root@oak-vcs1307:~# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@oak-vcs1307:~# /usr/bin/net -V
Version 4.19.1
root@oak-vcs1307:~# /usr/bin/net ads join -d 10 --no-dns-updates -U Administrator%******-k
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
WARNING: The option -k|--kerberos is deprecated!
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
doing parameter workgroup = DC2022
doing parameter realm = DC2022.TEST
doing parameter security = ads
doing parameter idmap config * : backend = tdb
doing parameter idmap config * : range = 3000-7999
doing parameter idmap config DC2022 : backend = rid
doing parameter idmap config DC2022 : range = 10000-999999
doing parameter template homedir = /home/%U
doing parameter template shell = /bin/bash
doing parameter winbind use default domain = true
doing parameter winbind offline logon = false
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=2600:809:200:536:250:56ff:feae:2291 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.5.54.91 bcast=10.5.54.255 netmask=255.255.255.0
added interface eth1 ip=10.5.140.58 bcast=10.5.255.255 netmask=255.255.128.0
messaging_dgm_ref: messaging_dgm_init returned Success
messaging_dgm_ref: unique = 16345522056155018957
Registering messaging pointer for type 2 - private_data=(nil)
register_msg_pool_usage: Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Registering messaging pointer for type 51 - private_data=(nil)
messaging_init_internal: my id: 1557
added interface eth0 ip=2600:809:200:536:250:56ff:feae:2291 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.5.54.91 bcast=10.5.54.255 netmask=255.255.255.0
added interface eth1 ip=10.5.140.58 bcast=10.5.255.255 netmask=255.255.128.0
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'OAK-VCS1307'
            domain_name              : *
                domain_name              : 'DC2022.TEST'
            domain_name_type         : JoinDomNameTypeDNS (1)
            account_ou               : NULL
            admin_account            : 'Administrator'
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            dnshostname              : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x01 (1)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001c (28)
            provision_computer_account_only: 0x00 (0)
            odj_provision_data       : NULL
            request_offline_join     : 0x00 (0)
Opening cache file at /usr/local/samba/var/lock/gencache.tdb
sitename_fetch: Returning sitename for realm 'DC2022.TEST': "Default-First-Site-Name"
dsgetdcname_internal: domain_name: DC2022.TEST, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011
debug_dsdcinfo_flags: 0x40021011
            DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME
dsgetdcname_rediscover
dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71
dns_cli_request_send: Asking 10.5.139.71 for _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DC2022.TEST/1/33 via UDP
[0000] 58 E1 01 00 00 01 00 00   00 00 00 00 05 5F 6C 64   X....... ....._ld
[0010] 61 70 04 5F 74 63 70 17   44 65 66 61 75 6C 74 2D   ap._tcp. Default-
[0020] 46 69 72 73 74 2D 53 69   74 65 2D 4E 61 6D 65 06   First-Si te-Name.
[0030] 5F 73 69 74 65 73 02 64   63 06 5F 6D 73 64 63 73   _sites.d c._msdcs
[0040] 06 44 43 32 30 32 32 04   54 45 53 54 00 00 21 00   .DC2022. TEST..!.
[0050] 01                                                  .
[0000] 58 E1 85 80 00 01 00 01   00 00 00 01 05 5F 6C 64   X....... ....._ld
[0010] 61 70 04 5F 74 63 70 17   44 65 66 61 75 6C 74 2D   ap._tcp. Default-
[0020] 46 69 72 73 74 2D 53 69   74 65 2D 4E 61 6D 65 06   First-Si te-Name.
[0030] 5F 73 69 74 65 73 02 64   63 06 5F 6D 73 64 63 73   _sites.d c._msdcs
[0040] 06 44 43 32 30 32 32 04   54 45 53 54 00 00 21 00   .DC2022. TEST..!.
[0050] 01 C0 0C 00 21 00 01 00   00 02 58 00 23 00 00 00   ....!... ..X.#...
[0060] 64 01 85 0F 77 69 6E 2D   38 34 31 70 76 34 68 65   d...win- 841pv4he
[0070] 6B 30 6F 06 64 63 32 30   32 32 04 74 65 73 74 00   k0o.dc20 22.test.
[0080] C0 63 00 01 00 01 00 00   0E 10 00 04 0A 05 8B 47   .c...... .......G
LDAP ping to win-841pv4hek0o.dc2022.test (10.5.139.71)
     &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
        command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
        sbz                      : 0x0000 (0)
        server_type              : 0x0007f3fd (521213)
               1: NBT_SERVER_PDC
               1: NBT_SERVER_GC
               1: NBT_SERVER_LDAP
               1: NBT_SERVER_DS
               1: NBT_SERVER_KDC
               1: NBT_SERVER_TIMESERV
               1: NBT_SERVER_CLOSEST
               1: NBT_SERVER_WRITABLE
               1: NBT_SERVER_GOOD_TIMESERV
               0: NBT_SERVER_NDNC
               0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
               1: NBT_SERVER_FULL_SECRET_DOMAIN_6
               1: NBT_SERVER_ADS_WEB_SERVICE
               1: NBT_SERVER_DS_8
               1: NBT_SERVER_DS_9
               1: NBT_SERVER_DS_10
               0: NBT_SERVER_HAS_DNS_NAME
               0: NBT_SERVER_IS_DEFAULT_NC
               0: NBT_SERVER_FOREST_ROOT
        domain_uuid              : 15a99073-0553-41da-9071-ff8270e0cf35
        forest                   : 'dc2022.test'
        dns_domain               : 'dc2022.test'
        pdc_dns_name             : 'WIN-841PV4HEK0O.dc2022.test'
        domain_name              : 'DC2022'
        pdc_name                 : 'WIN-841PV4HEK0O'
        user_name                : ''
        server_site              : 'Default-First-Site-Name'
        client_site              : 'Default-First-Site-Name'
        sockaddr_size            : 0x00 (0)
        sockaddr: struct nbt_sockaddr
            sockaddr_family          : 0x00000000 (0)
            pdc_ip                   : (null)
            remaining                : DATA_BLOB length=0
        next_closest_site        : NULL
        nt_version               : 0x00000005 (5)
               1: NETLOGON_NT_VERSION_1
               0: NETLOGON_NT_VERSION_5
               1: NETLOGON_NT_VERSION_5EX
               0: NETLOGON_NT_VERSION_5EX_WITH_IP
               0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
               0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
               0: NETLOGON_NT_VERSION_PDC
               0: NETLOGON_NT_VERSION_IP
               0: NETLOGON_NT_VERSION_LOCAL
               0: NETLOGON_NT_VERSION_GC
        lmnt_token               : 0xffff (65535)
        lm20_token               : 0xffff (65535)
gencache_set_data_blob: Adding cache entry with key=[DSGETDCNAME/DOMAIN/DC2022] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead)
sitename_store: realm = [DC2022], sitename = [Default-First-Site-Name], expire = [2085923199]
gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead)
gencache_set_data_blob: Adding cache entry with key=[DSGETDCNAME/DOMAIN/DC2022.TEST] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead)
sitename_store: realm = [dc2022.test], sitename = [Default-First-Site-Name], expire = [2085923199]
gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022.TEST] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead)
create_local_private_krb5_conf_for_domain: fname = /usr/local/samba/var/lock/smb_krb5/krb5.conf._JOIN_, realm = DC2022.TEST, domain = _JOIN_
gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/DC2022.TEST] and timeout=[Thu Jan  1 12:00:00 AM 1970 UTC] (-1697178594 seconds in the past)
saf_fetch: failed to find server for "DC2022.TEST" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up DC2022.TEST#dcdc (sitename Default-First-Site-Name)
resolve_ads: Attempting to resolve KDCs for DC2022.TEST using DNS
resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.DC2022.TEST
dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71
dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.DC2022.TEST/1/33 via UDP
[0000] 7E 35 01 00 00 01 00 00   00 00 00 00 09 5F 6B 65   ~5...... ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 17 44 65 66 61   rberos._ tcp.Defa
[0020] 75 6C 74 2D 46 69 72 73   74 2D 53 69 74 65 2D 4E   ult-Firs t-Site-N
[0030] 61 6D 65 06 5F 73 69 74   65 73 02 64 63 06 5F 6D   ame._sit es.dc._m
[0040] 73 64 63 73 06 44 43 32   30 32 32 04 54 45 53 54   sdcs.DC2 022.TEST
[0050] 00 00 21 00 01                                      ..!..
