[2008/12/09 16:14:17, 10] lib/events.c:get_timed_events_timeout(318) timed_events_timeout: 4/990901 [2008/12/09 16:14:17, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 47 [2008/12/09 16:14:17, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn INIT_CONNECTION [2008/12/09 16:14:17, 8] winbindd/winbindd_cm.c:connection_ok(1563) connection_ok: Connection to for domain AHUS has NULL cli! [2008/12/09 16:14:17, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS, value = bredde.ahus.no, timeout = Tue Dec 9 16:26:37 2008 [2008/12/09 16:14:17, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "AHUS" domain [2008/12/09 16:14:17, 10] winbindd/winbindd_cm.c:cm_open_connection(1398) cm_open_connection: saf_servername is 'bredde.ahus.no' for domain AHUS [2008/12/09 16:14:17, 10] winbindd/winbindd_cm.c:cm_open_connection(1430) cm_open_connection: dcname is 'bredde.ahus.no' for domain AHUS [2008/12/09 16:14:17, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:17, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:14:17, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:14:17, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 [2008/12/09 16:14:17, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 5] lib/charcnv.c:charset_name(82) Substituting charset 'UTF-8' for LOCALE [2008/12/09 16:14:17, 10] winbindd/winbindd_cm.c:cm_prepare_connection(753) cm_prepare_connection: connecting to DC bredde.ahus.no for domain AHUS [2008/12/09 16:14:17, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,194) [2008/12/09 16:14:17, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,194) wrote 194 [2008/12/09 16:14:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 172 [2008/12/09 16:14:17, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:17, 5] lib/util.c:show_msg(652) size=172 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4113 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=47232 (0xB880) smb_vwv[12]=57908 (0xE234) smb_vwv[13]= 4346 (0x10FA) smb_vwv[14]=51546 (0xC95A) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=103 [2008/12/09 16:14:17, 10] lib/util.c:dump_data(2223) [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ [060] 41 48 55 53 2E 4E 4F AHUS.NO [2008/12/09 16:14:17, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:17, 5] lib/util.c:show_msg(652) size=172 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4113 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=47232 (0xB880) smb_vwv[12]=57908 (0xE234) smb_vwv[13]= 4346 (0x10FA) smb_vwv[14]=51546 (0xC95A) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=103 [2008/12/09 16:14:17, 10] lib/util.c:dump_data(2223) [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ [060] 41 48 55 53 2E 4E 4F AHUS.NO [2008/12/09 16:14:17, 5] winbindd/winbindd_cm.c:cm_prepare_connection(831) connecting to bredde.ahus.no from LORDVADER with kerberos principal [LORDVADER$@AHUS.NO] and realm [AHUS.NO] [2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=103) [2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 48018 1 2 2 [2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 [2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 3 [2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 3 6 1 4 1 311 2 2 10 [2008/12/09 16:14:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got principal=bredde$@AHUS.NO [2008/12/09 16:14:17, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) kerberos_kinit_password: as LORDVADER$@AHUS.NO using [MEMORY:cliconnect] as ccache and config [(null)] [2008/12/09 16:14:18, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/12/09 16:14:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Wed, 10 Dec 2008 02:14:17 CET [2008/12/09 16:14:18, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:cliconnect) is valid until: (Wed, 10 Dec 2008 02:14:17 CET - 1228871657) [2008/12/09 16:14:18, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) Got KRB5 session key of length 16 [2008/12/09 16:14:18, 5] libsmb/smb_signing.c:set_smb_signing_real_common(140) Mandatory SMB signing enabled! [2008/12/09 16:14:18, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) SMB signing enabled! [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) cli_simple_set_signing: user_session_key [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 8D 20 7F 6F 62 A1 6D 70 0F 13 D8 93 DA DE B3 35 . .ob.mp .......5 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) cli_simple_set_signing: NULL response_data [2008/12/09 16:14:18, 10] libsmb/cliconnect.c:cli_session_setup_blob(578) cli_session_setup_blob: Remaining (0) sending (1138) current (1138) [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 60 A1 C0 50 FC 35 65 29 `..P.5e) [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 1 mid = 2 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,1224) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,1224) wrote 1224 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 197 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4113 smb_uid=30721 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 197 (0xC5) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=154 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 3D 57 00 69 00 6E ........ ..=W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 1 mid = 2 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 1 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 1: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 3A 99 FE EF 13 B7 AE F2 :....... [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4113 smb_uid=30721 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 197 (0xC5) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=154 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 3D 57 00 69 00 6E ........ ..=W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. [2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_init_creds(429) cli_init_creds: user LORDVADER$ domain AHUS [2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [AHUS], server = [bredde.ahus.no], expire = [1228836558] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS; value = bredde.ahus.no and timeout = Tue Dec 9 16:29:18 2008 (900 seconds ahead) [2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [AHUS.NO], server = [bredde.ahus.no], expire = [1228836558] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = bredde.ahus.no and timeout = Tue Dec 9 16:29:18 2008 (900 seconds ahead) [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 2 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] F3 43 77 42 C4 CF 27 BA .CwB..'. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 3 mid = 3 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,96) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,96) wrote 96 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 56 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 49 50 43 00 00 00 00 IPC.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 3 mid = 3 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 3 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 3: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 41 4F 65 27 D2 DB 62 23 AOe'..b# [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2859) set_global_winbindd_state_online: online requested. [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:set_global_winbindd_state_online(2862) set_global_winbindd_state_online: rejecting. [2008/12/09 16:14:18, 10] winbindd/winbindd_cm.c:set_domain_online(385) set_domain_online: called for domain AHUS [2008/12/09 16:14:18, 10] lib/events.c:timed_event_destructor(65) Destroying timed event 84cf3c8 "check_domain_online_handler" [2008/12/09 16:14:18, 10] winbindd/winbindd_cm.c:set_dc_type_and_flags(1917) set_dc_type_and_flags: setting up flags for primary domain [2008/12/09 16:14:18, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1765) set_dc_type_and_flags_connect: domain AHUS [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 6A 2B B6 D8 19 71 18 C7 j+...q.. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 5 mid = 4 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,104) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,104) wrote 104 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1792 (0x700) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 5 mid = 4 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 5 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 5: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] DE DC A9 A5 76 F5 3D 14 ....v.=. [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[c007]: \lsarpc auth_type 0, auth_level 0 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... [010] 00 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 3919286a [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : b10c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11d0 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9b a8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 00 c0 4f d9 2e f5 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49159 (0xC007) smb_bcc=87 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 6 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] DC EF B1 1D 74 3C 1F 9D ....t<.. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 7 mid = 5 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,158) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,158) wrote 158 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 124 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 B7 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 AC 1C 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 7 mid = 5 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 7 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 7: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] F2 70 64 A7 C5 05 37 5F .pd...7_ [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 B7 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 AC 1C 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 7 mid = 5 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 returned 68 bytes. [2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 bind request returned ok. [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261b7 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine bredde.ahus.no and bound anonymously. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001a [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000002 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0000 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49159 (0xC007) smb_bcc=41 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 8 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 39 2A B1 6B 3B 98 93 FF 9*.k;... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 9 mid = 6 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,112) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,112) wrote 112 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 208 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=208 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 152 (0x98) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=153 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 1A 05 00 02 03 10 00 00 00 98 00 00 00 02 00 00 ........ ........ [010] 00 80 00 00 00 00 00 00 00 00 00 02 00 01 00 45 ........ .......E [020] 5C 04 00 00 00 01 00 00 01 04 00 02 00 08 00 02 \....... ........ [030] 00 0C 00 02 00 2D F9 6D D3 8A 62 5E 43 BE DE 27 .....-.m ..b^C..' [040] CB 29 AA CD A1 05 00 00 00 00 00 00 00 05 00 00 .)...... ........ [050] 00 41 00 48 00 55 00 53 00 00 00 C3 4F 08 00 00 .A.H.U.S ....O... [060] 00 00 00 00 00 08 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s [070] 00 2E 00 6E 00 6F 00 00 00 08 00 00 00 00 00 00 ...n.o.. ........ [080] 00 08 00 00 00 61 00 68 00 75 00 73 00 2E 00 6E .....a.h .u.s...n [090] 00 6F 00 00 00 00 00 00 00 .o...... . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 9 mid = 6 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 9 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 9: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 7F 15 5E 8A 1A C5 7F 1E ..^..... [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=208 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 152 (0x98) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=153 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 1A 05 00 02 03 10 00 00 00 98 00 00 00 02 00 00 ........ ........ [010] 00 80 00 00 00 00 00 00 00 00 00 02 00 01 00 45 ........ .......E [020] 5C 04 00 00 00 01 00 00 01 04 00 02 00 08 00 02 \....... ........ [030] 00 0C 00 02 00 2D F9 6D D3 8A 62 5E 43 BE DE 27 .....-.m ..b^C..' [040] CB 29 AA CD A1 05 00 00 00 00 00 00 00 05 00 00 .)...... ........ [050] 00 41 00 48 00 55 00 53 00 00 00 C3 4F 08 00 00 .A.H.U.S ....O... [060] 00 00 00 00 00 08 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s [070] 00 2E 00 6E 00 6F 00 00 00 08 00 00 00 00 00 00 ...n.o.. ........ [080] 00 08 00 00 00 61 00 68 00 75 00 73 00 2E 00 6E .....a.h .u.s...n [090] 00 6F 00 00 00 00 00 00 00 .o...... . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 9 mid = 6 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0098 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000080 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 152, data_len 128, ss_len 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 152 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc007 returned 256 bytes. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_BACKUP_DC (4) flags : 0x01000001 (16777217) 1: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'AHUS' dns_domain : * dns_domain : 'ahus.no' forest : * forest : 'ahus.no' domain_guid : d36df92d-628a-435e-bede-27cb29aacda1 result : WERR_OK [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 10 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 77 09 12 8C 09 0A 83 F3 w....... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 11 mid = 7 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=7 smt_wct=0 smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 11 mid = 7 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 11 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 11: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 45 2D 61 A3 28 C7 D2 FD E-a.(... [2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) cli_rpc_pipe_close: closed pipe \lsarpc to machine bredde.ahus.no [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 12 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 65 56 28 DA 40 45 CD 2A eV(.@E.* [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 13 mid = 8 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,104) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,104) wrote 104 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2048 (0x800) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 13 mid = 8 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 13 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 13: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 50 12 43 26 B9 9E F5 70 P.C&...p [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[c008]: \lsarpc auth_type 0, auth_level 0 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49160 (0xC008) smb_bcc=87 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 14 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] B0 E5 14 DA 73 0B 2A A2 ....s.*. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 15 mid = 9 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,158) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,158) wrote 158 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 124 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... [010] 00 B8 10 B8 10 B8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 15 mid = 9 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 15 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 15: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 07 04 CA BD 28 CD 9F 3A ....