Contents of smb.conf: [global] workgroup = EXCHANGE netbios name = CRASHNBURN server string = Samba %v on %h security = DOMAIN encrypt passwords = Yes password server = * log level = 10 log file = /usr/local/logs/samba/sambalog.%m load printers = No local master = No wins server = 172.28.128.64, 172.28.128.50, 172.28.36.17 ldap ssl = no hosts allow = 172.28., 127., 192.168. # Winbind Configuration winbind use default domain = yes # use uids from 10000 to 20000 for domain users idmap uid = 15000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 15000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes [homes] comment = User home directories username = %S read only = No browseable = No [local] comment = Local on %h path = /local valid users = +exchange\samba-crashnburn-local-M create mask = 0770 force create mode = 0660 directory mask = 0770 read only = No force group = itcs Debugging: crashnburn# /local/samba/bin/net rpc join --debuglevel=10 -U mpiazzes -S arctic.sewl.com.au [2008/08/20 10:02:24, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2008/08/20 10:02:24, 3] param/loadparm.c:lp_load(5055) lp_load: refreshing parameters [2008/08/20 10:02:24, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2008/08/20 10:02:24, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [2008/08/20 10:02:24, 3] param/loadparm.c:do_section(3794) Processing section "[global]" doing parameter workgroup = EXCHANGE doing parameter netbios name = CRASHNBURN [2008/08/20 10:02:24, 4] param/loadparm.c:handle_netbios_name(3144) handle_netbios_name: set global_myname to: CRASHNBURN doing parameter server string = Samba %v on %h doing parameter security = DOMAIN doing parameter encrypt passwords = Yes doing parameter password server = * doing parameter log level = 10 doing parameter log file = /usr/local/logs/samba/sambalog.%m doing parameter load printers = No doing parameter local master = No doing parameter wins server = 172.28.128.64, 172.28.128.50, 172.28.36.17 doing parameter ldap ssl = no doing parameter hosts allow = 172.28., 127., 192.168. doing parameter winbind use default domain = yes doing parameter idmap uid = 15000-20000 doing parameter idmap gid = 15000-20000 doing parameter winbind enum users = yes doing parameter winbind enum groups = yes [2008/08/20 10:02:24, 4] param/loadparm.c:lp_load(5086) pm_process() returned Yes [2008/08/20 10:02:24, 7] param/loadparm.c:lp_servicenumber(5224) lp_servicenumber: couldn't find homes [2008/08/20 10:02:24, 10] param/loadparm.c:set_server_role(4330) set_server_role: role = ROLE_DOMAIN_MEMBER [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2008/08/20 10:02:24, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(108) Probing module 'ISO8859-1' [2008/08/20 10:02:24, 5] lib/module.c:smb_probe_module(119) Probing module 'ISO8859-1': Trying to load from /usr/local/samba/lib/charset/ISO8859-1.so [2008/08/20 10:02:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: net: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory [2008/08/20 10:02:24, 5] lib/charcnv.c:charset_name(79) Locale charset 'ISO8859-1' unsupported, using ASCII instead [2008/08/20 10:02:24, 5] lib/util.c:init_names(287) Netbios name list:- my_netbios_names[0]="CRASHNBURN" [2008/08/20 10:02:24, 2] lib/interface.c:add_interface(81) added interface ip=172.28.128.144 bcast=172.28.143.255 nmask=255.255.240.0 [2008/08/20 10:02:24, 5] lib/gencache.c:gencache_init(61) Opening cache file at /usr/local/samba/lib/locks/gencache.tdb [2008/08/20 10:02:24, 10] lib/gencache.c:gencache_get(212) Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found [2008/08/20 10:02:24, 5] libads/dns.c:sitename_fetch(706) sitename_fetch: No stored sitename for [2008/08/20 10:02:24, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up arctic.sewl.com.au#20 (sitename (NULL)) [2008/08/20 10:02:24, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/ARCTIC.SEWL.COM.AU#20, value = 172.28.128.64:0, timeout = Wed Aug 20 10:10:24 2008 [2008/08/20 10:02:24, 5] libsmb/namecache.c:namecache_fetch(214) name arctic.sewl.com.au#20 found. [2008/08/20 10:02:24, 3] libsmb/cliconnect.c:cli_start_connection(1563) Connecting to host=arctic.sewl.com.au [2008/08/20 10:02:24, 3] lib/util_sock.c:open_socket_out(866) Connecting to 172.28.128.64 at port 445 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 49152 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 49640 [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDLOWAT. [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVLOWAT. [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_SNDTIMEO. [2008/08/20 10:02:24, 5] lib/util_sock.c:print_socket_options(204) Could not test socket option SO_RCVTIMEO. [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,194) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,194) wrote 194 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 176 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=176 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=14518 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=29538 (0x7362) smb_vwv[13]=22534 (0x5806) smb_vwv[14]=51458 (0xC902) smb_vwv[15]=43009 (0xA801) smb_vwv[16]= 253 (0xFD) smb_bcc=107 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 09 66 59 BB 60 32 46 A4 61 43 81 45 FF 38 08 ..fY»`2F .aC.Eÿ8. [010] 60 59 06 06 2B 06 01 05 05 02 A0 4F 30 4D A0 30 `Y..+... .. O0M 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 19 30 17 A0 15 1B 13 61 72 63 74 69 63 24 40 ..0. ... arctic$@ [060] 53 45 57 4C 2E 43 4F 4D 2E 41 55 SEWL.COM .AU [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=176 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=14518 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=29538 (0x7362) smb_vwv[13]=22534 (0x5806) smb_vwv[14]=51458 (0xC902) smb_vwv[15]=43009 (0xA801) smb_vwv[16]= 253 (0xFD) smb_bcc=107 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 09 66 59 BB 60 32 46 A4 61 43 81 45 FF 38 08 ..fY»`2F .aC.Eÿ8. [010] 60 59 06 06 2B 06 01 05 05 02 A0 4F 30 4D A0 30 `Y..