[0000] 7E 35 85 80 00 01 00 01   00 00 00 01 09 5F 6B 65   ~5...... ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 17 44 65 66 61   rberos._ tcp.Defa
[0020] 75 6C 74 2D 46 69 72 73   74 2D 53 69 74 65 2D 4E   ult-Firs t-Site-N
[0030] 61 6D 65 06 5F 73 69 74   65 73 02 64 63 06 5F 6D   ame._sit es.dc._m
[0040] 73 64 63 73 06 44 43 32   30 32 32 04 54 45 53 54   sdcs.DC2 022.TEST
[0050] 00 00 21 00 01 C0 0C 00   21 00 01 00 00 02 58 00   ..!..... !.....X.
[0060] 23 00 00 00 64 00 58 0F   77 69 6E 2D 38 34 31 70   #...d.X. win-841p
[0070] 76 34 68 65 6B 30 6F 06   64 63 32 30 32 32 04 74   v4hek0o. dc2022.t
[0080] 65 73 74 00 C0 67 00 01   00 01 00 00 0E 10 00 04   est..g.. ........
[0090] 0A 05 8B 47                                         ...G
resolve_ads: SRV lookup DC2022.TEST got IP[0] 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 1 addresses: 10.5.139.71
get_dc_list: Adding 1 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain DC2022.TEST server 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 10.5.139.71
get_kdc_ip_string: got 1 addresses from site Default-First-Site-Name search
saf_fetch: failed to find server for "DC2022.TEST" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up DC2022.TEST#dcdc (sitename (null))
resolve_ads: Attempting to resolve KDCs for DC2022.TEST using DNS
resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.DC2022.TEST
dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71
dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.dc._msdcs.DC2022.TEST/1/33 via UDP
[0000] 11 14 01 00 00 01 00 00   00 00 00 00 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 02 64 63 06 5F   rberos._ tcp.dc._
[0020] 6D 73 64 63 73 06 44 43   32 30 32 32 04 54 45 53   msdcs.DC 2022.TES
[0030] 54 00 00 21 00 01                                   T..!..
[0000] 11 14 85 80 00 01 00 01   00 00 00 01 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 02 64 63 06 5F   rberos._ tcp.dc._
[0020] 6D 73 64 63 73 06 44 43   32 30 32 32 04 54 45 53   msdcs.DC 2022.TES
[0030] 54 00 00 21 00 01 C0 0C   00 21 00 01 00 00 02 58   T..!.... .!.....X
[0040] 00 23 00 00 00 64 00 58   0F 77 69 6E 2D 38 34 31   .#...d.X .win-841
[0050] 70 76 34 68 65 6B 30 6F   06 64 63 32 30 32 32 04   pv4hek0o .dc2022.
[0060] 74 65 73 74 00 C0 48 00   01 00 01 00 00 0E 10 00   test..H. ........
[0070] 04 0A 05 8B 47                                      ....G
resolve_ads: SRV lookup DC2022.TEST got IP[0] 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 1 addresses: 10.5.139.71
get_dc_list: Adding 1 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain DC2022.TEST server 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 10.5.139.71
get_kdc_ip_string: got 1 addresses from site-less search
get_kdc_ip_string: 0 additional KDCs to test
get_kdc_ip_string: Returning
                        kdc = 10.5.139.71
 
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf._JOIN_ with realm DC2022.TEST KDC list:
                        kdc = 10.5.139.71
 
sitename_fetch: Returning sitename for realm 'DC2022.TEST': "Default-First-Site-Name"
internal_resolve_name: looking up WIN-841PV4HEK0O.dc2022.test#20 (sitename Default-First-Site-Name)
gencache_set_data_blob: Adding cache entry with key=[NBT/WIN-841PV4HEK0O.DC2022.TEST#20] and timeout=[Thu Jan  1 12:00:00 AM 1970 UTC] (-1697178594 seconds in the past)
namecache_fetch: no entry for WIN-841PV4HEK0O.dc2022.test#20 found.