(..: [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... [010] 00 B8 10 B8 10 B8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 15 mid = 9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 returned 68 bytes. [2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 bind request returned ok. [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261b8 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine bredde.ahus.no and bound anonymously. [2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000038 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002c [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49160 (0xC008) smb_bcc=95 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 38 .......P .......8 [020] 00 00 00 00 00 2C 00 00 00 02 00 01 00 00 00 00 .....,.. ........ [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ [050] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 16 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] B0 B3 F4 70 9F 4C 04 3E ...p.L.> [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 17 mid = 10 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,166) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,166) wrote 166 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 9E F8 AB ........ ........ [020] 04 8D 5C 79 4F B9 D1 60 09 76 B6 B0 C2 00 00 00 ..\yO..` .v...... [030] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 17 mid = 10 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 17 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 17: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] DF 35 A8 00 0F F3 1A 5F .5....._ [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 9E F8 AB ........ ........ [020] 04 8D 5C 79 4F B9 D1 60 09 76 B6 B0 C2 00 00 00 ..\yO..` .v...... [030] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 17 mid = 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 returned 48 bytes. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 04abf89e-5c8d-4f79-b9d1-600976b6b0c2 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 04abf89e-5c8d-4f79-b9d1-600976b6b0c2 level : LSA_POLICY_INFO_DNS (12) [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000016 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 002e [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49160 (0xC008) smb_bcc=61 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 9E F8 AB 04 8D ........ ........ [030] 5C 79 4F B9 D1 60 09 76 B6 B0 C2 0C 00 \yO..`.v ..... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 18 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 4F 54 44 67 D5 DC 85 D9 OTDg.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 19 mid = 11 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,132) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,132) wrote 132 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 240 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 2E 05 00 02 03 10 00 00 00 B8 00 00 00 05 00 00 ........ ........ [010] 00 A0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ [020] 00 08 00 0A 00 04 00 02 00 0E 00 10 00 08 00 02 ........ ........ [030] 00 0E 00 10 00 0C 00 02 00 2D F9 6D D3 8A 62 5E ........ .-.m..b^ [040] 43 BE DE 27 CB 29 AA CD A1 10 00 02 00 05 00 00 C..'.).. ........ [050] 00 00 00 00 00 04 00 00 00 41 00 48 00 55 00 53 ........ .A.H.U.S [060] 00 08 00 00 00 00 00 00 00 07 00 00 00 61 00 68 ........ .....a.h [070] 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 08 00 00 .u.s...n .o...... [080] 00 00 00 00 00 07 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s [090] 00 2E 00 6E 00 6F 00 00 00 04 00 00 00 01 04 00 ...n.o.. ........ [0A0] 00 00 00 00 05 15 00 00 00 A6 5F B8 2F A0 A6 2D ........ .._./..- [0B0] 48 17 EF 24 40 00 00 00 00 H..$@... . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 19 mid = 11 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 19 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 19: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 13 2A 74 6E 42 D8 9E 7B .*tnB..{ [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 184 (0xB8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=185 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 2E 05 00 02 03 10 00 00 00 B8 00 00 00 05 00 00 ........ ........ [010] 00 A0 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 ........ ........ [020] 00 08 00 0A 00 04 00 02 00 0E 00 10 00 08 00 02 ........ ........ [030] 00 0E 00 10 00 0C 00 02 00 2D F9 6D D3 8A 62 5E ........ .-.m..b^ [040] 43 BE DE 27 CB 29 AA CD A1 10 00 02 00 05 00 00 C..'.).. ........ [050] 00 00 00 00 00 04 00 00 00 41 00 48 00 55 00 53 ........ .A.H.U.S [060] 00 08 00 00 00 00 00 00 00 07 00 00 00 61 00 68 ........ .....a.h [070] 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 08 00 00 .u.s...n .o...... [080] 00 00 00 00 00 07 00 00 00 61 00 68 00 75 00 73 ........ .a.h.u.s [090] 00 2E 00 6E 00 6F 00 00 00 04 00 00 00 01 04 00 ...n.o.. ........ [0A0] 00 00 00 00 05 15 00 00 00 A6 5F B8 2F A0 A6 2D ........ .._./..- [0B0] 48 17 EF 24 40 00 00 00 00 H..$@... . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 19 mid = 11 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 000000a0 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 184, data_len 160, ss_len 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 184 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc008 returned 320 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x0008 (8) size : 0x000a (10) string : * string : 'AHUS' dns_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'ahus.no' dns_forest: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'ahus.no' domain_guid : d36df92d-628a-435e-bede-27cb29aacda1 sid : * sid : S-1-5-21-800612262-1210951328-1076162327 result : NT_STATUS_OK [2008/12/09 16:14:18, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1895) set_dc_type_and_flags_connect: domain AHUS is in native mode. [2008/12/09 16:14:18, 5] winbindd/winbindd_cm.c:set_dc_type_and_flags_connect(1898) set_dc_type_and_flags_connect: domain AHUS is running active directory. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 20 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 91 F6 4A 2A 73 F3 80 73 ..J*s..s [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 21 mid = 12 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=12 smt_wct=0 smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 21 mid = 12 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 21 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 21: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] A2 35 14 23 96 C9 21 A2 .5.#..!. [2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) cli_rpc_pipe_close: closed pipe \lsarpc to machine bredde.ahus.no [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 47 [2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn INIT_CONNECTION [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 19 [2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LIST_TRUSTDOM [2008/12/09 16:14:18, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) [ 4112]: list trusted domains [2008/12/09 16:14:18, 5] winbindd/winbindd_cache.c:get_cache(178) get_cache: Setting ADS methods for domain AHUS [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(405) fetch_cache_seqnum: invalid data size key [SEQNUM/AHUS] [2008/12/09 16:14:18, 3] winbindd/winbindd_ads.c:sequence_number(1120) ads: fetch sequence_number for AHUS [2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:ads_cached_connection(45) ads_cached_connection [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:14:18, 4] libsmb/namequery_dc.c:ads_dc_name(73) ads_dc_name: domain=AHUS [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:14:18, 6] libads/ldap.c:ads_find_dc(318) ads_find_dc: looking for realm 'ahus.no' [2008/12/09 16:14:18, 8] libsmb/namequery.c:get_sorted_dc_list(2093) get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 [2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:14:18, 5] libads/ldap.c:ads_try_connect(188) ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) r : union nbt_cldap_netlogon(case 6) logon5: struct nbt_cldap_netlogon_5 type : NETLOGON_RESPONSE_FROM_PDC2 (23) sbz : 0x0000 (0) server_type : 0x000001bc (444) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 0: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 forest : 'ahus.no' dns_domain : 'ahus.no' pdc_dns_name : 'bredde.ahus.no' domain : 'AHUS' pdc_name : 'BREDDE' user_name : '' server_site : 'SIAADM' client_site : 'SIAADM' nt_version : 0x00000005 (5) 1: NETLOGON_VERSION_1 0: NETLOGON_VERSION_5 1: NETLOGON_VERSION_5EX 0: NETLOGON_VERSION_5EX_WITH_IP 0: NETLOGON_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_VERSION_AVOID_NT4_EMUL 0: NETLOGON_VERSION_PDC 0: NETLOGON_VERSION_IP 0: NETLOGON_VERSION_LOCAL 0: NETLOGON_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647989 seconds ahead) [2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647989 seconds ahead) [2008/12/09 16:14:18, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 10.132.16.21 [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:14:18, 10] libads/ldap.c:ads_closest_dc(155) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2008/12/09 16:14:18, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(871) create_local_private_krb5_conf_for_domain: fname = /var/lock/samba/smb_krb5/krb5.conf.AHUS, realm = ahus.no, domain = AHUS [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 [2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 [2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename (null)) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:14:18, 10] libads/kerberos.c:get_kdc_ip_string(820) get_kdc_ip_string: Returning kdc = 10.132.16.21 [2008/12/09 16:14:18, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(946) create_local_private_krb5_conf_for_domain: wrote file /var/lock/samba/smb_krb5/krb5.conf.AHUS with realm AHUS.NO KDC list = kdc = 10.132.16.21 [2008/12/09 16:14:18, 4] libsmb/namequery_dc.c:ads_dc_name(143) ads_dc_name: using server='BREDDE.AHUS.NO' IP=10.132.16.21 [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:14:18, 6] libads/ldap.c:ads_find_dc(318) ads_find_dc: looking for realm 'ahus.no' [2008/12/09 16:14:18, 8] libsmb/namequery.c:get_sorted_dc_list(2093) get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:18 2008 [2008/12/09 16:14:18, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:14:18, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:14:18, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:14:18, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:14:18, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:22:37 2008 [2008/12/09 16:14:18, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:14:18, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:14:18, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:14:18, 5] libads/ldap.c:ads_try_connect(188) ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) r : union nbt_cldap_netlogon(case 6) logon5: struct nbt_cldap_netlogon_5 type : NETLOGON_RESPONSE_FROM_PDC2 (23) sbz : 0x0000 (0) server_type : 0x000001bc (444) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 0: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 forest : 'ahus.no' dns_domain : 'ahus.no' pdc_dns_name : 'bredde.ahus.no' domain : 'AHUS' pdc_name : 'BREDDE' user_name : '' server_site : 'SIAADM' client_site : 'SIAADM' nt_version : 0x00000005 (5) 1: NETLOGON_VERSION_1 0: NETLOGON_VERSION_5 1: NETLOGON_VERSION_5EX 0: NETLOGON_VERSION_5EX_WITH_IP 0: NETLOGON_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_VERSION_AVOID_NT4_EMUL 0: NETLOGON_VERSION_PDC 0: NETLOGON_VERSION_IP 0: NETLOGON_VERSION_LOCAL 0: NETLOGON_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647989 seconds ahead) [2008/12/09 16:14:18, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647989 seconds ahead) [2008/12/09 16:14:18, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 10.132.16.21 [2008/12/09 16:14:18, 10] libads/ldap.c:ldap_open_with_timeout(62) Opening connection to LDAP server 'bredde.ahus.no:389', timeout 15 seconds [2008/12/09 16:14:18, 10] libads/ldap.c:ldap_open_with_timeout(76) Connected to LDAP server 'bredde.ahus.no:389' [2008/12/09 16:14:18, 3] libads/ldap.c:ads_connect(480) Connected to LDAP server bredde.ahus.no [2008/12/09 16:14:18, 10] libads/ldap.c:ads_closest_dc(155) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [AHUS], server = [10.132.16.21], expire = [1228836558] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS; value = 10.132.16.21 and timeout = Tue Dec 9 16:29:18 2008 (900 seconds ahead) [2008/12/09 16:14:18, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [ahus.no], server = [10.132.16.21], expire = [1228836558] [2008/12/09 16:14:18, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = 10.132.16.21 and timeout = Tue Dec 9 16:29:18 2008 (900 seconds ahead) [2008/12/09 16:14:18, 4] libads/ldap.c:ads_current_time(2607) time offset is 75 seconds [2008/12/09 16:14:18, 4] libads/sasl.c:ads_sasl_bind(1112) Found SASL mechanism GSS-SPNEGO [2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/12/09 16:14:18, 3] libads/sasl.c:ads_sasl_spnego_bind(789) ads_sasl_spnego_bind: got server principal name = bredde$@AHUS.NO [2008/12/09 16:14:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(671) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2008/12/09 16:14:18, 10] libads/sasl.c:ads_sasl_spnego_bind(810) ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit [2008/12/09 16:14:18, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) kerberos_kinit_password: as LORDVADER$@AHUS.NO using [MEMORY:winbind_ccache] as ccache and config [/var/lock/samba/smb_krb5/krb5.conf.AHUS] [2008/12/09 16:14:18, 4] libsmb/clikrb5.c:ads_krb5_mk_req(688) ads_krb5_mk_req: Advancing clock by 75 seconds to cope with clock skew [2008/12/09 16:14:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Wed, 10 Dec 2008 02:15:33 CET [2008/12/09 16:14:18, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:winbind_ccache) is valid until: (Wed, 10 Dec 2008 02:15:33 CET - 1228871733) [2008/12/09 16:14:18, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) Got KRB5 session key of length 16 [2008/12/09 16:14:18, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for (objectclass=*) in <> gave 1 replies [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:store_cache_seqnum(456) store_cache_seqnum: success [AHUS][42827549 @ 1228835658] [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:trusted_domains(2106) trusted_domains: [Cached] - doing backend query for info for domain AHUS [2008/12/09 16:14:18, 3] winbindd/winbindd_ads.c:trusted_domains(1171) ads: trusted_domains [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 22 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 0B 57 7C 56 5F 5D 2C B7 .W|V_],. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 23 mid = 13 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,108) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,108) wrote 108 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=13 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2304 (0x900) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 23 mid = 13 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 23 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 23: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 83 A7 56 F4 B8 89 5C 07 ..V...\. [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[c009]: \NETLOGON auth_type 0, auth_level 0 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345678 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 cf fb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49161 (0xC009) smb_bcc=87 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 24 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 15 94 CF 77 A9 22 CC AA ...w.".. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 25 mid = 14 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,158) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,158) wrote 158 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 124 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... [010] 00 B8 10 B8 10 BB 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 25 mid = 14 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 25 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 25: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 26 16 BE A8 C9 01 77 C8 &.....w. [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... [010] 00 B8 10 B8 10 BB 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 02 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 25 mid = 14 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 returned 68 bytes. [2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 bind request returned ok. [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261bb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine bredde.ahus.no and bound anonymously. netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\bredde.ahus.no' computer_name : 'LORDVADER' credentials : * credentials: struct netr_Credential data : f05bad06c04ce65a [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0074 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000005c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0004 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=198 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 116 (0x74) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49161 (0xC009) smb_bcc=131 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 74 00 00 00 07 00 00 00 5C .......t .......\ [020] 00 00 00 00 00 04 00 00 00 02 00 11 00 00 00 00 ........ ........ [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0A 00 00 00 00 ...n.o.. ........ [060] 00 00 00 0A 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V [070] 00 41 00 44 00 45 00 52 00 00 00 F0 5B AD 06 C0 .A.D.E.R ....[... [080] 4C E6 5A L.Z [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 26 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 23 05 2C 31 9A DA 03 6B #.,1...k [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 27 mid = 15 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,202) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,202) wrote 202 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 92 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 t....... .$...... [010] 00 0C 00 00 00 00 00 00 00 14 56 F3 EB 60 13 D1 ........ ..V..`.. [020] 8E 00 00 00 00 ..... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 27 mid = 15 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 27 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 27: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] EB 79 FF 77 50 90 B2 F7 .y.wP... [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 t....... .$...... [010] 00 0C 00 00 00 00 00 00 00 14 56 F3 EB 60 13 D1 ........ ..V..`.. [020] 8E 00 00 00 00 ..... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 27 mid = 15 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 36 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 returned 24 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 1456f3eb6013d18e result : NT_STATUS_OK [2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(294) creds_client_init: neg_flags : 600fffff [2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(295) creds_client_init: client chal : F05BAD06C04CE65A [2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(296) creds_client_init: server chal : 1456F3EB6013D18E [2008/12/09 16:14:18, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2008/12/09 16:14:18, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: F05BAD06C04CE65A [2008/12/09 16:14:18, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : 1456F3EB6013D18E [2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(314) creds_client_init: clnt : D681085D3E829572 [2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(315) creds_client_init: server : 3E02772FD7FDBCA7 [2008/12/09 16:14:18, 10] libsmb/credentials.c:creds_client_init(316) creds_client_init: seed : D681085D3E829572 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\bredde.ahus.no' account_name : 'LORDVADER$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : 'LORDVADER' credentials : * credentials: struct netr_Credential data : d681085d3e829572 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000084 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000f [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=238 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 156 (0x9C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49161 (0xC009) smb_bcc=171 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 9C 00 00 00 08 00 00 00 84 ........ ........ [020] 00 00 00 00 00 0F 00 00 00 02 00 11 00 00 00 00 ........ ........ [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0B 00 00 00 00 ...n.o.. ........ [060] 00 00 00 0B 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V [070] 00 41 00 44 00 45 00 52 00 24 00 00 00 02 00 0A .A.D.E.R .$...... [080] 00 00 00 00 00 00 00 0A 00 00 00 4C 00 4F 00 52 ........ ...L.O.R [090] 00 44 00 56 00 41 00 44 00 45 00 52 00 00 00 D6 .D.V.A.D .E.R.... [0A0] 81 08 5D 3E 82 95 72 FF FF 0F 60 ..]>..r. ..` [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 28 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 0B 6B 5E 38 86 69 9C 42 .k^8.i.B [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 29 mid = 16 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,242) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,242) wrote 242 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 96 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 3E 02 77 2F D7 FD BC ........ .>.w/... [020] A7 FF FF 0F 60 00 00 00 00 ....`... . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 29 mid = 16 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 29 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 29: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] B0 A0 4C 28 81 0D ED 10 ..L(.... [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 3E 02 77 2F D7 FD BC ........ .>.w/... [020] A7 FF FF 0F 60 00 00 00 00 ....`... . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 29 mid = 16 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 40 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc009 returned 32 bytes. netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 3e02772fd7fdbca7 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2008/12/09 16:14:18, 10] libsmb/credentials.c:netlogon_creds_client_check(338) netlogon_creds_client_check: credentials check OK. [2008/12/09 16:14:18, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(221) rpccli_netlogon_setup_creds: server bredde.ahus.no credential chain established. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 30 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 12 20 DA BF 0A 54 E4 D9 . ...T.. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 31 mid = 17 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,108) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,108) wrote 108 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=17 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 31 mid = 17 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 31 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 31: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 9F 75 CA 1E 33 00 95 F6 .u..3... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[c00a]: \NETLOGON auth_type 2, auth_level 6 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 type1: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 type2: 00000003 [2008/12/09 16:14:18, 6] lib/util.c:dump_data(2223) [000] 41 48 55 53 AHUS [2008/12/09 16:14:18, 6] lib/util.c:dump_data(2223) [000] 4C 4F 52 44 56 41 44 45 52 LORDVADE R [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0067 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345678 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 cf fb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=185 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 103 (0x67) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49162 (0xC00A) smb_bcc=118 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 67 00 17 00 09 00 00 00 B8 .......g ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 41 48 55 53 00 4C 4F 52 44 .......A HUS.LORD [070] 56 41 44 45 52 00 VADER. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 32 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] A2 A8 B2 1A 1A C0 18 E6 ........ [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 33 mid = 18 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,189) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,189) wrote 189 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... [010] 00 B8 10 B8 10 BC 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 64 A0 03 ......d. . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 33 mid = 18 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 33 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 33: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 86 DA 9B C9 67 EB A8 65 ....g..e [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 g....... .X...... [010] 00 B8 10 B8 10 BC 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 64 A0 03 ......d. . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 33 mid = 18 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 88 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a returned 88 bytes. [2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a bind request returned ok. [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261bc [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2554) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine bredde.ahus.no for domain AHUS and bound using schannel. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 34 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] FD 1F 9C 65 8C C4 21 96 ...e..!. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 35 mid = 19 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,45) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,45) wrote 45 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=19 smt_wct=0 smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 35 mid = 19 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 35 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 35: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 45 90 E3 33 FF 98 93 A2 E..3.... [2008/12/09 16:14:18, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) cli_rpc_pipe_close: closed pipe \NETLOGON to machine bredde.ahus.no netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : 'bredde.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000034 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0028 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0050 auth_type : 44 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0051 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0052 auth_pad_len : 04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0053 auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 auth_context_id: 00000001 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=0 [2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=0 data_len=56 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000058 smb_io_rpc_auth_schannel_chk [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 sig : 77 00 7a 00 ff ff 00 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 seq_num: a8 a1 fe 6c b7 34 de ac [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 packet_digest: fd 24 9c 1b 6c 97 cd 51 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0070 confounder: e0 24 56 90 35 37 11 16 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49162 (0xC00A) smb_bcc=135 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 20 00 0A 00 00 00 34 .......x . .....4 [020] 00 00 00 00 00 28 00 75 D9 3E 61 9E 7E E7 00 C6 .....(.u .>a.~... [030] EA 14 18 3B 25 21 9D 2B 51 B3 6B DB 87 E4 DB D0 ...;%!.+ Q.k..... [040] 4C 03 99 1D E5 A0 30 6C 75 3F 53 22 E4 D0 CD 2C L.....0l u?S"..., [050] AC 61 39 40 13 19 14 BD 58 32 11 6B B1 4B F6 44 .a9@.... X2.k.K.D [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 A8 .......w .z...... [070] A1 FE 6C B7 34 DE AC FD 24 9C 1B 6C 97 CD 51 E0 ..l.4... $..l..Q. [080] 24 56 90 35 37 11 16 $V.57.. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 36 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 4C 44 57 78 3F 49 BD 4F LDWx?I.O [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 37 mid = 20 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,206) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,206) wrote 206 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 664 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=664 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 608 (0x260) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 608 (0x260) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=609 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0A 00 00 x....... .`. .... [010] 00 1C 02 00 00 00 00 00 00 FE B4 36 73 B8 BB C9 ........ ...6s... [020] 83 9A A0 86 FD EE B8 C1 4C 71 9B 6F 82 FA 81 ED ........ Lq.o.... [030] 4C C2 53 E6 DB 57 6D DD C3 87 37 65 8B CB 1C 60 L.S..Wm. ..7e...` [040] 2F 86 0D B7 6C 62 2F 78 33 05 66 3E 6C 0C 3A 4C /...lb/x 3.f>l.:L [050] 3E 2E D7 D2 E4 74 BE 01 86 DD 0F 4A 5A A5 49 36 >....t.. ...JZ.I6 [060] 64 38 F2 85 48 6F EC C9 20 DC 11 20 2C 63 EB F7 d8..Ho.. .. ,c.. [070] 5E EF 4B AF 1B 83 1D 14 3C 34 4B 19 94 E5 44 15 ^.K..... <4K...D. [080] 28 1A 4D 37 24 E7 42 DD 67 46 30 1D 29 FC B6 6F (.M7$.B. gF0.)..o [090] 00 F8 95 B9 00 8C 7B D8 4C 79 23 76 87 82 A3 75 ......{. Ly#v...u [0A0] 35 B5 51 08 4A 5E 10 EE 49 26 24 D0 A9 9F 2D E9 5.Q.J^.. I&$...-. [0B0] C5 27 61 E3 D8 A8 01 98 20 78 6E 47 FA D8 A4 10 .'a..... xnG.... [0C0] DE AB 39 CB 5A EA 79 7C CB 2A F6 0F D9 CE 56 A6 ..9.Z.y| .*....V. [0D0] 25 89 DB 4A F3 D6 AE 58 1B 9C 4F 60 31 AC 70 95 %..J...X ..O`1.p. [0E0] F1 5A B3 83 67 A6 C6 CB 2F 59 D8 6F F1 FF 63 1C .Z..g... /Y.o..c. [0F0] 63 F6 60 34 30 A5 1F 33 F4 84 1C 4C A4 19 59 C5 c.`40..3 ...L..Y. [100] AC 56 30 BA D0 FC 0A 9D 44 9F 68 EF CC F3 17 87 .V0..... D.h..... [110] 6D D6 6A 49 8D 0A F1 07 1B A7 65 C6 FC CF 0F 25 m.jI.... ..e....% [120] 0A 3C 2E 1B 15 5A 92 5C 06 4B E5 BD 7D 11 25 09 .<...Z.\ .K..}.%. [130] B5 E2 B9 B3 07 DE D7 70 17 26 1A 1D 40 EA 67 AD .......p .&..@.g. [140] A9 E7 EC 6B 92 42 BD 40 4C 9B 58 7E 2F F9 55 F8 ...k.B.@ L.X~/.U. [150] CD E6 6B 79 2B A2 1C 58 DD C1 74 B3 39 8B 23 E8 ..ky+..X ..t.9.#. [160] 33 C8 B7 1B 24 A7 E0 16 89 9A BF 19 ED 68 AA 39 3...$... .....h.9 [170] 7C 5F 8D B6 54 25 50 A6 67 62 10 47 19 77 C8 B4 |_..T%P. gb.G.w.. [180] AE A9 92 64 6F F5 79 EE 37 71 13 CC FC E5 7D 2D ...do.y. 7q....}- [190] 9B 80 92 7C D7 B3 7A E1 C0 54 50 05 B5 46 42 33 ...|..z. .TP..FB3 [1A0] BF C7 D5 59 5B B6 8B E8 44 AD 1B 03 28 8E E9 71 ...Y[... D...(..q [1B0] FF 04 7B E1 77 D5 BB 6F 1E 73 4D 49 EA 44 C2 12 ..{.w..o .sMI.D.. [1C0] BE F3 9E F4 DF 94 28 E8 C2 9C 30 3B E0 9B 72 87 ......(. ..0;..r. [1D0] 7A EA 74 61 49 BD AD E8 8E 9D 97 04 0B EA F9 77 z.taI... .......w [1E0] 42 73 8A 78 9B 34 03 06 1B 78 2E F1 6B 1C F5 BE Bs.x.4.. .x..k... [1F0] 45 38 F3 ED B7 BD 92 A4 1C C2 A1 BE 40 59 3C BC E8...... ....@Y<. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 37 mid = 20 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 37 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 37: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] F6 F5 30 CC 6E 4B 32 FD ..0.nK2. [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=664 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 608 (0x260) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 608 (0x260) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=609 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0A 00 00 x....... .`. .... [010] 00 1C 02 00 00 00 00 00 00 FE B4 36 73 B8 BB C9 ........ ...6s... [020] 83 9A A0 86 FD EE B8 C1 4C 71 9B 6F 82 FA 81 ED ........ Lq.o.... [030] 4C C2 53 E6 DB 57 6D DD C3 87 37 65 8B CB 1C 60 L.S..Wm. ..7e...` [040] 2F 86 0D B7 6C 62 2F 78 33 05 66 3E 6C 0C 3A 4C /...lb/x 3.f>l.:L [050] 3E 2E D7 D2 E4 74 BE 01 86 DD 0F 4A 5A A5 49 36 >....t.. ...JZ.I6 [060] 64 38 F2 85 48 6F EC C9 20 DC 11 20 2C 63 EB F7 d8..Ho.. .. ,c.. [070] 5E EF 4B AF 1B 83 1D 14 3C 34 4B 19 94 E5 44 15 ^.K..... <4K...D. [080] 28 1A 4D 37 24 E7 42 DD 67 46 30 1D 29 FC B6 6F (.M7$.B. gF0.)