] rpc_parse/parse_net.c:(679) init_q_req_chal: 679 [2006/03/15 14:30:26, 5] rpc_parse/parse_net.c:(688) init_q_req_chal: 688 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 net_io_q_req_chal [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0000 undoc_buffer: 00000001 [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000004 smb_io_unistr2 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0004 uni_max_len: 0000000a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0008 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c uni_str_len: 0000000a [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0010 buffer : \.\.C.I.F.S.-.D.C... [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 000024 smb_io_unistr2 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0024 uni_max_len: 00000007 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0028 offset : 00000000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 002c uni_str_len: 00000007 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(904) 0030 buffer : A.U.R.O.R.A... [2006/03/15 14:30:26, 6] rpc_parse/parse_prs.c:(84) 00003e smb_io_chal [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(819) 003e data: e5 24 f3 dd f1 b1 b8 e3 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000000 smb_io_rpc_hdr hdr [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0000 major : 05 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0001 minor : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0002 pkt_type : 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0003 flags : 03 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0004 pack_type0: 10 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0005 pack_type1: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0006 pack_type2: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(614) 0007 pack_type3: 00 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0008 frag_len : 005e [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 000a auth_len : 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 000c call_id : 00000007 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(703) 0010 alloc_hint: 00000046 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0014 context_id: 0000 [2006/03/15 14:30:26, 5] rpc_parse/parse_prs.c:(674) 0016 opnum : 0004 [2006/03/15 14:30:26, 10] nsswitch/winbindd_cache.c:(1534) Retrieving response for pid 12284