resolve_hosts: Attempting host lookup for name WIN-841PV4HEK0O.dc2022.test<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for WIN-841PV4HEK0O.dc2022.test#20: 10.5.139.71
gencache_set_data_blob: Adding cache entry with key=[NBT/WIN-841PV4HEK0O.DC2022.TEST#20] and timeout=[Fri Oct 13 06:40:54 AM 2023 UTC] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 10.5.139.71
Connecting to 10.5.139.71 at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
cli_session_creds_prepare_krb5: Doing kinit for Administrator@DC2022.TEST to access WIN-841PV4HEK0O.dc2022.test
kerberos_kinit_password_ext: as Administrator@DC2022.TEST using [MEMORY:cliconnect] as ccache and config [/usr/local/samba/var/lock/smb_krb5/krb5.conf._JOIN_]
kerberos_kinit_password_ext: Administrator@DC2022.TEST mapped to Administrator@DC2022.TEST
cli_session_creds_prepare_krb5: Successfully authenticated as Administrator@DC2022.TEST (Administrator@DC2022.TEST) to access WIN-841PV4HEK0O.dc2022.test using Kerberos
cli_session_setup_spnego_send: Connect to WIN-841PV4HEK0O.dc2022.test as Administrator@DC2022.TEST using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gensec_update_send: gse_krb5[0x5561ecc7bef0]: subreq: 0x5561ecc5b0a0
gensec_update_send: spnego[0x5561ecc76a60]: subreq: 0x5561ecc83c90
gensec_update_done: gse_krb5[0x5561ecc7bef0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc5b0a0/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)]  state[struct gensec_gse_update_state (0x5561ecc5b280)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:906]
gensec_update_done: spnego[0x5561ecc76a60]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc83c90/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x5561ecc83e70)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
gensec_update_send: gse_krb5[0x5561ecc7bef0]: subreq: 0x5561ecc7b910
gensec_update_send: spnego[0x5561ecc76a60]: subreq: 0x5561ecc83c90
gensec_update_done: gse_krb5[0x5561ecc7bef0]: NT_STATUS_OK tevent_req[0x5561ecc7b910/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)]  state[struct gensec_gse_update_state (0x5561ecc7baf0)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:913]
gensec_update_done: spnego[0x5561ecc76a60]: NT_STATUS_OK tevent_req[0x5561ecc83c90/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x5561ecc83e70)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
Bind RPC Pipe: host WIN-841PV4HEK0O.dc2022.test auth_type 0, auth_level 1
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_BIND (11)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0048 (72)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000001 (1)
        u                        : union dcerpc_payload(case 11)
        bind: struct dcerpc_bind
            max_xmit_frag            : 0x10b8 (4280)
            max_recv_frag            : 0x10b8 (4280)
            assoc_group_id           : 0x00000000 (0)
            num_contexts             : 0x01 (1)
            ctx_list: ARRAY(1)
                ctx_list: struct dcerpc_ctx_list
                    context_id               : 0x0000 (0)
                    num_transfer_syntaxes    : 0x01 (1)
                    abstract_syntax: struct ndr_syntax_id
                        uuid                     : 12345778-1234-abcd-ef00-0123456789ab
                        if_version               : 0x00000000 (0)
                    transfer_syntaxes: ARRAY(1)
                        transfer_syntaxes: struct ndr_syntax_id
                            uuid                     : 8a885d04-1ceb-11c9-9fe8-08002b104860
                            if_version               : 0x00000002 (2)
            auth_info                : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 52
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_BIND_ACK (12)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0044 (68)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000001 (1)
        u                        : union dcerpc_payload(case 12)
        bind_ack: struct dcerpc_bind_ack
            max_xmit_frag            : 0x10b8 (4280)
            max_recv_frag            : 0x10b8 (4280)
            assoc_group_id           : 0x0000310c (12556)
            secondary_address_size   : 0x000c (12)
            secondary_address        : '\pipe\lsass'
            _pad1                    : DATA_BLOB length=2
[0000] 00 00                                               ..
            num_results              : 0x01 (1)
            ctx_list: ARRAY(1)
                ctx_list: struct dcerpc_ack_ctx
                    result                   : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
                    reason                   : union dcerpc_bind_ack_reason(case 0)
                    value                    : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
                    syntax: struct ndr_syntax_id
                        uuid                     : 8a885d04-1ceb-11c9-9fe8-08002b104860
                        if_version               : 0x00000002 (2)
            auth_info                : DATA_BLOB length=0
rpc_api_pipe_got_pdu: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine WIN-841PV4HEK0O.dc2022.test and bound anonymously.
     lsa_OpenPolicy: struct lsa_OpenPolicy
        in: struct lsa_OpenPolicy
            system_name              : *
                system_name              : 0x005c (92)
            attr                     : *
                attr: struct lsa_ObjectAttribute
                    len                      : 0x00000018 (24)
                    root_dir                 : NULL
                    object_name              : NULL
                    attributes               : 0x00000000 (0)
                    sec_desc                 : NULL
                    sec_qos                  : *
                        sec_qos: struct lsa_QosInfo
                            len                      : 0x0000000c (12)
                            impersonation_level      : 0x0002 (2)
                            context_mode             : 0x01 (1)
                            effective_only           : 0x00 (0)
            access_mask              : 0x02000000 (33554432)
                   0: LSA_POLICY_VIEW_LOCAL_INFORMATION
                   0: LSA_POLICY_VIEW_AUDIT_INFORMATION
                   0: LSA_POLICY_GET_PRIVATE_INFORMATION
                   0: LSA_POLICY_TRUST_ADMIN
                   0: LSA_POLICY_CREATE_ACCOUNT
                   0: LSA_POLICY_CREATE_SECRET
                   0: LSA_POLICY_CREATE_PRIVILEGE
                   0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
                   0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
                   0: LSA_POLICY_AUDIT_LOG_ADMIN
                   0: LSA_POLICY_SERVER_ADMIN
                   0: LSA_POLICY_LOOKUP_NAMES
                   0: LSA_POLICY_NOTIFICATION
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000002 (2)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000002c (44)
            context_id               : 0x0000 (0)
            opnum                    : 0x0006 (6)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000002 (2)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 6C CE 31 9A   1A 30 0A 4F 94 54 2B 38   ....l.1. .0.O.T+8
[0010] AB 1B 7F 35 00 00 00 00                             ...5....
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     lsa_OpenPolicy: struct lsa_OpenPolicy
        out: struct lsa_OpenPolicy
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 9a31ce6c-301a-4f0a-9454-2b38ab1b7f35
            result                   : NT_STATUS_OK
     lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
        in: struct lsa_QueryInfoPolicy2
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 9a31ce6c-301a-4f0a-9454-2b38ab1b7f35
            level                    : LSA_POLICY_INFO_DNS (12)
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000003 (3)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000016 (22)
            context_id               : 0x0000 (0)
            opnum                    : 0x002e (46)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 188
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x00cc (204)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000003 (3)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x000000b4 (180)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=180
[0000] 00 00 02 00 0C 00 00 00   0C 00 0E 00 04 00 02 00   ........ ........
[0010] 16 00 18 00 08 00 02 00   16 00 18 00 0C 00 02 00   ........ ........
[0020] 73 90 A9 15 53 05 DA 41   90 71 FF 82 70 E0 CF 35   s...S..A .q..p..5
[0030] 10 00 02 00 07 00 00 00   00 00 00 00 06 00 00 00   ........ ........
[0040] 44 00 43 00 32 00 30 00   32 00 32 00 0C 00 00 00   D.C.2.0. 2.2.....
[0050] 00 00 00 00 0B 00 00 00   64 00 63 00 32 00 30 00   ........ d.c.2.0.
[0060] 32 00 32 00 2E 00 74 00   65 00 73 00 74 00 00 00   2.2...t. e.s.t...
[0070] 0C 00 00 00 00 00 00 00   0B 00 00 00 64 00 63 00   ........ ....d.c.
[0080] 32 00 30 00 32 00 32 00   2E 00 74 00 65 00 73 00   2.0.2.2. ..t.e.s.
[0090] 74 00 00 00 04 00 00 00   01 04 00 00 00 00 00 05   t....... ........
[00A0] 15 00 00 00 00 2B C4 AC   2C 49 C2 ED A3 C0 51 A1   .....+.. ,I....Q.
[00B0] 00 00 00 00                                         ....