+... .. O0M 0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 19 30 17 A0 15 1B 13 61 72 63 74 69 63 24 40 ..0. ... arctic$@ [060] 53 45 57 4C 2E 43 4F 4D 2E 41 55 SEWL.COM .AU [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,92) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,92) wrote 92 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 199 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=199 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=14518 smb_uid=2051 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 199 (0xC7) smb_vwv[ 2]= 0 (0x0) smb_bcc=158 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 77 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 wW.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 52 00 32 00 20 00 33 .0.0.3. .R.2. .3 [030] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [040] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [050] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [060] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e [070] 00 72 00 20 00 32 00 30 00 30 00 33 00 20 00 52 .r. .2.0 .0.3. .R [080] 00 32 00 20 00 35 00 2E 00 32 00 00 00 45 00 58 .2. .5.. .2...E.X [090] 00 43 00 48 00 41 00 4E 00 47 00 45 00 00 .C.H.A.N .G.E.. [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=199 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=14518 smb_uid=2051 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 199 (0xC7) smb_vwv[ 2]= 0 (0x0) smb_bcc=158 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 77 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 wW.i.n.d .o.w.s. [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [020] 00 30 00 30 00 33 00 20 00 52 00 32 00 20 00 33 .0.0.3. .R.2. .3 [030] 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 .7.9.0. .S.e.r.v [040] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k [050] 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 00 6F . .2...W .i.n.d.o [060] 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 .w.s. .S .e.r.v.e [070] 00 72 00 20 00 32 00 30 00 30 00 33 00 20 00 52 .r. .2.0 .0.3. .R [080] 00 32 00 20 00 35 00 2E 00 32 00 00 00 45 00 58 .2. .5.. .2...E.X [090] 00 43 00 48 00 41 00 4E 00 47 00 45 00 00 .C.H.A.N .G.E.. [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,104) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,104) wrote 104 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 49 50 43 00 00 00 00 IPC.... [2008/08/20 10:02:24, 10] libsmb/clientgen.c:cli_init_creds(253) cli_init_creds: user domain [2008/08/20 10:02:24, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [EXCHANGE], server = [arctic.sewl.com.au], expire = [1219191444] [2008/08/20 10:02:24, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/EXCHANGE; value = arctic.sewl.com.au and timeout = Wed Aug 20 10:17:24 2008 (900 seconds ahead) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,104) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,104) wrote 104 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[4001]: \lsarpc auth_type 0, auth_level 0 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AB .4Wx.4«Í ï..#Eg.« [010] 00 00 00 00 .... [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345778 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 89 ab [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000000 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=87 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,158) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,158) wrote 158 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 A4 E1 85 00 0C 00 5C 50 49 50 45 ......á. ...\PIPE [020] 5C 6C 73 61 73 73 00 AF EF 01 00 00 00 00 00 00 \lsass.. ï....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 A4 E1 85 00 0C 00 5C 50 49 50 45 ......á. ...\PIPE [020] 5C 6C 73 61 73 73 00 AF EF 01 00 00 00 00 00 00 \lsass.. ï....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 returned 68 bytes. [2008/08/20 10:02:24, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 bind request returned ok. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 0085e1a4 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine arctic.sewl.com.au and bound anonymously. [2008/08/20 10:02:24, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) init_open_pol: attr:0 da:33554432 [2008/08/20 10:02:24, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 system_name: 005c [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 len : 00000018 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c ptr_root_dir: 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 ptr_obj_name: 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 attributes : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 ptr_sec_desc: 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c ptr_sec_qos : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 des_access: 02000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 003c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000024 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0006 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=75 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,146) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,146) wrote 146 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 91 50 5B ........ ......P[ [020] D1 33 FE DF 43 BA B5 94 D4 5A AF D8 42 00 00 00 Ñ3þßCºµ. ÔZ.ØB... [030] 00 . [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 91 50 5B ........ ......P[ [020] D1 33 FE DF 43 BA B5 94 D4 5A AF D8 42 00 00 00 Ñ3þßCºµ. ÔZ.ØB... [030] 00 . [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 returned 48 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : d15b5091 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fe33 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 43df [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : ba b5 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 94 d4 5a af d8 42 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/08/20 10:02:24, 5] rpc_parse/parse_lsa.c:init_q_query(488) init_q_query [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : d15b5091 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fe33 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 43df [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : ba b5 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 94 d4 5a af d8 42 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 0005 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000016 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0007 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=61 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 91 50 5B D1 33 ........ ....P[Ñ3 [030] FE DF 43 BA B5 94 D4 5A AF D8 42 05 00 þßCºµ.ÔZ .ØB.. [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,132) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,132) wrote 132 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ [020] 00 10 00 12 00 04 00 02 00 08 00 02 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 45 00 58 00 43 00 48 ........ .E.X.C.H [040] 00 41 00 4E 00 47 00 45 00 04 00 00 00 01 04 00 .A.N.G.E ........ [050] 00 00 00 00 05 15 00 00 00 24 6E BD 6F 8B 76 4B ........ .$n.o.vK [060] 28 9F 73 B6 0B 00 00 00 00 (.s..... . [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ [020] 00 10 00 12 00 04 00 02 00 08 00 02 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 45 00 58 00 43 00 48 ........ .E.X.C.H [040] 00 41 00 4E 00 47 00 45 00 04 00 00 00 01 04 00 .A.N.G.E ........ [050] 00 00 00 00 05 15 00 00 00 24 6E BD 6F 8B 76 4B ........ .$n.o.vK [060] 28 9F 73 B6 0B 00 00 00 00 (.s..... . [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0068 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000050 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 104 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 returned 160 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 dom_ptr: 00020000 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 info_class: 0005 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 uni_dom_max_len: 0010 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a uni_dom_str_len: 0012 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c buffer_dom_name: 00020004 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 buffer_dom_sid : 00020008 [2008/08/20 10:02:24, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 uni_max_len: 00000009 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c uni_str_len: 00000008 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0020 buffer : E.X.C.H.A.N.G.E. [2008/08/20 10:02:24, 8] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 num_auths: 00000004 [2008/08/20 10:02:24, 9] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0034 sid_rev_num: 01 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0035 num_auths : 04 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0036 id_auth[0] : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0037 id_auth[1] : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0038 id_auth[2] : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0039 id_auth[3] : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[4] : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[5] : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32s(997) 003c sub_auths : 00000015 6fbd6e24 284b768b 0bb6739f [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 004c status: NT_STATUS_OK [2008/08/20 10:02:24, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2148) init_lsa_q_close [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : d15b5091 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : fe33 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 43df [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : ba b5 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 94 d4 5a af d8 42 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000014 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0000 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=59 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 91 50 5B D1 33 ........ ....P[Ñ3 [030] FE DF 43 BA B5 94 D4 5A AF D8 42 þßCºµ.ÔZ .ØB [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,130) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,130) wrote 130 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \lsarpc fnum 0x4001 returned 48 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 00 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 00 00 00 00 00 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,45) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,45) wrote 45 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=9 smt_wct=0 smb_bcc=0 [2008/08/20 10:02:24, 10] libsmb/clientgen.c:cli_rpc_pipe_close(394) cli_rpc_pipe_close: closed pipe \lsarpc to machine arctic.sewl.com.au [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,108) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,108) wrote 108 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[4002]: \NETLOGON auth_type 0, auth_level 0 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû [010] 00 00 00 01 .... [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` [010] 00 00 00 02 .... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345678 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 cf fb [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000001 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=87 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,158) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,158) wrote 158 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 A5 E1 85 00 0C 00 5C 50 49 50 45 ......á. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 A5 E1 85 00 0C 00 5C 50 49 50 45 ......á. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 returned 68 bytes. [2008/08/20 10:02:24, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 bind request returned ok. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 0085e1a5 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine arctic.sewl.com.au and bound anonymously. [2008/08/20 10:02:24, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from CRASHNBURN to \\arctic.sewl.com.au [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.a.r.c.t.i.c...s.e.w.l...c.o.m...a.u... [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003a smb_io_unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 003c uni_max_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 uni_str_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0048 buffer : C.R.A.S.H.N.B.U.R.N... [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00005e smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 005e data: 14 f9 ad b5 c4 3e bb b4 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 007e [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000066 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0004 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=208 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 126 (0x7E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 126 (0x7E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=141 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 7E 00 00 00 06 00 00 00 66 .......~ .......f [020] 00 00 00 00 00 04 00 01 00 00 00 15 00 00 00 00 ........ ........ [030] 00 00 00 15 00 00 00 5C 00 5C 00 61 00 72 00 63 .......\ .\.a.r.c [040] 00 74 00 69 00 63 00 2E 00 73 00 65 00 77 00 6C .t.i.c.. .s.e.w.l [050] 00 2E 00 63 00 6F 00 6D 00 2E 00 61 00 75 00 00 ...c.o.m ...a.u.. [060] 00 00 00 0B 00 00 00 00 00 00 00 0B 00 00 00 43 ........ .......C [070] 00 52 00 41 00 53 00 48 00 4E 00 42 00 55 00 52 .R.A.S.H .N.B.U.R [080] 00 4E 00 00 00 14 F9 AD B5 C4 3E BB B4 .N....ù. µÄ>». [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,212) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,212) wrote 212 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 06 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 C6 42 E5 FE 51 B6 27 ........ .ÆBåþQ.' [020] FA 00 00 00 00 ú.... [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 06 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 C6 42 E5 FE 51 B6 27 ........ .ÆBåþQ.' [020] FA 00 00 00 00 ú.... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0024 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 36 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 returned 24 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: c6 42 e5 fe 51 b6 27 fa [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0008 status: NT_STATUS_OK [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: neg_flags : 600fffff [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(289) creds_client_init: client chal : 14F9ADB5C43EBBB4 [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(290) creds_client_init: server chal : C642E5FE51B627FA [2008/08/20 10:02:24, 5] libsmb/credentials.c:creds_init_128(69) creds_init_128 [2008/08/20 10:02:24, 5] libsmb/credentials.c:creds_init_128(70) clnt_chal_in: 14F9ADB5C43EBBB4 [2008/08/20 10:02:24, 5] libsmb/credentials.c:creds_init_128(71) srv_chal_in : C642E5FE51B627FA [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: clnt : E5B0FEDF54479804 [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(309) creds_client_init: server : A9D740C9E7CF2B75 [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(310) creds_client_init: seed : E5B0FEDF54479804 [2008/08/20 10:02:24, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) cli_net_auth2: srv:\\arctic.sewl.com.au acct:CRASHNBURN$ sc:2 mc: CRASHNBURN neg: 600fffff [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2008/08/20 10:02:24, 5] rpc_parse/parse_misc.c:init_log_info(1450) make_log_info 1450 [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.a.r.c.t.i.c...s.e.w.l...c.o.m...a.u... [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003a smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 003c uni_max_len: 0000000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 uni_str_len: 0000000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0048 buffer : C.R.A.S.H.N.B.U.R.N.$... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0060 sec_chan: 0002 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000062 smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0064 uni_max_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0068 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 006c uni_str_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0070 buffer : C.R.A.S.H.N.B.U.R.N... [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000086 smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0086 data: e5 b0 fe df 54 47 98 04 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00008e net_io_neg_flags [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0090 neg_flags: 600fffff [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 00ac [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000094 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 000f [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=254 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 172 (0xAC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 172 (0xAC) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=187 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 AC 00 00 00 07 00 00 00 94 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 15 00 00 00 00 ........ ........ [030] 00 00 00 15 00 00 00 5C 00 5C 00 61 00 72 00 63 .......\ .\.a.r.c [040] 00 74 00 69 00 63 00 2E 00 73 00 65 00 77 00 6C .t.i.c.. .s.e.w.l [050] 00 2E 00 63 00 6F 00 6D 00 2E 00 61 00 75 00 00 ...c.o.m ...a.u.. [060] 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 00 43 ........ .......C [070] 00 52 00 41 00 53 00 48 00 4E 00 42 00 55 00 52 .R.A.S.H .N.B.U.R [080] 00 4E 00 24 00 00 00 02 00 00 00 0B 00 00 00 00 .N.$.... ........ [090] 00 00 00 0B 00 00 00 43 00 52 00 41 00 53 00 48 .......C .R.A.S.H [0A0] 00 4E 00 42 00 55 00 52 00 4E 00 00 00 E5 B0 FE .N.B.U.R .N...å.þ [0B0] DF 54 47 98 04 00 00 FF FF 0F 60 ßTG....ÿ ÿ.` [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,258) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,258) wrote 258 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 07 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 FF FF 0F 60 22 00 00 C0 .ÿÿ.`".. À [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 07 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 FF FF 0F 60 22 00 00 C0 .ÿÿ.`".. À [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0028 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000010 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 40 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 returned 32 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: 00 00 00 00 00 00 00 00 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 neg_flags: 600fffff [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 000c status: NT_STATUS_ACCESS_DENIED [2008/08/20 10:02:24, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) cli_net_req_chal: LSA Request Challenge from CRASHNBURN to \\arctic.sewl.com.au [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.a.r.c.t.i.c...s.e.w.l...c.o.m...a.u... [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003a smb_io_unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 003c uni_max_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 uni_str_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0048 buffer : C.R.A.S.H.N.B.U.R.N... [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00005e smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 005e data: b8 7d 27 73 cb c1 42 d3 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 007e [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000008 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000066 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0004 [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=208 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 126 (0x7E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 126 (0x7E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=141 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 7E 00 00 00 08 00 00 00 66 .......~ .......f [020] 00 00 00 00 00 04 00 01 00 00 00 15 00 00 00 00 ........ ........ [030] 00 00 00 15 00 00 00 5C 00 5C 00 61 00 72 00 63 .......\ .\.a.r.c [040] 00 74 00 69 00 63 00 2E 00 73 00 65 00 77 00 6C .t.i.c.. .s.e.w.l [050] 00 2E 00 63 00 6F 00 6D 00 2E 00 61 00 75 00 00 ...c.o.m ...a.u.. [060] 00 00 00 0B 00 00 00 00 00 00 00 0B 00 00 00 43 ........ .......C [070] 00 52 00 41 00 53 00 48 00 4E 00 42 00 55 00 52 .R.A.S.H .N.B.U.R [080] 00 4E 00 00 00 B8 7D 27 73 CB C1 42 D3 .N....}' sËÁBÓ [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,212) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,212) wrote 212 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 08 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 F6 5F 05 11 91 95 D0 ........ .ö_....Ð [020] 38 00 00 00 00 8.... [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 08 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 F6 5F 05 11 91 95 D0 ........ .ö_....Ð [020] 38 00 00 00 00 8.... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0024 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000008 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 36 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 returned 24 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: f6 5f 05 11 91 95 d0 38 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0008 status: NT_STATUS_OK [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: neg_flags : 600fffff [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(289) creds_client_init: client chal : B87D2773CBC142D3 [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(290) creds_client_init: server chal : F65F05119195D038 [2008/08/20 10:02:24, 5] libsmb/credentials.c:creds_init_128(69) creds_init_128 [2008/08/20 10:02:24, 5] libsmb/credentials.c:creds_init_128(70) clnt_chal_in: B87D2773CBC142D3 [2008/08/20 10:02:24, 5] libsmb/credentials.c:creds_init_128(71) srv_chal_in : F65F05119195D038 [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: clnt : 6D55C355300C5F4D [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(309) creds_client_init: server : CA5CB3A9DC31756F [2008/08/20 10:02:24, 10] libsmb/credentials.c:creds_client_init(310) creds_client_init: seed : 6D55C355300C5F4D [2008/08/20 10:02:24, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) cli_net_auth2: srv:\\arctic.sewl.com.au acct:CRASHNBURN$ sc:2 mc: CRASHNBURN neg: 600fffff [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2008/08/20 10:02:24, 5] rpc_parse/parse_misc.c:init_log_info(1450) make_log_info 1450 [2008/08/20 10:02:24, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 undoc_buffer: 00000001 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000015 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.a.r.c.t.i.c...s.e.w.l...c.o.m...a.u... [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003a smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 003c uni_max_len: 0000000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 uni_str_len: 0000000c [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0048 buffer : C.R.A.S.H.N.B.U.R.N.