..o [090] 00 F8 95 B9 00 8C 7B D8 4C 79 23 76 87 82 A3 75 ......{. Ly#v...u [0A0] 35 B5 51 08 4A 5E 10 EE 49 26 24 D0 A9 9F 2D E9 5.Q.J^.. I&$...-. [0B0] C5 27 61 E3 D8 A8 01 98 20 78 6E 47 FA D8 A4 10 .'a..... xnG.... [0C0] DE AB 39 CB 5A EA 79 7C CB 2A F6 0F D9 CE 56 A6 ..9.Z.y| .*....V. [0D0] 25 89 DB 4A F3 D6 AE 58 1B 9C 4F 60 31 AC 70 95 %..J...X ..O`1.p. [0E0] F1 5A B3 83 67 A6 C6 CB 2F 59 D8 6F F1 FF 63 1C .Z..g... /Y.o..c. [0F0] 63 F6 60 34 30 A5 1F 33 F4 84 1C 4C A4 19 59 C5 c.`40..3 ...L..Y. [100] AC 56 30 BA D0 FC 0A 9D 44 9F 68 EF CC F3 17 87 .V0..... D.h..... [110] 6D D6 6A 49 8D 0A F1 07 1B A7 65 C6 FC CF 0F 25 m.jI.... ..e....% [120] 0A 3C 2E 1B 15 5A 92 5C 06 4B E5 BD 7D 11 25 09 .<...Z.\ .K..}.%. [130] B5 E2 B9 B3 07 DE D7 70 17 26 1A 1D 40 EA 67 AD .......p .&..@.g. [140] A9 E7 EC 6B 92 42 BD 40 4C 9B 58 7E 2F F9 55 F8 ...k.B.@ L.X~/.U. [150] CD E6 6B 79 2B A2 1C 58 DD C1 74 B3 39 8B 23 E8 ..ky+..X ..t.9.#. [160] 33 C8 B7 1B 24 A7 E0 16 89 9A BF 19 ED 68 AA 39 3...$... .....h.9 [170] 7C 5F 8D B6 54 25 50 A6 67 62 10 47 19 77 C8 B4 |_..T%P. gb.G.w.. [180] AE A9 92 64 6F F5 79 EE 37 71 13 CC FC E5 7D 2D ...do.y. 7q....}- [190] 9B 80 92 7C D7 B3 7A E1 C0 54 50 05 B5 46 42 33 ...|..z. .TP..FB3 [1A0] BF C7 D5 59 5B B6 8B E8 44 AD 1B 03 28 8E E9 71 ...Y[... D...(..q [1B0] FF 04 7B E1 77 D5 BB 6F 1E 73 4D 49 EA 44 C2 12 ..{.w..o .sMI.D.. [1C0] BE F3 9E F4 DF 94 28 E8 C2 9C 30 3B E0 9B 72 87 ......(. ..0;..r. [1D0] 7A EA 74 61 49 BD AD E8 8E 9D 97 04 0B EA F9 77 z.taI... .......w [1E0] 42 73 8A 78 9B 34 03 06 1B 78 2E F1 6B 1C F5 BE Bs.x.4.. .x..k... [1F0] 45 38 F3 ED B7 BD 92 A4 1C C2 A1 BE 40 59 3C BC E8...... ....@Y<. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 37 mid = 20 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0260 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000021c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000238 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0238 auth_type : 44 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0239 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 023a auth_pad_len : 04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 023b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 023c auth_context_id: 00000001 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000240 smb_io_rpc_auth_schannel_chk [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0240 sig : 77 00 7a 00 ff ff 00 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0248 seq_num: e4 6a 12 db 49 87 1a 92 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0250 packet_digest: 24 95 c4 e8 64 0a ef a9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0258 confounder: 14 2b 1e 12 f3 6f cb a9 [2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=1 data_len=544 [2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=1 data_len=544 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 608, data_len 540, ss_len 4 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 608 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a returned 1080 bytes. netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts out: struct netr_DsrEnumerateDomainTrusts trusts : * trusts: struct netr_DomainTrustList count : 0x00000004 (4) array : * array: ARRAY(4) array: struct netr_DomainTrust netbios_name : * netbios_name : 'SIAADM' dns_name : * dns_name : 'adm.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000003 (3) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000020 (32) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-29509730-458046710-584457872 guid : 86e1733e-c58a-4e40-a623-e342ffcb5aeb array: struct netr_DomainTrust netbios_name : * netbios_name : 'SIAPAS' dns_name : * dns_name : 'pas.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000003 (3) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000020 (32) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-12156805-1400573469-1836196843 guid : af7f7233-e3ee-4db3-9a26-1fa9b7a2db87 array: struct netr_DomainTrust netbios_name : * netbios_name : 'AD' dns_name : * dns_name : 'ad.ahus.no' trust_flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000000 (0) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000004 (4) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 1: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-1100344877-3013322779-101495848 guid : 00000000-0000-0000-0000-000000000000 array: struct netr_DomainTrust netbios_name : * netbios_name : 'AHUS' dns_name : * dns_name : 'ahus.no' trust_flags : 0x0000001d (29) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000000 (0) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-800612262-1210951328-1076162327 guid : d36df92d-628a-435e-bede-27cb29aacda1 result : WERR_OK [2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain adm.ahus.no [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain SIAADM (adm.ahus.no), SID S-1-5-21-29509730-458046710-584457872, flags = 0x23, attributes = 0x20, type = 0x2 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 4 trusted domains [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (AHUS.NO) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain pas.ahus.no [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain SIAPAS (pas.ahus.no), SID S-1-5-21-12156805-1400573469-1836196843, flags = 0x23, attributes = 0x20, type = 0x2 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 5 trusted domains [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (AHUS.NO) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ad.ahus.no [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain AD (ad.ahus.no), SID S-1-5-21-1100344877-3013322779-101495848, flags = 0x22, attributes = 0x4, type = 0x2 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 6 trusted domains [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (AHUS.NO) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AD (ad.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ahus.no [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain AHUS (ahus.no), SID S-1-5-21-800612262-1210951328-1076162327, flags = 0x1d, attributes = 0x0, type = 0x2 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) add_wbdomain_to_tdc_array: Found existing record for AHUS [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 6 trusted domains [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AD (ad.ahus.no) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3721 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2437) Storing extra data: len=225 [2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 20 [2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPSID [2008/12/09 16:14:18, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) [ 4112]: lookupsid S-1-1-0 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:sid_to_name(1523) sid_to_name: [Cached] - doing backend query for name for domain AHUS [2008/12/09 16:14:18, 3] winbindd/winbindd_rpc.c:msrpc_sid_to_name(337) sid_to_name [rpc] S-1-1-0 for domain AHUS [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 38 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 1B 0F 8D 49 97 02 4E 00 ...I..N. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 39 mid = 21 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,104) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,104) wrote 104 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=21 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2816 (0xB00) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 39 mid = 21 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 39 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 39: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 37 6D 52 8F F4 32 11 3E 7mR..2.> [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[c00b]: \lsarpc auth_type 3, auth_level 6 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(981) create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:create_spnego_ntlmssp_auth_rpc_bind_req(1004) create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate: [2008/12/09 16:14:18, 5] lib/util.c:dump_data(2223) [000] 60 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E `M..+... ...C0A.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 0...+... ..7..../ [020] 04 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 .-NTLMSS P.....5. [030] 08 60 04 00 04 00 20 00 00 00 09 00 09 00 24 00 .`.... . ......$. [040] 00 00 41 48 55 53 4C 4F 52 44 56 41 44 45 52 ..AHUSLO RDVADER [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 004f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=241 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 159 (0x9F) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 159 (0x9F) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49163 (0xC00B) smb_bcc=174 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 9F 00 4F 00 0B 00 00 00 B8 ........ .O...... [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E 30 M..+.... ..C0A..0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 04 ...+.... .7..../. [080] 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 -NTLMSSP .....5.. [090] 60 04 00 04 00 20 00 00 00 09 00 09 00 24 00 00 `.... .. .....$.. [0A0] 00 41 48 55 53 4C 4F 52 44 56 41 44 45 52 .AHUSLOR DVADER [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 40 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 0D 3F EB B2 1F B4 72 FB .?....r. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 41 mid = 22 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,245) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,245) wrote 245 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 327 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=327 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 271 (0x10F) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 271 (0x10F) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=272 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 9F 05 00 0C 03 10 00 00 00 0F 01 C3 00 0B 00 00 ........ ........ [010] 00 B8 10 B8 10 BD 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 D1 11 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 81 C0 `....... ........ [050] 30 81 BD A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 A7 04 81 A4 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 08 00 08 00 38 00 00 00 SSP..... ....8... [080] 35 82 89 62 C4 A7 79 B4 5A 7B CA 0E 00 00 00 00 5..b..y. Z{...... [090] 00 00 00 00 64 00 64 00 40 00 00 00 05 02 CE 0E ....d.d. @....... [0A0] 00 00 00 0F 41 00 48 00 55 00 53 00 02 00 08 00 ....A.H. U.S..... [0B0] 41 00 48 00 55 00 53 00 01 00 0C 00 42 00 52 00 A.H.U.S. ....B.R. [0C0] 45 00 44 00 44 00 45 00 04 00 0E 00 61 00 68 00 E.D.D.E. ....a.h. [0D0] 75 00 73 00 2E 00 6E 00 6F 00 03 00 1C 00 62 00 u.s...n. o.....b. [0E0] 72 00 65 00 64 00 64 00 65 00 2E 00 61 00 68 00 r.e.d.d. e...a.h. [0F0] 75 00 73 00 2E 00 6E 00 6F 00 05 00 0E 00 61 00 u.s...n. o.....a. [100] 68 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 h.u.s... n.o..... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 41 mid = 22 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 41 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 41: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 41 E1 35 70 46 17 FA 41 A.5pF..A [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=327 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 271 (0x10F) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 271 (0x10F) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=272 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 9F 05 00 0C 03 10 00 00 00 0F 01 C3 00 0B 00 00 ........ ........ [010] 00 B8 10 B8 10 BD 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 D1 11 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 81 C0 `....... ........ [050] 30 81 BD A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0....... ....+... [060] 01 82 37 02 02 0A A2 81 A7 04 81 A4 4E 54 4C 4D ..7..... ....NTLM [070] 53 53 50 00 02 00 00 00 08 00 08 00 38 00 00 00 SSP..... ....8... [080] 35 82 89 62 C4 A7 79 B4 5A 7B CA 0E 00 00 00 00 5..b..y. Z{...... [090] 00 00 00 00 64 00 64 00 40 00 00 00 05 02 CE 0E ....d.d. @....... [0A0] 00 00 00 0F 41 00 48 00 55 00 53 00 02 00 08 00 ....A.H. U.S..... [0B0] 41 00 48 00 55 00 53 00 01 00 0C 00 42 00 52 00 A.H.U.S. ....B.R. [0C0] 45 00 44 00 44 00 45 00 04 00 0E 00 61 00 68 00 E.D.D.E. ....a.h. [0D0] 75 00 73 00 2E 00 6E 00 6F 00 03 00 1C 00 62 00 u.s...n. o.....b. [0E0] 72 00 65 00 64 00 64 00 65 00 2E 00 61 00 68 00 r.e.d.d. e...a.h. [0F0] 75 00 73 00 2E 00 6E 00 6F 00 05 00 0E 00 61 00 u.s...n. o.....a. [100] 68 00 75 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 h.u.s... n.o..... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 41 mid = 22 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 010f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00c3 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 271 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 271 bytes. [2008/12/09 16:14:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b bind request returned ok. [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 010f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00c3 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261bd [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000044 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0044 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0045 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0046 auth_pad_len : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0047 auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0048 auth_context_id: 00000001 [2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) Got challenge flags: [2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) NTLMSSP: Set final flags: [2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/12/09 16:14:18, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1121) NTLMSSP challenge set by NTLM2 [2008/12/09 16:14:18, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1122) challenge is: [2008/12/09 16:14:18, 5] lib/util.c:dump_data(2223) [000] 39 A3 E5 75 F3 6D 08 BF 9..u.m.. [2008/12/09 16:14:18, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/12/09 16:14:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 010a [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00ba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345778 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 89 ab [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000000 [2008/12/09 16:14:18, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:14:18, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=348 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 266 (0x10A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 266 (0x10A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49163 (0xC00B) smb_bcc=281 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 0A 01 BA 00 0B 00 00 00 B8 ........ ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... ........ [060] 81 B7 30 81 B4 A2 81 B1 04 81 AE 4E 54 4C 4D 53 ..0..... ...NTLMS [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... [080] 00 18 00 58 00 00 00 08 00 08 00 70 00 00 00 14 ...X.... ...p.... [090] 00 14 00 78 00 00 00 12 00 12 00 8C 00 00 00 10 ...x.... ........ [0A0] 00 10 00 9E 00 00 00 35 82 08 60 71 96 B2 06 EA .......5 ..`q.... [0B0] 0B 9F AF 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 A2 26 17 F4 A0 8B D9 91 E7 38 F8 23 A2 ....&... ....8.#. [0D0] E8 4F 13 91 07 62 64 29 FE 91 6B 41 00 48 00 55 .O...bd) ..kA.H.U [0E0] 00 53 00 4C 00 4F 00 52 00 44 00 56 00 41 00 44 .S.L.O.R .D.V.A.D [0F0] 00 45 00 52 00 24 00 4C 00 4F 00 52 00 44 00 56 .E.R.$.L .O.R.D.V [100] 00 41 00 44 00 45 00 52 00 07 31 F3 98 F8 F0 15 .A.D.E.R ..1..... [110] 96 FE E3 19 04 19 C1 05 36 ........ 6 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 42 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 6A A6 C6 65 24 FE DC 2E j..e$... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 43 mid = 23 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,352) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,352) wrote 352 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 129 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=129 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 73 (0x49) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 73 (0x49) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=74 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 0A 05 00 0F 03 10 00 00 00 49 00 09 00 0B 00 00 ........ .I...... [010] 00 B8 10 B8 10 BD 61 22 00 00 00 5C 50 01 00 00 ......a" ...\P... [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 09 06 00 00 01 00 00 .+.H`... ........ [040] 00 A1 07 30 05 A0 03 0A 01 00 ...0.... .. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 43 mid = 23 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 43 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 43: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 22 CC F9 06 40 23 8B 36 "...@#.6 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=129 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 73 (0x49) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 73 (0x49) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=74 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 0A 05 00 0F 03 10 00 00 00 49 00 09 00 0B 00 00 ........ .I...... [010] 00 B8 10 B8 10 BD 61 22 00 00 00 5C 50 01 00 00 ......a" ...\P... [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 09 06 00 00 01 00 00 .+.H`... ........ [040] 00 A1 07 30 05 A0 03 0A 01 00 ...0.... .. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 43 mid = 23 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0049 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0009 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 73 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 73 bytes. [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0049 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0009 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_finish_spnego_ntlmssp_bind(2023) rpc_finish_spnego_ntlmssp_bind: alter context request to remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b. [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2374) cli_rpc_pipe_open_ntlmssp_internal: opened pipe \lsarpc to machine bredde.ahus.no and bound NTLMSSP as user AHUS\LORDVADER$. [2008/12/09 16:14:18, 10] winbindd/winbindd_cm.c:cm_connect_lsa(2176) cm_connect_lsa: connected to LSA pipe for domain AHUS using NTLMSSP authenticated pipe: user AHUS\LORDVADER$ [2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_sec_qos(70) init_lsa_sec_qos [2008/12/09 16:14:18, 5] rpc_client/init_lsa.c:init_lsa_obj_attr(90) init_lsa_obj_attr lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000002c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0006 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49163 (0xC00B) smb_bcc=111 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 10 00 0C 00 00 00 2C .......` ......., [020] 00 00 00 00 00 06 00 46 64 B4 8F 8A 58 2A 74 6A .......F d...X*tj [030] CB 88 A4 87 9E A9 0F 17 FB E5 B3 67 15 71 71 7E ........ ...g.qq~ [040] 51 CB 73 62 E7 01 E3 AC C1 37 89 B0 C2 EA 48 9B Q.sb.... .7....H. [050] ED D1 2A 52 69 A1 89 09 06 04 00 01 00 00 00 01 ..*Ri... ........ [060] 00 00 00 FC 2F 86 43 21 FC DC 12 00 00 00 00 ..../.C! ....... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 44 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 2A 78 3E 5C E4 F1 C3 3F *x>\...? [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 45 mid = 24 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,182) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,182) wrote 182 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 60 05 00 02 03 10 00 00 00 50 00 10 00 0C 00 00 `....... .P...... [010] 00 18 00 00 00 00 00 00 00 B2 65 0C 70 3A B7 3B ........ ..e.p:.; [020] C7 39 76 BE 6B 1D B0 C9 E2 0F 0D E8 17 9B 5B 8D .9v.k... ......[. [030] C1 DD B3 F5 F1 1C 28 98 80 09 06 08 00 01 00 00 ......(. ........ [040] 00 01 00 00 00 03 12 A2 16 A1 B0 30 13 00 00 00 ........ ...0.... [050] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 45 mid = 24 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 45 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 45: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] DC F9 54 A0 C8 1F D6 69 ..T....i [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 80 (0x50) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=81 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 60 05 00 02 03 10 00 00 00 50 00 10 00 0C 00 00 `....... .P...... [010] 00 18 00 00 00 00 00 00 00 B2 65 0C 70 3A B7 3B ........ ..e.p:.; [020] C7 39 76 BE 6B 1D B0 C9 E2 0F 0D E8 17 9B 5B 8D .9v.k... ......[. [030] C1 DD B3 F5 F1 1C 28 98 80 09 06 08 00 01 00 00 ......(. ........ [040] 00 01 00 00 00 03 12 A2 16 A1 B0 30 13 00 00 00 ........ ...0.... [050] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 45 mid = 24 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 08 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 80, data_len 24, ss_len 8 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 80 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 48 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d469b8bc-bca5-4814-927a-7095f9372563 result : NT_STATUS_OK [2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids(305) rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1. lsa_LookupSids: struct lsa_LookupSids in: struct lsa_LookupSids handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d469b8bc-bca5-4814-927a-7095f9372563 sids : * sids: struct lsa_SidArray num_sids : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_SidPtr sid : * sid : S-1-1-0 names : * names: struct lsa_TransNameArray count : 0x00000000 (0) names : NULL level : 0x0001 (1) count : * count : 0x00000000 (0) [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000044 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000060 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0060 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0061 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0062 auth_pad_len : 04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0063 auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0064 auth_context_id: 00000001 [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49163 (0xC00B) smb_bcc=135 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 10 00 0D 00 00 00 44 .......x .......D [020] 00 00 00 00 00 0F 00 5C 51 03 82 24 5F A0 6C AA .......\ Q..$_.l. [030] D5 E9 C1 32 91 64 23 D7 20 2F 75 85 B0 54 FD 58 ...2.d#. /u..T.X [040] 87 B5 2A 39 45 82 F0 68 D1 23 04 8C 88 0C D3 79 ..*9E..h .#.....y [050] 3F 46 F7 92 D3 DE F8 4D F9 DA D5 DF 0B D8 87 FE ?F.....M ........ [060] DE 25 58 81 53 97 4F 17 E8 77 58 58 F4 B2 25 09 .%X.S.O. .wXX..%. [070] 06 04 00 01 00 00 00 01 00 00 00 EE 64 24 8E 25 ........ ....d$.% [080] 7A 35 BB 01 00 00 00 z5..... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 46 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 18 D4 73 6A 3A F6 03 9D ..sj:... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 47 mid = 25 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,206) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,206) wrote 206 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 232 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 B0 00 10 00 0D 00 00 x....... ........ [010] 00 78 00 00 00 00 00 00 00 A3 CE 51 DA 40 70 9D .x...... ...Q.@p. [020] 2C 41 C7 4D 41 3A 07 BD 7D 6F 94 BE C9 CA 94 C8 ,A.MA:.. }o...... [030] 69 08 81 65 1A CA 34 CF B7 19 F1 27 A3 B0 02 74 i..e..4. ...'...t [040] D7 57 5D 11 22 97 BF 2C 2D 35 2B 10 6F A2 76 16 .W].".., -5+.o.v. [050] A2 84 38 E8 27 E9 1A 0B C6 8B DC A0 DF 88 A5 06 ..8.'... ........ [060] F4 E5 8C 97 7F 96 39 31 9F 70 48 8E 31 7F 6B 77 ......91 .pH.1.kw [070] 55 6C 32 1C B4 08 DE 3D 04 21 B1 38 B6 74 50 8F Ul2....= .!.8.tP. [080] 7B 57 E2 84 01 DB AE 46 9A 8B 8E F2 6A 9C 25 15 {W.....F ....j.%. [090] A8 FE 2A DA 3E 2C 21 8F C5 09 06 08 00 01 00 00 ..*.>,!. ........ [0A0] 00 01 00 00 00 22 AA 3A 40 A9 93 03 72 01 00 00 .....".: @...r... [0B0] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 47 mid = 25 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 47 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 47: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 3B F3 AC 34 ED B9 A6 89 ;..4.... [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 B0 00 10 00 0D 00 00 x....... ........ [010] 00 78 00 00 00 00 00 00 00 A3 CE 51 DA 40 70 9D .x...... ...Q.@p. [020] 2C 41 C7 4D 41 3A 07 BD 7D 6F 94 BE C9 CA 94 C8 ,A.MA:.. }o...... [030] 69 08 81 65 1A CA 34 CF B7 19 F1 27 A3 B0 02 74 i..e..4. ...'...t [040] D7 57 5D 11 22 97 BF 2C 2D 35 2B 10 6F A2 76 16 .W].".., -5+.o.v. [050] A2 84 38 E8 27 E9 1A 0B C6 8B DC A0 DF 88 A5 06 ..8.'... ........ [060] F4 E5 8C 97 7F 96 39 31 9F 70 48 8E 31 7F 6B 77 ......91 .pH.1.kw [070] 55 6C 32 1C B4 08 DE 3D 04 21 B1 38 B6 74 50 8F Ul2....= .!.8.tP. [080] 7B 57 E2 84 01 DB AE 46 9A 8B 8E F2 6A 9C 25 15 {W.....F ....j.%. [090] A8 FE 2A DA 3E 2C 21 8F C5 09 06 08 00 01 00 00 ..*.>,!. ........ [0A0] 00 01 00 00 00 22 AA 3A 40 A9 93 03 72 01 00 00 .....".: @...r... [0B0] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 47 mid = 25 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00b0 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000078 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000098 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0098 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0099 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009a auth_pad_len : 08 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009b auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 009c auth_context_id: 00000001 [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 176, data_len 120, ss_len 8 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 176 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 240 bytes. lsa_LookupSids: struct lsa_LookupSids out: struct lsa_LookupSids domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0002 (2) string : * string : '' sid : * sid : S-1-1 max_size : 0x00000020 (32) names : * names: struct lsa_TransNameArray count : 0x00000001 (1) names : * names: ARRAY(1) names: struct lsa_TranslatedName sid_type : SID_NAME_WKN_GRP (5) name: struct lsa_String length : 0x0010 (16) size : 0x0012 (18) string : * string : 'Everyone' sid_index : 0x00000000 (0) count : * count : 0x00000001 (1) result : NT_STATUS_OK [2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids_noalloc(171) LSA_LOOKUPSIDS returned 'NT_STATUS_OK', mapped count = 1' [2008/12/09 16:14:18, 5] winbindd/winbindd_rpc.c:msrpc_sid_to_name(361) Mapped sid to []\[Everyone] [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) wcache_save_sid_to_name: S-1-1-0 -> Everyone (NT_STATUS_OK) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:14:18, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 19 [2008/12/09 16:14:18, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LIST_TRUSTDOM [2008/12/09 16:14:18, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) [ 4112]: list trusted domains [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:trusted_domains(2106) trusted_domains: [Cached] - doing backend query for info for domain AHUS [2008/12/09 16:14:18, 3] winbindd/winbindd_ads.c:trusted_domains(1171) ads: trusted_domains netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : 'bredde.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000034 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0028 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0050 auth_type : 44 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0051 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0052 auth_pad_len : 04 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0053 auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 auth_context_id: 00000001 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=2 [2008/12/09 16:14:18, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=2 data_len=56 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000058 smb_io_rpc_auth_schannel_chk [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 sig : 77 00 7a 00 ff ff 00 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 seq_num: b1 ec 66 d2 d0 c1 08 a7 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 packet_digest: d9 d3 df 51 2e f1 ae 72 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0070 confounder: 8d 54 03 a9 fd eb f9 88 [2008/12/09 16:14:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0xc00a [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=26 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49162 (0xC00A) smb_bcc=135 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 20 00 0E 00 00 00 34 .......x . .....4 [020] 00 00 00 00 00 28 00 F9 97 62 67 51 87 25 D0 B3 .....(.. .bgQ.%.. [030] 98 DD F5 C5 D8 50 D4 72 EC A0 09 27 88 72 72 92 .....P.r ...'.rr. [040] 2D 04 0A B5 79 83 AC 5D 53 C3 9C F1 C3 3E 48 65 -...y..] S....>He [050] 6A B4 FE D7 A0 5F 09 08 81 48 DB 3D 4F 1B 08 44 j...._.. .H.=O..D [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 B1 .......w .z...... [070] EC 66 D2 D0 C1 08 A7 D9 D3 DF 51 2E F1 AE 72 8D .f...... ..Q...r. [080] 54 03 A9 FD EB F9 88 T...... [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 48 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 04 2D A7 3B D3 B8 36 A8 .-.;..6. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 49 mid = 26 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,206) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,206) wrote 206 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 664 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=664 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=26 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 608 (0x260) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 608 (0x260) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=609 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 0E 00 00 x....... .`. .... [010] 00 1C 02 00 00 00 00 00 00 5C E8 FE AF DC B9 CB ........ .\...... [020] 4E 64 31 43 05 E3 32 76 E7 34 FE 3C EC 04 84 BF Nd1C..2v .4.<.... [030] 35 88 E3 2A 3F 1A 62 DE 71 CF 53 92 68 17 52 92 5..*?.b. q.S.h.R. [040] AF 51 12 1B DD 90 BB D4 EC 72 BE F2 15 3B D0 EC .Q...... .r...;.. [050] DE 90 1D 19 14 76 06 29 BB 07 62 64 7B AB 75 6D .....v.) ..bd{.um [060] 27 54 74 12 DA 8E 9B 88 D9 DC 76 DC 30 F9 7E 1E 'Tt..... ..v.0.~. [070] 05 3D 94 EE 7F 3C 2A 1D 13 33 55 D5 48 12 C0 A4 .=...<*. .3U.H... [080] 4E 7B BA 6D 24 DD F5 DA 3B 26 61 99 98 64 EE 7E N{.m$... ;&a..d.~ [090] E5 1B BB F7 EA FC 8B D0 7D 92 22 FD 75 F4 81 7E ........ }.".u..~ [0A0] 09 C0 50 5D 59 F0 98 9B F4 63 E6 3C 10 E1 3F E7 ..P]Y... .c.<..?. [0B0] 78 A2 D7 18 AC 46 14 35 14 98 A0 82 25 EC 02 05 x....F.5 ....%... [0C0] 02 B4 F8 30 54 EE EC 0D 96 6E 4C 9B 9D EB 58 18 ...0T... .nL...X. [0D0] DB FA D2 40 34 F1 C8 C3 F7 6D 1B 01 63 A7 0D 97 ...@4... .m..c... [0E0] 07 63 57 83 0C BE EB 5B D2 1E 3D F5 9D 43 C7 F6 .cW....[ ..=..C.. [0F0] DB 74 01 FE 1E 48 E8 25 80 B1 14 25 A2 32 B2 E6 .t...H.% ...%.2.. [100] 12 33 45 0C 5D 94 FC C6 75 36 5B 29 FA DE 77 17 .3E.]... u6[)..w. [110] 60 63 B0 3D 56 D9 8A 8E EC 63 E9 7C 76 F5 CA 63 `c.=V... .c.|v..c [120] 56 1A EC 42 32 2F B8 D2 69 A9 96 C8 A8 8D 32 24 V..B2/.. i.....2$ [130] 8C 4C 31 AD F2 16 17 BC B2 02 B5 C4 C2 61 93 95 .L1..... .....a.. [140] 40 57 14 8D 11 6C 09 17 CC 33 C8 94 D7 E0 FC 30 @W...l.. .3.....0 [150] 2C F9 FF 14 F1 7B 5C C9 21 35 8C 40 D3 EE 90 E7 ,....{\. !5.@.... [160] 8D E8 A8 B2 2A 83 95 4B 0A 87 02 9F A6 43 CD 68 ....*..K .....C.h [170] B3 0C 2C 38 4D 12 10 51 47 05 E7 82 3F 04 7B D0 ..,8M..Q G...?.{. [180] 7F 15 98 F9 93 98 63 25 8A D0 F6 73 27 3A 89 F2 ......c% ...s':.. [190] 25 C2 53 A5 7D AD 8C 9E 93 49 D0 A0 F7 DD 0E F1 %.S.}... .I...... [1A0] 42 45 D0 9C 3F 97 67 16 3C 4E BF 58 96 9A 1D BD BE..?.g. [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 51 mid = 27 [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,206) [2008/12/09 16:14:18, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,206) wrote 206 [2008/12/09 16:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 248 [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=248 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 192 (0xC0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=193 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 C0 00 10 00 0F 00 00 x....... ........ [010] 00 90 00 00 00 00 00 00 00 CA 67 68 EF A4 24 2A ........ ..gh..$* [020] FE EB 4F 4F 84 54 10 59 B7 F7 B4 F3 2D 44 2E 4A ..OO.T.Y ....-D.J [030] A0 52 D4 4A F5 C1 91 7A E9 BF 64 87 C1 53 9D 37 .R.J...z ..d..S.7 [040] 6D 01 3B 6A C7 1F A1 17 B1 86 47 43 F2 86 BE 5F m.;j.... ..GC..._ [050] 99 FB 55 E1 A4 08 0D FA 9A 61 07 F9 8B 27 A4 17 ..U..... .a...'.. [060] 28 56 6B EA E3 20 97 4C 4C D2 4B 86 31 13 5B B9 (Vk.. .L L.K.1.[. [070] 61 EA 47 02 1C F0 E3 3F DC F4 F5 4B 14 F6 FA C9 a.G....? ...K.... [080] 07 6D 7E AC B2 90 27 5C 20 60 A1 D7 56 C3 57 74 .m~...'\ `..V.Wt [090] A6 67 3C FA F9 06 92 35 23 60 C9 F2 2D C3 34 81 .g<....5 #`..-.4. [0A0] 36 A8 C8 0A A3 B2 CC 5B 96 09 06 00 00 01 00 00 6......[ ........ [0B0] 00 01 00 00 00 29 5E E6 20 38 F3 83 78 02 00 00 .....)^. 8..x... [0C0] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 51 mid = 27 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 51 [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 51: got good SMB signature of [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 3D 73 CD 0A CA 65 1C 4C =s...e.L [2008/12/09 16:14:18, 5] lib/util.c:show_msg(642) [2008/12/09 16:14:18, 5] lib/util.c:show_msg(652) size=248 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=27 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 192 (0xC0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=193 [2008/12/09 16:14:18, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 C0 00 10 00 0F 00 00 x....... ........ [010] 00 90 00 00 00 00 00 00 00 CA 67 68 EF A4 24 2A ........ ..gh..$* [020] FE EB 4F 4F 84 54 10 59 B7 F7 B4 F3 2D 44 2E 4A ..OO.T.Y ....-D.J [030] A0 52 D4 4A F5 C1 91 7A E9 BF 64 87 C1 53 9D 37 .R.J...z ..d..S.7 [040] 6D 01 3B 6A C7 1F A1 17 B1 86 47 43 F2 86 BE 5F m.;j.... ..GC..._ [050] 99 FB 55 E1 A4 08 0D FA 9A 61 07 F9 8B 27 A4 17 ..U..... .a...'.. [060] 28 56 6B EA E3 20 97 4C 4C D2 4B 86 31 13 5B B9 (Vk.. .L L.K.1.[. [070] 61 EA 47 02 1C F0 E3 3F DC F4 F5 4B 14 F6 FA C9 a.G....? ...K.... [080] 07 6D 7E AC B2 90 27 5C 20 60 A1 D7 56 C3 57 74 .m~...'\ `..V.Wt [090] A6 67 3C FA F9 06 92 35 23 60 C9 F2 2D C3 34 81 .g<....5 #`..-.4. [0A0] 36 A8 C8 0A A3 B2 CC 5B 96 09 06 00 00 01 00 00 6......[ ........ [0B0] 00 01 00 00 00 29 5E E6 20 38 F3 83 78 02 00 00 .....)^. 8..x... [0C0] 00 . [2008/12/09 16:14:18, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 51 mid = 27 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00c0 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000090 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_debug(88) 0000a8 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a8 auth_type : 09 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00a9 auth_level : 06 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00aa auth_pad_len : 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(624) 00ab auth_reserved: 00 [2008/12/09 16:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(718) 00ac auth_context_id: 00000001 [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2008/12/09 16:14:18, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 192, data_len 144, ss_len 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 192 at offset 0 [2008/12/09 16:14:18, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 288 bytes. lsa_LookupSids: struct lsa_LookupSids out: struct lsa_LookupSids domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0018 (24) size : 0x001a (26) string : * string : 'NT AUTHORITY' sid : * sid : S-1-5 max_size : 0x00000020 (32) names : * names: struct lsa_TransNameArray count : 0x00000001 (1) names : * names: ARRAY(1) names: struct lsa_TranslatedName sid_type : SID_NAME_WKN_GRP (5) name: struct lsa_String length : 0x000e (14) size : 0x0010 (16) string : * string : 'NETWORK' sid_index : 0x00000000 (0) count : * count : 0x00000001 (1) result : NT_STATUS_OK [2008/12/09 16:14:18, 10] rpc_client/cli_lsarpc.c:rpccli_lsa_lookup_sids_noalloc(171) LSA_LOOKUPSIDS returned 'NT_STATUS_OK', mapped count = 1' [2008/12/09 16:14:18, 5] winbindd/winbindd_rpc.c:msrpc_sid_to_name(361) Mapped sid to [NT AUTHORITY]\[NETWORK] [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) wcache_save_sid_to_name: S-1-5-2 -> NETWORK (NT_STATUS_OK) [2008/12/09 16:14:18, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:15:01, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 21 [2008/12/09 16:15:01, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPNAME [2008/12/09 16:15:01, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) [ 4112]: lookupname AHUS+root [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:name_to_sid(1449) name_to_sid: [Cached] - doing backend query for name for domain AHUS [2008/12/09 16:15:01, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(295) rpc: name_to_sid name=AHUS\root [2008/12/09 16:15:01, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(299) name_to_sid [rpc] AHUS\root for domain AHUS lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d469b8bc-bca5-4814-927a-7095f9372563 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0012 (18) size : 0x0012 (18) string : * string : 'AHUS\root' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0088 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000054 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000e [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) 000070 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0070 auth_type : 09 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0071 auth_level : 06 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0072 auth_pad_len : 04 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0073 auth_reserved: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0074 auth_context_id: 00000001 [2008/12/09 16:15:01, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2008/12/09 16:15:01, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b [2008/12/09 16:15:01, 5] lib/util.c:show_msg(642) [2008/12/09 16:15:01, 5] lib/util.c:show_msg(652) size=218 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=28 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 136 (0x88) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49163 (0xC00B) smb_bcc=151 [2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 88 00 10 00 10 00 00 00 54 ........ .......T [020] 00 00 00 00 00 0E 00 54 9B 57 E2 7B C4 D7 5F 40 .......T .W.{.._@ [030] 5E E8 73 16 DE 9C 2A 5F 1E BB C3 C9 9C 1C B9 66 ^.s...*_ .......f [040] C5 53 7E B6 ED C6 B0 7A F6 BC AE 8C A3 3E 3F 70 .S~....z .....>?p [050] 19 83 AA 1E F8 E3 43 70 D4 2C 5E D2 AA E7 DD A3 ......Cp .,^..... [060] 56 7E C9 43 A8 83 07 08 CA F2 F1 00 4B D3 75 CF V~.C.... ....K.u. [070] 9A 6B 1F 23 93 12 6E BF 29 75 68 73 34 9E 90 09 .k.#..n. )uhs4... [080] 06 04 00 01 00 00 00 01 00 00 00 B4 00 3C 5D 20 ........ .....<] [090] 49 43 65 03 00 00 00 ICe.... [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 52 [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) [000] C6 29 CE D5 3E F5 37 34 .)..>.74 [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 53 mid = 28 [2008/12/09 16:15:01, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,222) [2008/12/09 16:15:01, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,222) wrote 222 [2008/12/09 16:15:01, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 216 [2008/12/09 16:15:01, 5] lib/util.c:show_msg(642) [2008/12/09 16:15:01, 5] lib/util.c:show_msg(652) size=216 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 160 (0xA0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=161 [2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) [000] 88 05 00 02 03 10 00 00 00 A0 00 10 00 10 00 00 ........ ........ [010] 00 70 00 00 00 00 00 00 00 60 42 CE FE E2 AD 7E .p...... .`B....~ [020] 80 C7 BA D9 5B 64 E5 8B 7B 8C 4D 81 57 01 0D 33 ....[d.. {.M.W..3 [030] 0B CF 9B 49 82 22 E8 2C 08 BF 87 0C 0E AB AD 4F ...I."., .......O [040] 0C E2 A1 42 80 01 B6 BF 92 6F BF FC 8E CB 53 1B ...B.... .o....S. [050] D4 FF 30 EB 63 53 11 65 DC 16 01 A8 35 77 82 E3 ..0.cS.e ....5w.. [060] 7A 25 1C 35 4D 1E E8 28 AA EC 42 A9 30 68 AF 9F z%.5M..( ..B.0h.. [070] 5A D9 5C B0 85 40 D6 19 D1 5B 35 4F E4 28 CD A0 Z.\..@.. .[5O.(.. [080] 4D 53 DE 86 A9 0D 22 67 E6 09 06 00 00 01 00 00 MS...."g ........ [090] 00 01 00 00 00 AD 58 0D 7F C7 5F 33 11 03 00 00 ......X. .._3.... [0A0] 00 . [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 53 mid = 28 [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 53 [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 53: got good SMB signature of [2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) [000] E8 57 B1 B6 38 AA C2 41 .W..8..A [2008/12/09 16:15:01, 5] lib/util.c:show_msg(642) [2008/12/09 16:15:01, 5] lib/util.c:show_msg(652) size=216 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 160 (0xA0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=161 [2008/12/09 16:15:01, 10] lib/util.c:dump_data(2223) [000] 88 05 00 02 03 10 00 00 00 A0 00 10 00 10 00 00 ........ ........ [010] 00 70 00 00 00 00 00 00 00 60 42 CE FE E2 AD 7E .p...... .`B....~ [020] 80 C7 BA D9 5B 64 E5 8B 7B 8C 4D 81 57 01 0D 33 ....[d.. {.M.W..3 [030] 0B CF 9B 49 82 22 E8 2C 08 BF 87 0C 0E AB AD 4F ...I."., .......O [040] 0C E2 A1 42 80 01 B6 BF 92 6F BF FC 8E CB 53 1B ...B.... .o....S. [050] D4 FF 30 EB 63 53 11 65 DC 16 01 A8 35 77 82 E3 ..0.cS.e ....5w.. [060] 7A 25 1C 35 4D 1E E8 28 AA EC 42 A9 30 68 AF 9F z%.5M..( ..B.0h.. [070] 5A D9 5C B0 85 40 D6 19 D1 5B 35 4F E4 28 CD A0 Z.\..@.. .[5O.(.. [080] 4D 53 DE 86 A9 0D 22 67 E6 09 06 00 00 01 00 00 MS...."g ........ [090] 00 01 00 00 00 AD 58 0D 7F C7 5F 33 11 03 00 00 ......X. .._3.... [0A0] 00 . [2008/12/09 16:15:01, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 53 mid = 28 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a0 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000070 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_debug(88) 000088 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0088 auth_type : 09 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0089 auth_level : 06 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008a auth_pad_len : 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint8(624) 008b auth_reserved: 00 [2008/12/09 16:15:01, 5] rpc_parse/parse_prs.c:prs_uint32(718) 008c auth_context_id: 00000001 [2008/12/09 16:15:01, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2008/12/09 16:15:01, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2008/12/09 16:15:01, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 160, data_len 112, ss_len 0 [2008/12/09 16:15:01, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 160 at offset 0 [2008/12/09 16:15:01, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 224 bytes. lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0008 (8) size : 0x000a (10) string : * string : 'AHUS' sid : * sid : S-1-5-21-800612262-1210951328-1076162327 max_size : 0x00000020 (32) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0x00000000 (0) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:wcache_save_name_to_sid(870) wcache_save_name_to_sid: AHUS\ROOT -> S-0-0 (NT_STATUS_NONE_MAPPED) [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) wcache_save_sid_to_name: S-0-0 -> root (NT_STATUS_NONE_MAPPED) [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:15:01, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 21 [2008/12/09 16:15:01, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPNAME [2008/12/09 16:15:01, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) [ 4112]: lookupname AHUS+root [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:centry_expired(578) centry_expired: Key NS/AHUS/ROOT for domain AHUS is good. [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:wcache_fetch(662) wcache_fetch: returning entry NS/AHUS/ROOT for domain AHUS [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:name_to_sid(1429) name_to_sid: [Cached] - cached name for domain AHUS status: NT_STATUS_NONE_MAPPED [2008/12/09 16:15:01, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:15:56, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 21 [2008/12/09 16:15:56, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPNAME [2008/12/09 16:15:56, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) [ 4112]: lookupname SIAADM+Domain Users [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:name_to_sid(1449) name_to_sid: [Cached] - doing backend query for name for domain AHUS [2008/12/09 16:15:56, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(295) rpc: name_to_sid name=SIAADM\Domain Users [2008/12/09 16:15:56, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(299) name_to_sid [rpc] SIAADM\Domain Users for domain SIAADM lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d469b8bc-bca5-4814-927a-7095f9372563 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0026 (38) size : 0x0026 (38) string : * string : 'SIAADM\Domain Users' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0098 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000011 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000068 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000e [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) 000080 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0080 auth_type : 09 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0081 auth_level : 06 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0082 auth_pad_len : 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0083 auth_reserved: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0084 auth_context_id: 00000001 [2008/12/09 16:15:56, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2008/12/09 16:15:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b [2008/12/09 16:15:56, 5] lib/util.c:show_msg(642) [2008/12/09 16:15:56, 5] lib/util.c:show_msg(652) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=29 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 152 (0x98) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49163 (0xC00B) smb_bcc=167 [2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 11 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 0F A7 1E 24 8C 65 B8 2A 2B ........ ..$.e.*+ [030] 0C 04 24 EE 41 3C F3 36 4E 76 14 9B 89 51 B0 B3 ..$.A<.6 Nv...Q.. [040] C7 F0 80 45 B4 11 5F 7A 1A A1 D5 74 12 74 28 FB ...E.._z ...t.t(. [050] 5B 83 64 A9 5A 6A 57 E7 B7 1E 5F AA 3C 2D 7F 6A [.d.ZjW. .._.<-.j [060] 7C 39 18 42 43 F7 94 0B 2A 0B 88 74 4C 76 52 05 |9.BC... *..tLvR. [070] E2 4C 9D DE 04 E2 DD C3 37 64 0B 0B 1E 2F 48 37 .L...... 7d.../H7 [080] A4 C2 0C F3 38 70 AC 88 F3 A3 79 38 5C AE D3 09 ....8p.. ..y8\... [090] 06 00 00 01 00 00 00 01 00 00 00 83 B1 14 1B C5 ........ ........ [0A0] 7E 75 83 04 00 00 00 ~u..... [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 54 [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) [000] 89 7C 13 28 D7 5A F1 FD .|.(.Z.. [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 55 mid = 29 [2008/12/09 16:15:56, 6] libsmb/clientgen.c:write_socket(236) write_socket(18,238) [2008/12/09 16:15:56, 6] libsmb/clientgen.c:write_socket(239) write_socket(18,238) wrote 238 [2008/12/09 16:15:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 232 [2008/12/09 16:15:56, 5] lib/util.c:show_msg(642) [2008/12/09 16:15:56, 5] lib/util.c:show_msg(652) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=29 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) [000] 98 05 00 02 03 10 00 00 00 B0 00 10 00 11 00 00 ........ ........ [010] 00 74 00 00 00 00 00 00 00 6C 99 B3 0C 91 FD E4 .t...... .l...... [020] 61 55 6C 44 60 BF 5C D3 05 31 06 A6 3F 77 38 83 aUlD`.\. .1..?w8. [030] B4 96 BF 52 B0 76 14 69 57 69 C2 01 46 89 59 E0 ...R.v.i Wi..F.Y. [040] 9D B6 37 08 51 4E B6 EE EE 25 96 4C 92 BC 17 A0 ..7.QN.. .%.L.... [050] 5A 5D 79 09 DD 19 36 11 4F A8 3E EE 47 A3 C2 B4 Z]y...6. O.>.G... [060] 42 84 BA 3A 81 7A F6 75 D6 78 0B 11 B3 24 72 5C B..:.z.u .x...