Got pdu len 204, data_len 180
rpc_api_pipe_got_pdu: got frag len of 204 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 180 bytes.
     lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
        out: struct lsa_QueryInfoPolicy2
            info                     : *
                info                     : *
                    info                     : union lsa_PolicyInformation(case 12)
                    dns: struct lsa_DnsDomainInfo
                        name: struct lsa_StringLarge
                            length                   : 0x000c (12)
                            size                     : 0x000e (14)
                            string                   : *
                                string                   : 'DC2022'
                        dns_domain: struct lsa_StringLarge
                            length                   : 0x0016 (22)
                            size                     : 0x0018 (24)
                            string                   : *
                                string                   : 'dc2022.test'
                        dns_forest: struct lsa_StringLarge
                            length                   : 0x0016 (22)
                            size                     : 0x0018 (24)
                            string                   : *
                                string                   : 'dc2022.test'
                        domain_guid              : 15a99073-0553-41da-9071-ff8270e0cf35
                        sid                      : *
                            sid                      : S-1-5-21-2898537216-3988932908-2706489507
            result                   : NT_STATUS_OK
     lsa_Close: struct lsa_Close
        in: struct lsa_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 9a31ce6c-301a-4f0a-9454-2b38ab1b7f35
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000004 (4)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000014 (20)
            context_id               : 0x0000 (0)
            opnum                    : 0x0000 (0)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000004 (4)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0010] 00 00 00 00 00 00 00 00                             ........
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     lsa_Close: struct lsa_Close
        out: struct lsa_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 00000000-0000-0000-0000-000000000000
            result                   : NT_STATUS_OK
signed SMB2 message (sign_algo_id=2)
create_local_private_krb5_conf_for_domain: fname = /usr/local/samba/var/lock/smb_krb5/krb5.conf.DC2022, realm = dc2022.test, domain = DC2022
saf_fetch: failed to find server for "dc2022.test" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up dc2022.test#dcdc (sitename Default-First-Site-Name)
resolve_ads: Attempting to resolve KDCs for dc2022.test using DNS
resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.dc2022.test
dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71
dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dc2022.test/1/33 via UDP
[0000] C2 ED 01 00 00 01 00 00   00 00 00 00 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 17 44 65 66 61   rberos._ tcp.Defa
[0020] 75 6C 74 2D 46 69 72 73   74 2D 53 69 74 65 2D 4E   ult-Firs t-Site-N
[0030] 61 6D 65 06 5F 73 69 74   65 73 02 64 63 06 5F 6D   ame._sit es.dc._m
[0040] 73 64 63 73 06 64 63 32   30 32 32 04 74 65 73 74   sdcs.dc2 022.test
[0050] 00 00 21 00 01                                      ..!..
[0000] C2 ED 85 80 00 01 00 01   00 00 00 01 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 17 44 65 66 61   rberos._ tcp.Defa
[0020] 75 6C 74 2D 46 69 72 73   74 2D 53 69 74 65 2D 4E   ult-Firs t-Site-N
[0030] 61 6D 65 06 5F 73 69 74   65 73 02 64 63 06 5F 6D   ame._sit es.dc._m
[0040] 73 64 63 73 06 64 63 32   30 32 32 04 74 65 73 74   sdcs.dc2 022.test
[0050] 00 00 21 00 01 C0 0C 00   21 00 01 00 00 02 58 00   ..!..... !.....X.
[0060] 23 00 00 00 64 00 58 0F   77 69 6E 2D 38 34 31 70   #...d.X. win-841p
[0070] 76 34 68 65 6B 30 6F 06   64 63 32 30 32 32 04 74   v4hek0o. dc2022.t
[0080] 65 73 74 00 C0 67 00 01   00 01 00 00 0E 10 00 04   est..g.. ........
[0090] 0A 05 8B 47                                         ...G
resolve_ads: SRV lookup dc2022.test got IP[0] 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 1 addresses: 10.5.139.71
get_dc_list: Adding 1 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain dc2022.test server 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 10.5.139.71
get_kdc_ip_string: got 1 addresses from site Default-First-Site-Name search
saf_fetch: failed to find server for "dc2022.test" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up dc2022.test#dcdc (sitename (null))
resolve_ads: Attempting to resolve KDCs for dc2022.test using DNS
resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.dc2022.test
dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71
dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.dc._msdcs.dc2022.test/1/33 via UDP
[0000] A8 C9 01 00 00 01 00 00   00 00 00 00 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 02 64 63 06 5F   rberos._ tcp.dc._
[0020] 6D 73 64 63 73 06 64 63   32 30 32 32 04 74 65 73   msdcs.dc 2022.tes
[0030] 74 00 00 21 00 01                                   t..!..
[0000] A8 C9 85 80 00 01 00 01   00 00 00 01 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 02 64 63 06 5F   rberos._ tcp.dc._
[0020] 6D 73 64 63 73 06 64 63   32 30 32 32 04 74 65 73   msdcs.dc 2022.tes
[0030] 74 00 00 21 00 01 C0 0C   00 21 00 01 00 00 02 58   t..!.... .!.....X
[0040] 00 23 00 00 00 64 00 58   0F 77 69 6E 2D 38 34 31   .#...d.X .win-841
[0050] 70 76 34 68 65 6B 30 6F   06 64 63 32 30 32 32 04   pv4hek0o .dc2022.
[0060] 74 65 73 74 00 C0 48 00   01 00 01 00 00 0E 10 00   test..H. ........
[0070] 04 0A 05 8B 47                                      ....G
resolve_ads: SRV lookup dc2022.test got IP[0] 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 1 addresses: 10.5.139.71
get_dc_list: Adding 1 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain dc2022.test server 10.5.139.71
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 10.5.139.71
get_kdc_ip_string: got 1 addresses from site-less search
get_kdc_ip_string: 0 additional KDCs to test
get_kdc_ip_string: Returning
                        kdc = 10.5.139.71
 
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.DC2022 with realm DC2022.TEST KDC list:
                        kdc = 10.5.139.71
 
sitename_fetch: Returning sitename for realm 'DC2022.TEST': "Default-First-Site-Name"
internal_resolve_name: looking up WIN-841PV4HEK0O.dc2022.test#20 (sitename Default-First-Site-Name)
namecache_fetch: name WIN-841PV4HEK0O.dc2022.test#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
ads_try_connect: ads_try_connect: sending CLDAP request to 10.5.139.71 (realm: dc2022.test)
     &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
        command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
        sbz                      : 0x0000 (0)
        server_type              : 0x0007f3fd (521213)
               1: NBT_SERVER_PDC
               1: NBT_SERVER_GC
               1: NBT_SERVER_LDAP
               1: NBT_SERVER_DS
               1: NBT_SERVER_KDC
               1: NBT_SERVER_TIMESERV
               1: NBT_SERVER_CLOSEST
               1: NBT_SERVER_WRITABLE
               1: NBT_SERVER_GOOD_TIMESERV
               0: NBT_SERVER_NDNC
               0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
               1: NBT_SERVER_FULL_SECRET_DOMAIN_6
               1: NBT_SERVER_ADS_WEB_SERVICE
               1: NBT_SERVER_DS_8
               1: NBT_SERVER_DS_9
               1: NBT_SERVER_DS_10
               0: NBT_SERVER_HAS_DNS_NAME
               0: NBT_SERVER_IS_DEFAULT_NC
               0: NBT_SERVER_FOREST_ROOT
        domain_uuid              : 15a99073-0553-41da-9071-ff8270e0cf35
        forest                   : 'dc2022.test'
        dns_domain               : 'dc2022.test'
        pdc_dns_name             : 'WIN-841PV4HEK0O.dc2022.test'