$... [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0060 sec_chan: 0002 [2008/08/20 10:02:24, 7] rpc_parse/parse_prs.c:prs_debug(84) 000062 smb_io_unistr2 unistr2 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0064 uni_max_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0068 offset : 00000000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 006c uni_str_len: 0000000b [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0070 buffer : C.R.A.S.H.N.B.U.R.N... [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000086 smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0086 data: 6d 55 c3 55 30 0c 5f 4d [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 00008e net_io_neg_flags [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0090 neg_flags: 600fffff [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 00ac [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000009 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000094 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 000f [2008/08/20 10:02:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=254 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 172 (0xAC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 172 (0xAC) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16386 (0x4002) smb_bcc=187 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 AC 00 00 00 09 00 00 00 94 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 15 00 00 00 00 ........ ........ [030] 00 00 00 15 00 00 00 5C 00 5C 00 61 00 72 00 63 .......\ .\.a.r.c [040] 00 74 00 69 00 63 00 2E 00 73 00 65 00 77 00 6C .t.i.c.. .s.e.w.l [050] 00 2E 00 63 00 6F 00 6D 00 2E 00 61 00 75 00 00 ...c.o.m ...a.u.. [060] 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 00 43 ........ .......C [070] 00 52 00 41 00 53 00 48 00 4E 00 42 00 55 00 52 .R.A.S.H .N.B.U.R [080] 00 4E 00 24 00 00 00 02 00 00 00 0B 00 00 00 00 .N.$.... ........ [090] 00 00 00 0B 00 00 00 43 00 52 00 41 00 53 00 48 .......C .R.A.S.H [0A0] 00 4E 00 42 00 55 00 52 00 4E 00 00 00 6D 55 C3 .N.B.U.R .N...mUà [0B0] 55 30 0C 5F 4D 00 00 FF FF 0F 60 U0._M..ÿ ÿ.` [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,258) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,258) wrote 258 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 09 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 FF FF 0F 60 22 00 00 C0 .ÿÿ.`".. À [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/08/20 10:02:24, 10] lib/util.c:dump_data(2264) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 09 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 FF FF 0F 60 22 00 00 C0 .ÿÿ.`".. À [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0028 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000009 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000010 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 40 at offset 0 [2008/08/20 10:02:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine arctic.sewl.com.au pipe \NETLOGON fnum 0x4002 returned 32 bytes. [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0000 data: 00 00 00 00 00 00 00 00 [2008/08/20 10:02:24, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 neg_flags: 600fffff [2008/08/20 10:02:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 000c status: NT_STATUS_ACCESS_DENIED [2008/08/20 10:02:24, 3] libsmb/trusts_util.c:just_change_the_password(57) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2008/08/20 10:02:24, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (NT_STATUS_ACCESS_DENIED) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,45) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,45) wrote 45 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=16 smt_wct=0 smb_bcc=0 [2008/08/20 10:02:24, 10] libsmb/clientgen.c:cli_rpc_pipe_close(394) cli_rpc_pipe_close: closed pipe \NETLOGON to machine arctic.sewl.com.au [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(152) write_socket(4,39) [2008/08/20 10:02:24, 6] libsmb/clientgen.c:write_socket(155) write_socket(4,39) wrote 39 [2008/08/20 10:02:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/08/20 10:02:24, 5] lib/util.c:show_msg(484) [2008/08/20 10:02:24, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2051 smb_pid=14518 smb_uid=2051 smb_mid=17 smt_wct=0 smb_bcc=0 [2008/08/20 10:02:24, 10] lib/gencache.c:gencache_get(212) Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found [2008/08/20 10:02:24, 5] libads/dns.c:sitename_fetch(706) sitename_fetch: No stored sitename for [2008/08/20 10:02:24, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up arctic.sewl.com.au#20 (sitename (NULL)) [2008/08/20 10:02:24, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = NBT/ARCTIC.SEWL.COM.AU#20, value = 172.28.128.64:0, timeout = Wed Aug 20 10:10:24 2008 [2008/08/20 10:02:24, 5] libsmb/namecache.c:namecache_fetch(214) name arctic.sewl.com.au#20 found. Connection failed: NT_STATUS_UNSUCCESSFUL [2008/08/20 10:02:24, 2] utils/net.c:main(1075) return code = 1