        domain_name              : 'DC2022'
        pdc_name                 : 'WIN-841PV4HEK0O'
        user_name                : ''
        server_site              : 'Default-First-Site-Name'
        client_site              : 'Default-First-Site-Name'
        sockaddr_size            : 0x00 (0)
        sockaddr: struct nbt_sockaddr
            sockaddr_family          : 0x00000000 (0)
            pdc_ip                   : (null)
            remaining                : DATA_BLOB length=0
        next_closest_site        : NULL
        nt_version               : 0x00000005 (5)
               1: NETLOGON_NT_VERSION_1
               0: NETLOGON_NT_VERSION_5
               1: NETLOGON_NT_VERSION_5EX
               0: NETLOGON_NT_VERSION_5EX_WITH_IP
               0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
               0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
               0: NETLOGON_NT_VERSION_PDC
               0: NETLOGON_NT_VERSION_IP
               0: NETLOGON_NT_VERSION_LOCAL
               0: NETLOGON_NT_VERSION_GC
        lmnt_token               : 0xffff (65535)
        lm20_token               : 0xffff (65535)
sitename_store: realm = [DC2022], sitename = [Default-First-Site-Name], expire = [2085923199]
gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead)
sitename_store: realm = [dc2022.test], sitename = [Default-First-Site-Name], expire = [2085923199]
gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022.TEST] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead)
Successfully contacted LDAP server 10.5.139.71
Opening connection to LDAP server 'WIN-841PV4HEK0O.dc2022.test:389', timeout 15 seconds
Connecting to 10.5.139.71 at port 389
Initialized connection for LDAP server 'ldap://WIN-841PV4HEK0O.dc2022.test:389'
Connected to LDAP server WIN-841PV4HEK0O.dc2022.test
ads_closest_dc: NBT_SERVER_CLOSEST flag set
saf_store: domain = [DC2022], server = [WIN-841PV4HEK0O.dc2022.test], expire = [1697179494]
gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/DC2022] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead)
saf_store: domain = [dc2022.test], server = [WIN-841PV4HEK0O.dc2022.test], expire = [1697179494]
gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/DC2022.TEST] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead)
KDC time offset is 6 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
kerberos_kinit_password_ext: as Administrator@DC2022.TEST using [MEMORY:cliconnect] as ccache and config [/usr/local/samba/var/lock/smb_krb5/krb5.conf.DC2022]
kerberos_kinit_password_ext: Administrator@DC2022.TEST mapped to Administrator@DC2022.TEST
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gensec_update_send: gse_krb5[0x5561ecc76a60]: subreq: 0x5561ecc5b0a0
gensec_update_send: spnego[0x5561ecc7bef0]: subreq: 0x5561ecc89c50
gensec_update_done: gse_krb5[0x5561ecc76a60]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc5b0a0/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)]  state[struct gensec_gse_update_state (0x5561ecc5b280)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:906]
gensec_update_done: spnego[0x5561ecc7bef0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc89c50/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x5561ecc89e30)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
gensec_update_send: gse_krb5[0x5561ecc76a60]: subreq: 0x5561ecc5b0a0
gensec_update_send: spnego[0x5561ecc7bef0]: subreq: 0x5561ecc89c50
gensec_update_done: gse_krb5[0x5561ecc76a60]: NT_STATUS_OK tevent_req[0x5561ecc5b0a0/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)]  state[struct gensec_gse_update_state (0x5561ecc5b280)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:913]
gensec_update_done: spnego[0x5561ecc7bef0]: NT_STATUS_OK tevent_req[0x5561ecc89c50/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x5561ecc89e30)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
gensec_gse_unwrap: GSS UnWrap failed:  A token was invalid: unknown mech-code 0 for mech 1 2 840 113554 1 2 2
Failed while searching for: <WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=DC2022,dc=TEST>
libnet_DomainJoin: Failed to pre-create account in OU cn=Computers,dc=DC2022,dc=TEST: Time limit exceeded
signed SMB2 message (sign_algo_id=2)
Bind RPC Pipe: host WIN-841PV4HEK0O.dc2022.test auth_type 0, auth_level 1
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_BIND (11)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0048 (72)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000005 (5)
        u                        : union dcerpc_payload(case 11)
        bind: struct dcerpc_bind
            max_xmit_frag            : 0x10b8 (4280)
            max_recv_frag            : 0x10b8 (4280)
            assoc_group_id           : 0x00000000 (0)
            num_contexts             : 0x01 (1)
            ctx_list: ARRAY(1)
                ctx_list: struct dcerpc_ctx_list
                    context_id               : 0x0000 (0)
                    num_transfer_syntaxes    : 0x01 (1)
                    abstract_syntax: struct ndr_syntax_id
                        uuid                     : 12345778-1234-abcd-ef00-0123456789ac
                        if_version               : 0x00000001 (1)
                    transfer_syntaxes: ARRAY(1)
                        transfer_syntaxes: struct ndr_syntax_id
                            uuid                     : 8a885d04-1ceb-11c9-9fe8-08002b104860
                            if_version               : 0x00000002 (2)
            auth_info                : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 52
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_BIND_ACK (12)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0044 (68)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000005 (5)
        u                        : union dcerpc_payload(case 12)
        bind_ack: struct dcerpc_bind_ack
            max_xmit_frag            : 0x10b8 (4280)
            max_recv_frag            : 0x10b8 (4280)
            assoc_group_id           : 0x0000310d (12557)
            secondary_address_size   : 0x000c (12)
            secondary_address        : '\pipe\lsass'
            _pad1                    : DATA_BLOB length=2
[0000] 00 00                                               ..
            num_results              : 0x01 (1)
            ctx_list: ARRAY(1)
                ctx_list: struct dcerpc_ack_ctx
                    result                   : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
                    reason                   : union dcerpc_bind_ack_reason(case 0)
                    value                    : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
                    syntax: struct ndr_syntax_id
                        uuid                     : 8a885d04-1ceb-11c9-9fe8-08002b104860
                        if_version               : 0x00000002 (2)
            auth_info                : DATA_BLOB length=0
rpc_api_pipe_got_pdu: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe samr to machine WIN-841PV4HEK0O.dc2022.test and bound anonymously.
     samr_Connect2: struct samr_Connect2
        in: struct samr_Connect2
            system_name              : *
                system_name              : 'WIN-841PV4HEK0O.dc2022.test'
            access_mask              : 0x00000030 (48)
                   0: SAMR_ACCESS_CONNECT_TO_SERVER
                   0: SAMR_ACCESS_SHUTDOWN_SERVER
                   0: SAMR_ACCESS_INITIALIZE_SERVER
                   0: SAMR_ACCESS_CREATE_DOMAIN
                   1: SAMR_ACCESS_ENUM_DOMAINS
                   1: SAMR_ACCESS_LOOKUP_DOMAIN
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000006 (6)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000004c (76)
            context_id               : 0x0000 (0)
            opnum                    : 0x0039 (57)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000006 (6)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 D7 6C F5 A3   4D E5 2E 40 81 6E F4 F7   .....l.. M..@.n..
[0010] 9F 53 65 95 00 00 00 00                             .Se.....
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     samr_Connect2: struct samr_Connect2
        out: struct samr_Connect2
            connect_handle           : *
                connect_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : a3f56cd7-e54d-402e-816e-f4f79f536595
            result                   : NT_STATUS_OK
     samr_OpenDomain: struct samr_OpenDomain
        in: struct samr_OpenDomain
            connect_handle           : *
                connect_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : a3f56cd7-e54d-402e-816e-f4f79f536595
            access_mask              : 0x00000211 (529)
                   1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
                   0: SAMR_DOMAIN_ACCESS_SET_INFO_1
                   0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
                   0: SAMR_DOMAIN_ACCESS_SET_INFO_2
                   1: SAMR_DOMAIN_ACCESS_CREATE_USER
                   0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
                   0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
                   0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
                   0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
                   1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
                   0: SAMR_DOMAIN_ACCESS_SET_INFO_3
            sid                      : *
                sid                      : S-1-5-21-2898537216-3988932908-2706489507
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000007 (7)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000034 (52)
            context_id               : 0x0000 (0)
            opnum                    : 0x0007 (7)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000007 (7)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 E8 AF 02 34   6E 67 4F 44 A4 14 F0 5A   .......4 ngOD...Z
[0010] C9 9F D4 F6 00 00 00 00                             ........
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     samr_OpenDomain: struct samr_OpenDomain
        out: struct samr_OpenDomain
            domain_handle            : *
                domain_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 3402afe8-676e-444f-a414-f05ac99fd4f6
            result                   : NT_STATUS_OK
Creating account with desired access mask: -536543056
     samr_CreateUser2: struct samr_CreateUser2
        in: struct samr_CreateUser2
            domain_handle            : *
                domain_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 3402afe8-676e-444f-a414-f05ac99fd4f6
            account_name             : *
                account_name: struct lsa_String
                    length                   : 0x0018 (24)
                    size                     : 0x0018 (24)
                    string                   : *
                        string                   : 'oak-vcs1307$'
            acct_flags               : 0x00000080 (128)
                   0: ACB_DISABLED
                   0: ACB_HOMDIRREQ
                   0: ACB_PWNOTREQ
                   0: ACB_TEMPDUP
                   0: ACB_NORMAL
                   0: ACB_MNS
                   0: ACB_DOMTRUST
                   1: ACB_WSTRUST
                   0: ACB_SVRTRUST
                   0: ACB_PWNOEXP
                   0: ACB_AUTOLOCK
                   0: ACB_ENC_TXT_PWD_ALLOWED
                   0: ACB_SMARTCARD_REQUIRED
                   0: ACB_TRUSTED_FOR_DELEGATION
                   0: ACB_NOT_DELEGATED
                   0: ACB_USE_DES_KEY_ONLY
                   0: ACB_DONT_REQUIRE_PREAUTH
                   0: ACB_PW_EXPIRED
                   0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
                   0: ACB_NO_AUTH_DATA_REQD
                   0: ACB_PARTIAL_SECRETS_ACCOUNT
                   0: ACB_USE_AES_KEYS
            access_mask              : 0xe00500b0 (3758424240)
                   0: SAMR_USER_ACCESS_GET_NAME_ETC
                   0: SAMR_USER_ACCESS_GET_LOCALE
                   0: SAMR_USER_ACCESS_SET_LOC_COM
                   0: SAMR_USER_ACCESS_GET_LOGONINFO
                   1: SAMR_USER_ACCESS_GET_ATTRIBUTES
                   1: SAMR_USER_ACCESS_SET_ATTRIBUTES
                   0: SAMR_USER_ACCESS_CHANGE_PASSWORD
                   1: SAMR_USER_ACCESS_SET_PASSWORD
                   0: SAMR_USER_ACCESS_GET_GROUPS
                   0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
                   0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000008 (8)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000048 (72)
            context_id               : 0x0000 (0)
            opnum                    : 0x0032 (50)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 40
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0038 (56)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000008 (8)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000020 (32)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=32
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0010] 00 00 00 00 00 00 00 00   00 00 00 00 63 00 00 C0   ........ ....c...
Got pdu len 56, data_len 32
rpc_api_pipe_got_pdu: got frag len of 56 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 32 bytes.
     samr_CreateUser2: struct samr_CreateUser2
        out: struct samr_CreateUser2
            user_handle              : *
                user_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 00000000-0000-0000-0000-000000000000
            access_granted           : *
                access_granted           : 0x00000000 (0)
            rid                      : *
                rid                      : 0x00000000 (0)
            result                   : NT_STATUS_USER_EXISTS
     samr_LookupNames: struct samr_LookupNames
        in: struct samr_LookupNames
            domain_handle            : *
                domain_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 3402afe8-676e-444f-a414-f05ac99fd4f6
            num_names                : 0x00000001 (1)
            names: ARRAY(1)
                names: struct lsa_String
                    length                   : 0x0018 (24)
                    size                     : 0x0018 (24)
                    string                   : *
                        string                   : 'oak-vcs1307$'
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000009 (9)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000050 (80)
            context_id               : 0x0000 (0)
            opnum                    : 0x0011 (17)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 44
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x003c (60)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000009 (9)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000024 (36)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=36
[0000] 01 00 00 00 00 00 02 00   01 00 00 00 59 04 00 00   ........ ....Y...
[0010] 01 00 00 00 04 00 02 00   01 00 00 00 01 00 00 00   ........ ........
[0020] 00 00 00 00                                         ....
Got pdu len 60, data_len 36
rpc_api_pipe_got_pdu: got frag len of 60 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 36 bytes.
     samr_LookupNames: struct samr_LookupNames
        out: struct samr_LookupNames
            rids                     : *
                rids: struct samr_Ids
                    count                    : 0x00000001 (1)
                    ids                      : *
                        ids: ARRAY(1)
                            ids                      : 0x00000459 (1113)
            types                    : *
                types: struct samr_Ids
                    count                    : 0x00000001 (1)
                    ids                      : *
                        ids: ARRAY(1)
                            ids                      : 0x00000001 (1)
            result                   : NT_STATUS_OK
     samr_OpenUser: struct samr_OpenUser
        in: struct samr_OpenUser
            domain_handle            : *
                domain_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 3402afe8-676e-444f-a414-f05ac99fd4f6
            access_mask              : 0x02000000 (33554432)
                   0: SAMR_USER_ACCESS_GET_NAME_ETC
                   0: SAMR_USER_ACCESS_GET_LOCALE
                   0: SAMR_USER_ACCESS_SET_LOC_COM
                   0: SAMR_USER_ACCESS_GET_LOGONINFO
                   0: SAMR_USER_ACCESS_GET_ATTRIBUTES
                   0: SAMR_USER_ACCESS_SET_ATTRIBUTES
                   0: SAMR_USER_ACCESS_CHANGE_PASSWORD
                   0: SAMR_USER_ACCESS_SET_PASSWORD
                   0: SAMR_USER_ACCESS_GET_GROUPS
                   0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
                   0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
            rid                      : 0x00000459 (1113)
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000a (10)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000001c (28)
            context_id               : 0x0000 (0)
            opnum                    : 0x0022 (34)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000a (10)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 53 71 BA C4   B1 EB D5 4D BA D5 73 8B   ....Sq.. ...M..s.
[0010] DB 6E 62 7A 00 00 00 00                             .nbz....
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     samr_OpenUser: struct samr_OpenUser
        out: struct samr_OpenUser
            user_handle              : *
                user_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a
            result                   : NT_STATUS_OK
     samr_SetUserInfo2: struct samr_SetUserInfo2
        in: struct samr_SetUserInfo2
            user_handle              : *
                user_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a
            level                    : UserControlInformation (16)
            info                     : *
                info                     : union samr_UserInfo(case 16)
                info16: struct samr_UserInfo16
                    acct_flags               : 0x00000280 (640)
                           0: ACB_DISABLED
                           0: ACB_HOMDIRREQ
                           0: ACB_PWNOTREQ
                           0: ACB_TEMPDUP
                           0: ACB_NORMAL
                           0: ACB_MNS
                           0: ACB_DOMTRUST
                           1: ACB_WSTRUST
                           0: ACB_SVRTRUST
                           1: ACB_PWNOEXP
                           0: ACB_AUTOLOCK
                           0: ACB_ENC_TXT_PWD_ALLOWED
                           0: ACB_SMARTCARD_REQUIRED
                           0: ACB_TRUSTED_FOR_DELEGATION
                           0: ACB_NOT_DELEGATED
                           0: ACB_USE_DES_KEY_ONLY
                           0: ACB_DONT_REQUIRE_PREAUTH
                           0: ACB_PW_EXPIRED
                           0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
                           0: ACB_NO_AUTH_DATA_REQD
                           0: ACB_PARTIAL_SECRETS_ACCOUNT
                           0: ACB_USE_AES_KEYS
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000b (11)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000001c (28)
            context_id               : 0x0000 (0)
            opnum                    : 0x003a (58)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 12
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x001c (28)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000b (11)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000004 (4)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=4
[0000] 00 00 00 00                                         ....
Got pdu len 28, data_len 4
rpc_api_pipe_got_pdu: got frag len of 28 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 4 bytes.
     samr_SetUserInfo2: struct samr_SetUserInfo2
        out: struct samr_SetUserInfo2
            result                   : NT_STATUS_OK
     samr_SetUserInfo2: struct samr_SetUserInfo2
        in: struct samr_SetUserInfo2
            user_handle              : *
                user_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a
            level                    : UserInternal5InformationNew (26)
            info                     : *
                info                     : union samr_UserInfo(case 26)
                info26: struct samr_UserInfo26
                    password: struct samr_CryptPasswordEx
                        data: ARRAY(532)
[0000] 76 F6 AC CC DA 4B 9E 57   24 3A C3 14 AB 80 24 C7   v....K.W $:....$.
[0010] 5C BA 96 98 00 5F D6 B8   F3 DF 53 2E 2F 53 50 0B   \...._.. ..S./SP.
[0020] A8 F3 02 73 BA 11 15 0D   11 23 6D EC 55 4B DD 08   ...s.... .#m.UK..
[0030] B2 4E 97 03 2D 2E 21 A5   58 60 0C 29 79 05 80 CB   .N..-.!. X`.)y...
[0040] 1C DA 35 7E 7F 5E 86 14   2F E8 94 24 35 01 A8 13   ..5~.^.. /..$5...
[0050] C6 18 9E ED D6 46 10 B3   ED F6 D9 00 12 DE F5 0E   .....F.. ........
[0060] 1D 44 86 AB E8 87 7D 99   26 31 FF 08 F6 9E 38 F9   .D....}. &1....8.
[0070] 72 24 8F 30 4F 97 A3 B7   F2 7B 0F 96 84 60 37 80   r$.0O... .{...`7.
[0080] 90 C8 E6 D3 C2 AF B1 E1   A6 44 B0 55 A3 D8 28 18   ........ .D.U..(.
[0090] 85 7D 49 5E 7E BB FC C5   B7 75 FB FE 38 24 60 E4   .}I^~... .u..8$`.
[00A0] 6E B1 12 9D C1 29 38 E4   15 3C 68 79 1C 6B 05 03   n....)8. .<hy.k..
[00B0] 07 EA 9C E3 4E EF 49 2D   53 2F 98 CA 89 1E 51 8A   ....N.I- S/....Q.
[00C0] 4C 33 FE EC A7 B7 A6 6D   7A 29 28 04 F4 B4 14 43   L3.....m z)(....C
[00D0] E3 31 AD 9A 5C A7 0B 62   28 53 45 CC 49 DC 02 25   .1..\..b (SE.I..%
[00E0] 73 5E 8C 22 8D D7 3A 1B   9D A1 86 CE 64 62 E7 37   s^."..:. ....db.7
[00F0] 8F 89 74 5C EF C9 98 75   A5 14 D1 4E A7 D7 FA 3B   ..t\...u ...N...;
[0100] 66 51 6F 35 B8 5A 66 36   17 56 88 6A AE E6 EA 92   fQo5.Zf6 .V.j....
[0110] CF 38 FE 53 24 45 E7 70   9D 84 61 AA 4E EF 47 88   .8.S$E.p ..a.N.G.
[0120] 3C DC 80 6B 8E 36 28 36   04 92 AE BF A9 40 63 DC   <..k.6(6 .....@c.
[0130] 8F 21 5F DB 43 13 69 0D   B9 75 59 09 92 DD DC 22   .!_.C.i. .uY...."
[0140] 4A 13 F3 BF 32 CD B6 70   D7 F1 2E A7 16 ED 1B 62   J...2..p .......b
[0150] B1 FE E0 B2 E6 5A 6F 7A   10 B0 E7 51 A4 9A D8 C2   .....Zoz ...Q....
[0160] 6E 4C C0 A5 44 1B AF 4C   39 D8 B6 11 AB 3F 86 DB   nL..D..L 9....?..
[0170] 08 16 5D DA 38 97 A1 0F   62 63 3E D1 E6 B5 A8 AB   ..].8... bc>.....
[0180] 0C CC 75 1B AA 65 69 FF   E2 84 37 A6 69 24 71 96   ..u..ei. ..7.i$q.
[0190] 4C 15 76 45 3B 3A A5 65   72 CB B9 88 A9 B2 CF D6   L.vE;:.e r.......
[01A0] 62 2B 44 E2 4F E4 4A 92   2E 02 5D CC D0 B0 F7 C5   b+D.O.J. ..].....
[01B0] 9D 06 AE 29 6D 2C 22 BC   D8 D9 0F BB FC 34 F3 43   ...)m,". .....4.C
[01C0] 8C E9 3B 9B 2D 95 D6 F3   77 8B 0D FC DE F1 44 C8   ..;.-... w.....D.
[01D0] 71 FF 1D 08 EE 67 E8 50   3E 2B A9 EA 61 9A D0 F9   q....g.P >+..a...
[01E0] 10 3F 54 1D 7C 95 53 71   31 06 B8 FF C5 2B 70 FB   .?T.|.Sq 1....+p.
[01F0] C4 E2 45 9F 41 9F 00 6F   02 75 C0 F1 89 05 AD C2   ..E.A..o .u......
[0200] 26 0D AC A5 A8 72 8A BE   83 A4 D8 76 04 11 72 94   &....r.. ...v..r.
[0210] 6C 88 C7 90                                         l...
                    password_expired         : 0x00 (0)
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000c (12)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000022d (557)
            context_id               : 0x0000 (0)
            opnum                    : 0x003a (58)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 12
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x001c (28)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000c (12)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000004 (4)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=4
[0000] 00 00 00 00                                         ....
Got pdu len 28, data_len 4
rpc_api_pipe_got_pdu: got frag len of 28 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 4 bytes.
     samr_SetUserInfo2: struct samr_SetUserInfo2
        out: struct samr_SetUserInfo2
            result                   : NT_STATUS_OK
     samr_Close: struct samr_Close
        in: struct samr_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : a3f56cd7-e54d-402e-816e-f4f79f536595
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000d (13)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000014 (20)
            context_id               : 0x0000 (0)
            opnum                    : 0x0001 (1)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000d (13)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0010] 00 00 00 00 00 00 00 00                             ........
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     samr_Close: struct samr_Close
        out: struct samr_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 00000000-0000-0000-0000-000000000000
            result                   : NT_STATUS_OK
     samr_Close: struct samr_Close
        in: struct samr_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 3402afe8-676e-444f-a414-f05ac99fd4f6
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000e (14)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000014 (20)
            context_id               : 0x0000 (0)
            opnum                    : 0x0001 (1)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000e (14)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0010] 00 00 00 00 00 00 00 00                             ........
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     samr_Close: struct samr_Close
        out: struct samr_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 00000000-0000-0000-0000-000000000000
            result                   : NT_STATUS_OK
     samr_Close: struct samr_Close
        in: struct samr_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000f (15)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x00000014 (20)
            context_id               : 0x0000 (0)
            opnum                    : 0x0001 (1)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test
signed SMB2 message (sign_algo_id=2)
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST
               1: DCERPC_PFC_FLAG_LAST
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x0000000f (15)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
[0010] 00 00 00 00 00 00 00 00                             ........
Got pdu len 48, data_len 24
rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes.
     samr_Close: struct samr_Close
        out: struct samr_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 00000000-0000-0000-0000-000000000000
            result                   : NT_STATUS_OK
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            odj_provision_data       : NULL
            account_name             : 'OAK-VCS1307$'
            netbios_domain_name      : 'DC2022'
            dns_domain_name          : 'dc2022.test'
            forest_name              : 'dc2022.test'
            dn                       : NULL
            domain_guid              : 15a99073-0553-41da-9071-ff8270e0cf35
            domain_sid               : *
                domain_sid               : S-1-5-21-2898537216-3988932908-2706489507
            modified_config          : 0x00 (0)
            error_string             : 'Failed to set machine spn: Time limit exceeded
Do you have sufficient permissions to create machine accounts?'
            domain_is_ad             : 0x01 (1)
            set_encryption_types     : 0x00000000 (0)
            krb5_salt                : NULL
            dcinfo                   : *
                dcinfo: struct netr_DsRGetDCNameInfo
                    dc_unc                   : *
                        dc_unc                   : '\\WIN-841PV4HEK0O.dc2022.test'
                    dc_address               : *
                        dc_address               : '\\10.5.139.71'
                    dc_address_type          : DS_ADDRESS_TYPE_INET (1)
                    domain_guid              : 15a99073-0553-41da-9071-ff8270e0cf35
                    domain_name              : *
                        domain_name              : 'dc2022.test'
                    forest_name              : *
                        forest_name              : 'dc2022.test'
                    dc_flags                 : 0xe007f3fd (3758617597)
                           1: NBT_SERVER_PDC
                           1: NBT_SERVER_GC
                           1: NBT_SERVER_LDAP
                           1: NBT_SERVER_DS
                           1: NBT_SERVER_KDC
                           1: NBT_SERVER_TIMESERV
                           1: NBT_SERVER_CLOSEST
                           1: NBT_SERVER_WRITABLE
                           1: NBT_SERVER_GOOD_TIMESERV
                           0: NBT_SERVER_NDNC
                           0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
                           1: NBT_SERVER_FULL_SECRET_DOMAIN_6
                           1: NBT_SERVER_ADS_WEB_SERVICE
                           1: NBT_SERVER_DS_8
                           1: NBT_SERVER_DS_9
                           1: NBT_SERVER_DS_10
                           1: NBT_SERVER_HAS_DNS_NAME
                           1: NBT_SERVER_IS_DEFAULT_NC
                           1: NBT_SERVER_FOREST_ROOT
                    dc_site_name             : *
                        dc_site_name             : 'Default-First-Site-Name'
                    client_site_name         : *
                        client_site_name         : 'Default-First-Site-Name'
            account_rid              : 0x00000459 (1113)
            result                   : WERR_GEN_FAILURE
Failed to join domain: Failed to set machine spn: Time limit exceeded
Do you have sufficient permissions to create machine accounts?
return code = -1
msg_dgm_ref_destructor: refs=(nil)
root@oak-vcs1307:~# cat /etc/samba/smb.conf
   workgroup = DC2022
   realm = DC2022.TEST
   security = ads
   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config DC2022 : backend = rid
   idmap config DC2022 : range = 10000-999999
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
root@oak-vcs1307:~#
root@oak-vcs1307:~# net ads info
LDAP server: 10.5.139.71
LDAP server name: WIN-841PV4HEK0O.dc2022.test
Realm: DC2022.TEST
Bind Path: dc=DC2022,dc=TEST
LDAP port: 389
Server time: Fri, 13 Oct 2023 06:30:32 UTC
KDC server: 10.5.139.71
Server time offset: 6
Last machine account password change: Thu, 01 Jan 1970 00:00:00 UTC
root@oak-vcs1307:~# 
root@oak-vcs1307:~# net ads lookup
Information for Domain Controller: 10.5.139.71
 
Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: 15a99073-0553-41da-9071-ff8270e0cf35
Flags:
            Is a PDC:                                   yes
            Is a GC of the forest:                      yes
            Is an LDAP server:                          yes
            Supports DS:                                yes
            Is running a KDC:                           yes
            Is running time services:                   yes
            Is the closest DC:                          yes
            Is writable:                                yes
            Has a hardware clock:                       yes
            Is a non-domain NC serviced by LDAP server: no
            Is NT6 DC that has some secrets:            no
            Is NT6 DC that has all secrets:             yes
            Runs Active Directory Web Services:         yes
            Runs on Windows 2012 or later:              yes
            Runs on Windows 2012R2 or later:            yes
            Runs on Windows 2016 or later:              yes
            Has a DNS name:                             no
            Is a default NC:                            no
            Is the forest root:                         no
Forest: dc2022.test
Domain: dc2022.test
Domain Controller: WIN-841PV4HEK0O.dc2022.test
Pre-Win2k Domain: DC2022
Pre-Win2k Hostname: WIN-841PV4HEK0O
Server Site Name: Default-First-Site-Name
Client Site Name: Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
root@oak-vcs1307:~#