$r\ [070] 81 80 6E 5A FB 50 3A 1F 2B 6C 32 6D 8D AF C0 F4 ..nZ.P:. +l2m.... [080] 02 4C 04 FE AC 65 EB F2 0E 24 1C 30 DD F5 32 11 .L...e.. .$.0..2. [090] F9 BF 7F 93 81 E6 2B 14 AE 09 06 0C 00 01 00 00 ......+. ........ [0A0] 00 01 00 00 00 A4 A9 A4 37 4E 7A 28 74 04 00 00 ........ 7Nz(t... [0B0] 00 . [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 55 mid = 29 [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 55 [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 55: got good SMB signature of [2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) [000] 3E EA A4 BB 42 99 66 43 >...B.fC [2008/12/09 16:15:56, 5] lib/util.c:show_msg(642) [2008/12/09 16:15:56, 5] lib/util.c:show_msg(652) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=16387 smb_pid=4113 smb_uid=30721 smb_mid=29 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [2008/12/09 16:15:56, 10] lib/util.c:dump_data(2223) [000] 98 05 00 02 03 10 00 00 00 B0 00 10 00 11 00 00 ........ ........ [010] 00 74 00 00 00 00 00 00 00 6C 99 B3 0C 91 FD E4 .t...... .l...... [020] 61 55 6C 44 60 BF 5C D3 05 31 06 A6 3F 77 38 83 aUlD`.\. .1..?w8. [030] B4 96 BF 52 B0 76 14 69 57 69 C2 01 46 89 59 E0 ...R.v.i Wi..F.Y. [040] 9D B6 37 08 51 4E B6 EE EE 25 96 4C 92 BC 17 A0 ..7.QN.. .%.L.... [050] 5A 5D 79 09 DD 19 36 11 4F A8 3E EE 47 A3 C2 B4 Z]y...6. O.>.G... [060] 42 84 BA 3A 81 7A F6 75 D6 78 0B 11 B3 24 72 5C B..:.z.u .x...$r\ [070] 81 80 6E 5A FB 50 3A 1F 2B 6C 32 6D 8D AF C0 F4 ..nZ.P:. +l2m.... [080] 02 4C 04 FE AC 65 EB F2 0E 24 1C 30 DD F5 32 11 .L...e.. .$.0..2. [090] F9 BF 7F 93 81 E6 2B 14 AE 09 06 0C 00 01 00 00 ......+. ........ [0A0] 00 01 00 00 00 A4 A9 A4 37 4E 7A 28 74 04 00 00 ........ 7Nz(t... [0B0] 00 . [2008/12/09 16:15:56, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 55 mid = 29 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00b0 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000011 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000074 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_debug(88) 000098 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0098 auth_type : 09 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0099 auth_level : 06 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009a auth_pad_len : 0c [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint8(624) 009b auth_reserved: 00 [2008/12/09 16:15:56, 5] rpc_parse/parse_prs.c:prs_uint32(718) 009c auth_context_id: 00000001 [2008/12/09 16:15:56, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2008/12/09 16:15:56, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2008/12/09 16:15:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 176, data_len 116, ss_len 12 [2008/12/09 16:15:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 176 at offset 0 [2008/12/09 16:15:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \lsarpc fnum 0xc00b returned 232 bytes. lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000c (12) size : 0x000e (14) string : * string : 'SIAADM' sid : * sid : S-1-5-21-29509730-458046710-584457872 max_size : 0x00000020 (32) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_DOM_GRP (2) rid : 0x00000201 (513) sid_index : 0x00000000 (0) count : * count : 0x00000001 (1) result : NT_STATUS_OK [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:wcache_save_name_to_sid(870) wcache_save_name_to_sid: SIAADM\DOMAIN USERS -> S-1-5-21-29509730-458046710-584457872-513 (NT_STATUS_OK) [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:wcache_save_sid_to_name(892) wcache_save_sid_to_name: S-1-5-21-29509730-458046710-584457872-513 -> domain users (NT_STATUS_OK) [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:15:56, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 20 [2008/12/09 16:15:56, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPSID [2008/12/09 16:15:56, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) [ 4112]: lookupsid S-1-5-21-29509730-458046710-584457872-513 [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:centry_expired(578) centry_expired: Key SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS is good. [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:wcache_fetch(662) wcache_fetch: returning entry SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:sid_to_name(1502) sid_to_name: [Cached] - cached name for domain AHUS status: NT_STATUS_OK [2008/12/09 16:15:56, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:18:14, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 21 [2008/12/09 16:18:14, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPNAME [2008/12/09 16:18:14, 3] winbindd/winbindd_async.c:winbindd_dual_lookupname(442) [ 4112]: lookupname SIAADM+Domain Users [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:centry_expired(578) centry_expired: Key NS/SIAADM/DOMAIN USERS for domain AHUS is good. [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:wcache_fetch(662) wcache_fetch: returning entry NS/SIAADM/DOMAIN USERS for domain AHUS [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:name_to_sid(1429) name_to_sid: [Cached] - cached name for domain AHUS status: NT_STATUS_OK [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:18:14, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 20 [2008/12/09 16:18:14, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LOOKUPSID [2008/12/09 16:18:14, 3] winbindd/winbindd_async.c:winbindd_dual_lookupsid(239) [ 4112]: lookupsid S-1-5-21-29509730-458046710-584457872-513 [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(490) refresh_sequence_number: AHUS time ok [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827549 [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:centry_expired(578) centry_expired: Key SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS is good. [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:wcache_fetch(662) wcache_fetch: returning entry SN/S-1-5-21-29509730-458046710-584457872-513 for domain AHUS [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:sid_to_name(1502) sid_to_name: [Cached] - cached name for domain AHUS status: NT_STATUS_OK [2008/12/09 16:18:14, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4113, len 3496 [2008/12/09 16:19:17, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2008/12/09 16:19:47, 4] winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request 19 [2008/12/09 16:19:47, 10] winbindd/winbindd_dual.c:child_process_request(433) child_process_request: request fn LIST_TRUSTDOM [2008/12/09 16:19:47, 3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362) [ 4112]: list trusted domains [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:fetch_cache_seqnum(420) fetch_cache_seqnum: timeout [AHUS][42827549 @ 1228835658] [2008/12/09 16:19:47, 3] winbindd/winbindd_ads.c:sequence_number(1120) ads: fetch sequence_number for AHUS [2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:ads_cached_connection(45) ads_cached_connection [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:19:47, 4] libsmb/namequery_dc.c:ads_dc_name(73) ads_dc_name: domain=AHUS [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:19:47, 6] libads/ldap.c:ads_find_dc(318) ads_find_dc: looking for realm 'ahus.no' [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_sorted_dc_list(2093) get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:19:47, 5] libads/ldap.c:ads_try_connect(188) ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) r : union nbt_cldap_netlogon(case 6) logon5: struct nbt_cldap_netlogon_5 type : NETLOGON_RESPONSE_FROM_PDC2 (23) sbz : 0x0000 (0) server_type : 0x000001bc (444) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 0: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 forest : 'ahus.no' dns_domain : 'ahus.no' pdc_dns_name : 'bredde.ahus.no' domain : 'AHUS' pdc_name : 'BREDDE' user_name : '' server_site : 'SIAADM' client_site : 'SIAADM' nt_version : 0x00000005 (5) 1: NETLOGON_VERSION_1 0: NETLOGON_VERSION_5 1: NETLOGON_VERSION_5EX 0: NETLOGON_VERSION_5EX_WITH_IP 0: NETLOGON_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_VERSION_AVOID_NT4_EMUL 0: NETLOGON_VERSION_PDC 0: NETLOGON_VERSION_IP 0: NETLOGON_VERSION_LOCAL 0: NETLOGON_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647660 seconds ahead) [2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647660 seconds ahead) [2008/12/09 16:19:47, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 10.132.16.21 [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:19:47, 10] libads/ldap.c:ads_closest_dc(155) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2008/12/09 16:19:47, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(871) create_local_private_krb5_conf_for_domain: fname = /var/lock/samba/smb_krb5/krb5.conf.AHUS, realm = ahus.no, domain = AHUS [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename (null)) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:19:47, 10] libads/kerberos.c:get_kdc_ip_string(820) get_kdc_ip_string: Returning kdc = 10.132.16.21 [2008/12/09 16:19:47, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(946) create_local_private_krb5_conf_for_domain: wrote file /var/lock/samba/smb_krb5/krb5.conf.AHUS with realm AHUS.NO KDC list = kdc = 10.132.16.21 [2008/12/09 16:19:47, 4] libsmb/namequery_dc.c:ads_dc_name(143) ads_dc_name: using server='BREDDE.AHUS.NO' IP=10.132.16.21 [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for ahus.no: "SIAADM" [2008/12/09 16:19:47, 6] libads/ldap.c:ads_find_dc(318) ads_find_dc: looking for realm 'ahus.no' [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_sorted_dc_list(2093) get_sorted_dc_list: attempting lookup for name ahus.no (sitename SIAADM) using [ads] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = bredde.ahus.no, timeout = Tue Dec 9 16:29:22 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "bredde.ahus.no" for "ahus.no" domain [2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "bredde.ahus.no, *" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:25:22 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:19:47, 5] libads/ldap.c:ads_try_connect(188) ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) r : union nbt_cldap_netlogon(case 6) logon5: struct nbt_cldap_netlogon_5 type : NETLOGON_RESPONSE_FROM_PDC2 (23) sbz : 0x0000 (0) server_type : 0x000001bc (444) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 0: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 forest : 'ahus.no' dns_domain : 'ahus.no' pdc_dns_name : 'bredde.ahus.no' domain : 'AHUS' pdc_name : 'BREDDE' user_name : '' server_site : 'SIAADM' client_site : 'SIAADM' nt_version : 0x00000005 (5) 1: NETLOGON_VERSION_1 0: NETLOGON_VERSION_5 1: NETLOGON_VERSION_5EX 0: NETLOGON_VERSION_5EX_WITH_IP 0: NETLOGON_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_VERSION_AVOID_NT4_EMUL 0: NETLOGON_VERSION_PDC 0: NETLOGON_VERSION_IP 0: NETLOGON_VERSION_LOCAL 0: NETLOGON_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647660 seconds ahead) [2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647660 seconds ahead) [2008/12/09 16:19:47, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 10.132.16.21 [2008/12/09 16:19:47, 10] libads/ldap.c:ldap_open_with_timeout(62) Opening connection to LDAP server 'bredde.ahus.no:389', timeout 15 seconds [2008/12/09 16:19:47, 10] libads/ldap.c:ldap_open_with_timeout(76) Connected to LDAP server 'bredde.ahus.no:389' [2008/12/09 16:19:47, 3] libads/ldap.c:ads_connect(480) Connected to LDAP server bredde.ahus.no [2008/12/09 16:19:47, 10] libads/ldap.c:ads_closest_dc(155) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [AHUS], server = [10.132.16.21], expire = [1228836887] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS; value = 10.132.16.21 and timeout = Tue Dec 9 16:34:47 2008 (900 seconds ahead) [2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [ahus.no], server = [10.132.16.21], expire = [1228836887] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = 10.132.16.21 and timeout = Tue Dec 9 16:34:47 2008 (900 seconds ahead) [2008/12/09 16:19:47, 4] libads/ldap.c:ads_current_time(2607) time offset is 76 seconds [2008/12/09 16:19:47, 4] libads/sasl.c:ads_sasl_bind(1112) Found SASL mechanism GSS-SPNEGO [2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/12/09 16:19:47, 3] libads/sasl.c:ads_sasl_spnego_bind(789) ads_sasl_spnego_bind: got server principal name = bredde$@AHUS.NO [2008/12/09 16:19:47, 4] libsmb/clikrb5.c:ads_krb5_mk_req(688) ads_krb5_mk_req: Advancing clock by 76 seconds to cope with clock skew [2008/12/09 16:19:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Wed, 10 Dec 2008 02:15:56 CET [2008/12/09 16:19:47, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:winbind_ccache) is valid until: (Wed, 10 Dec 2008 02:15:56 CET - 1228871756) [2008/12/09 16:19:47, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) Got KRB5 session key of length 16 [2008/12/09 16:19:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for (objectclass=*) in <> gave 1 replies [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:store_cache_seqnum(456) store_cache_seqnum: success [AHUS][42827590 @ 1228835987] [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:refresh_sequence_number(538) refresh_sequence_number: AHUS seq number is now 42827590 [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:trusted_domains(2106) trusted_domains: [Cached] - doing backend query for info for domain AHUS [2008/12/09 16:19:47, 3] winbindd/winbindd_ads.c:trusted_domains(1171) ads: trusted_domains [2008/12/09 16:19:47, 3] winbindd/winbindd_cm.c:connection_ok(1576) connection_ok: Connection to bredde.ahus.no for domain AHUS has died or was never started (fd == -1) [2008/12/09 16:19:47, 1] libsmb/clientgen.c:cli_rpc_pipe_close(559) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xc008 to machine bredde.ahus.no. Error was SUCCESS - 0 [2008/12/09 16:19:47, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) cli_rpc_pipe_close: closed pipe \NETLOGON to machine bredde.ahus.no [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS, value = 10.132.16.21, timeout = Tue Dec 9 16:34:47 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "10.132.16.21" for "AHUS" domain [2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:cm_open_connection(1398) cm_open_connection: saf_servername is '10.132.16.21' for domain AHUS [2008/12/09 16:19:47, 5] libads/ldap.c:ads_try_connect(188) ads_try_connect: sending CLDAP request to 10.132.16.21 (realm: ahus.no) r : union nbt_cldap_netlogon(case 6) logon5: struct nbt_cldap_netlogon_5 type : NETLOGON_RESPONSE_FROM_PDC2 (23) sbz : 0x0000 (0) server_type : 0x000001bc (444) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 0: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 domain_uuid : d36df92d-628a-435e-bede-27cb29aacda1 forest : 'ahus.no' dns_domain : 'ahus.no' pdc_dns_name : 'bredde.ahus.no' domain : 'AHUS' pdc_name : 'BREDDE' user_name : '' server_site : 'SIAADM' client_site : 'SIAADM' nt_version : 0x00000005 (5) 1: NETLOGON_VERSION_1 0: NETLOGON_VERSION_5 1: NETLOGON_VERSION_5EX 0: NETLOGON_VERSION_5EX_WITH_IP 0: NETLOGON_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_VERSION_AVOID_NT4_EMUL 0: NETLOGON_VERSION_PDC 0: NETLOGON_VERSION_IP 0: NETLOGON_VERSION_LOCAL 0: NETLOGON_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [AHUS], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647660 seconds ahead) [2008/12/09 16:19:47, 10] libads/dns.c:sitename_store(778) sitename_store: realm = [ahus.no], sitename = [SIAADM], expire = [2147483647] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = AD_SITENAME/DOMAIN/AHUS.NO; value = SIAADM and timeout = Tue Jan 19 04:14:07 2038 (918647660 seconds ahead) [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_store(143) namecache_store: storing 1 address for bredde.ahus.no#20: 10.132.16.21 [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = NBT/BREDDE.AHUS.NO#20; value = 10.132.16.21:0 and timeout = Tue Dec 9 16:30:47 2008 (660 seconds ahead) [2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:dcip_to_name(1077) dcip_to_name: flags = 0x1bc [2008/12/09 16:19:47, 10] libads/ldap.c:ads_closest_dc(155) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:19:47, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(871) create_local_private_krb5_conf_for_domain: fname = /var/lock/samba/smb_krb5/krb5.conf.AHUS, realm = ahus.no, domain = AHUS [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = 10.132.16.21, timeout = Tue Dec 9 16:34:47 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "10.132.16.21" for "ahus.no" domain [2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "10.132.16.21, *" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = SAF/DOMAIN/AHUS.NO, value = 10.132.16.21, timeout = Tue Dec 9 16:34:47 2008 [2008/12/09 16:19:47, 5] libsmb/namequery.c:saf_fetch(138) saf_fetch: Returning "10.132.16.21" for "ahus.no" domain [2008/12/09 16:19:47, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "10.132.16.21, *" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up ahus.no#1c (sitename (null)) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/AHUS.NO#1C, value = 10.132.16.21:389, timeout = Tue Dec 9 16:22:09 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name ahus.no#1C found. [2008/12/09 16:19:47, 8] libsmb/namequery.c:get_dc_list(1930) Adding 1 DC's from auto lookup [2008/12/09 16:19:47, 10] libsmb/namequery.c:remove_duplicate_addrs2(520) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2042) get_dc_list: returning 1 ip addresses in an ordered list [2008/12/09 16:19:47, 4] libsmb/namequery.c:get_dc_list(2043) get_dc_list: 10.132.16.21:389 [2008/12/09 16:19:47, 10] libads/kerberos.c:get_kdc_ip_string(820) get_kdc_ip_string: Returning kdc = 10.132.16.21 [2008/12/09 16:19:47, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(946) create_local_private_krb5_conf_for_domain: wrote file /var/lock/samba/smb_krb5/krb5.conf.AHUS with realm AHUS.NO KDC list = kdc = 10.132.16.21 [2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [AHUS], server = [bredde.ahus.no], expire = [1228836887] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 (900 seconds ahead) [2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [ahus.no], server = [bredde.ahus.no], expire = [1228836887] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 (900 seconds ahead) [2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:cm_open_connection(1430) cm_open_connection: dcname is 'bredde.ahus.no' for domain AHUS [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = AD_SITENAME/DOMAIN/AHUS.NO, value = SIAADM, timeout = Tue Jan 19 04:14:07 2038 [2008/12/09 16:19:47, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning sitename for AHUS.NO: "SIAADM" [2008/12/09 16:19:47, 10] libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking up bredde.ahus.no#20 (sitename SIAADM) [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = NBT/BREDDE.AHUS.NO#20, value = 10.132.16.21:0, timeout = Tue Dec 9 16:30:47 2008 [2008/12/09 16:19:47, 5] libsmb/namecache.c:namecache_fetch(233) name bredde.ahus.no#20 found. [2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:cm_prepare_connection(753) cm_prepare_connection: connecting to DC bredde.ahus.no for domain AHUS [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,194) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,194) wrote 194 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 172 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=172 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4428 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=47232 (0xB880) smb_vwv[12]=37941 (0x9435) smb_vwv[13]= 4543 (0x11BF) smb_vwv[14]=51546 (0xC95A) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=103 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ [060] 41 48 55 53 2E 4E 4F AHUS.NO [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=172 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=4428 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 9 (0x9) smb_vwv[ 1]=12815 (0x320F) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=47232 (0xB880) smb_vwv[12]=37941 (0x9435) smb_vwv[13]= 4543 (0x11BF) smb_vwv[14]=51546 (0xC95A) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=103 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 4C 6D C3 39 67 44 D4 4A 80 17 B5 86 E4 28 48 2E Lm.9gD.J .....(H. [010] 60 55 06 06 2B 06 01 05 05 02 A0 4B 30 49 A0 30 `U..+... ...K0I.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 15 30 13 A0 11 1B 0F 62 72 65 64 64 65 24 40 ..0..... bredde$@ [060] 41 48 55 53 2E 4E 4F AHUS.NO [2008/12/09 16:19:47, 5] winbindd/winbindd_cm.c:cm_prepare_connection(831) connecting to bredde.ahus.no from LORDVADER with kerberos principal [LORDVADER$@AHUS.NO] and realm [ahus.no] [2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=103) [2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 48018 1 2 2 [2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 [2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 3 [2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 3 6 1 4 1 311 2 2 10 [2008/12/09 16:19:47, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got principal=bredde$@AHUS.NO [2008/12/09 16:19:47, 10] libads/kerberos.c:kerberos_kinit_password_ext(217) kerberos_kinit_password: as LORDVADER$@AHUS.NO using [MEMORY:cliconnect] as ccache and config [/var/lock/samba/smb_krb5/krb5.conf.AHUS] [2008/12/09 16:19:47, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/12/09 16:19:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Wed, 10 Dec 2008 02:14:18 CET [2008/12/09 16:19:47, 10] libsmb/clikrb5.c:ads_krb5_mk_req(702) ads_krb5_mk_req: Ticket (bredde$@AHUS.NO) in ccache (MEMORY:cliconnect) is valid until: (Wed, 10 Dec 2008 02:14:18 CET - 1228871658) [2008/12/09 16:19:47, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(873) Got KRB5 session key of length 16 [2008/12/09 16:19:47, 5] libsmb/smb_signing.c:set_smb_signing_real_common(140) Mandatory SMB signing enabled! [2008/12/09 16:19:47, 5] libsmb/smb_signing.c:set_smb_signing_real_common(144) SMB signing enabled! [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:cli_simple_set_signing(494) cli_simple_set_signing: user_session_key [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] C0 65 EB 35 EF 82 53 52 D4 37 55 72 26 28 62 11 .e.5..SR .7Ur&(b. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:cli_simple_set_signing(502) cli_simple_set_signing: NULL response_data [2008/12/09 16:19:47, 10] libsmb/cliconnect.c:cli_session_setup_blob(578) cli_session_setup_blob: Remaining (0) sending (1139) current (1139) [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 0 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 5E 6D A2 83 9D 1D 98 1F ^m...... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 1 mid = 2 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,1224) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,1224) wrote 1224 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 197 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4428 smb_uid=4096 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 197 (0xC5) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=154 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 89 57 00 69 00 6E ........ ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 1 mid = 2 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 1 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 1: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] FA B5 99 B3 42 8F 01 8D ....B... [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=4428 smb_uid=4096 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 197 (0xC5) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=154 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 89 57 00 69 00 6E ........ ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [040] 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 . .3.7.9 .0. .S.e [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a [060] 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E .c.k. .1 ...W.i.n [070] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [080] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [090] 00 20 00 35 00 2E 00 32 00 00 . .5...2 .. [2008/12/09 16:19:47, 10] libsmb/clientgen.c:cli_init_creds(429) cli_init_creds: user LORDVADER$ domain AHUS [2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [AHUS], server = [bredde.ahus.no], expire = [1228836887] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 (900 seconds ahead) [2008/12/09 16:19:47, 10] libsmb/namequery.c:saf_store(75) saf_store: domain = [ahus.no], server = [bredde.ahus.no], expire = [1228836887] [2008/12/09 16:19:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = SAF/DOMAIN/AHUS.NO; value = bredde.ahus.no and timeout = Tue Dec 9 16:34:47 2008 (900 seconds ahead) [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 2 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] C8 8F 05 B7 50 2E C0 60 ....P..` [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 3 mid = 3 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,96) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,96) wrote 96 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 56 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 49 50 43 00 00 00 00 IPC.... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 3 mid = 3 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 3 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 3: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] B3 95 BC 14 B8 B2 DE 5A .......Z [2008/12/09 16:19:47, 10] winbindd/winbindd_cm.c:set_domain_online(385) set_domain_online: called for domain AHUS [2008/12/09 16:19:47, 10] lib/messages_local.c:messaging_tdb_store(215) messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : 0x00000403 (1027) dest: struct server_id id : 0x00001012 (4114) src: struct server_id id : 0x0000114c (4428) buf : DATA_BLOB length=5 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 41 48 55 53 00 AHUS. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 2D 69 6C 80 78 58 DA C2 -il.xX.. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 5 mid = 4 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,108) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,108) wrote 108 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 5 mid = 4 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 5 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 5: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] D2 4D B1 0D 73 E1 4E 78 .M..s.Nx [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[400a]: \NETLOGON auth_type 0, auth_level 0 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345678 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 cf fb [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16394 (0x400A) smb_bcc=87 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 15 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 6 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 12 67 2E 59 87 5A 7B E6 .g.Y.Z{. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 7 mid = 5 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,158) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,158) wrote 158 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 124 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 H....... .D...... [010] 00 B8 10 B8 10 D8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 26 1A 01 00 00 00 00 00 00 \lsass.& ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 7 mid = 5 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 7 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 7: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 0E 06 D1 21 1F E6 58 FE ...!..X. [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 H....... .D...... [010] 00 B8 10 B8 10 D8 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 26 1A 01 00 00 00 00 00 00 \lsass.& ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 7 mid = 5 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a returned 68 bytes. [2008/12/09 16:19:47, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a bind request returned ok. [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261d8 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2282) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine bredde.ahus.no and bound anonymously. netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\bredde.ahus.no' computer_name : 'LORDVADER' credentials : * credentials: struct netr_Credential data : 2e992acd7af27d85 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0074 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000016 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000005c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0004 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=198 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 116 (0x74) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16394 (0x400A) smb_bcc=131 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 74 00 00 00 16 00 00 00 5C .......t .......\ [020] 00 00 00 00 00 04 00 00 00 02 00 11 00 00 00 00 ........ ........ [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0A 00 00 00 00 ...n.o.. ........ [060] 00 00 00 0A 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V [070] 00 41 00 44 00 45 00 52 00 00 00 2E 99 2A CD 7A .A.D.E.R .....*.z [080] F2 7D 85 .}. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 8 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] D4 8D DD B4 39 26 50 BD ....9&P. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 9 mid = 6 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,202) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,202) wrote 202 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 92 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 t....... .$...... [010] 00 0C 00 00 00 00 00 00 00 B9 66 4F 53 DA BC CF ........ ..fOS... [020] 8E 00 00 00 00 ..... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 9 mid = 6 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 9 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 9: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 0D E2 F8 3B A7 FC 3A E6 ...;..:. [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 74 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 t....... .$...... [010] 00 0C 00 00 00 00 00 00 00 B9 66 4F 53 DA BC CF ........ ..fOS... [020] 8E 00 00 00 00 ..... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 9 mid = 6 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000016 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 36 at offset 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a returned 24 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : b9664f53dabccf8e result : NT_STATUS_OK [2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(294) creds_client_init: neg_flags : 600fffff [2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(295) creds_client_init: client chal : 2E992ACD7AF27D85 [2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(296) creds_client_init: server chal : B9664F53DABCCF8E [2008/12/09 16:19:47, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2008/12/09 16:19:47, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: 2E992ACD7AF27D85 [2008/12/09 16:19:47, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : B9664F53DABCCF8E [2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(314) creds_client_init: clnt : F3E6C61169FFABC5 [2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(315) creds_client_init: server : 4C695E0FE825DEE1 [2008/12/09 16:19:47, 10] libsmb/credentials.c:creds_client_init(316) creds_client_init: seed : F3E6C61169FFABC5 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\bredde.ahus.no' account_name : 'LORDVADER$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : 'LORDVADER' credentials : * credentials: struct netr_Credential data : f3e6c61169ffabc5 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 009c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000017 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000084 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 000f [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=238 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 156 (0x9C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16394 (0x400A) smb_bcc=171 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 9C 00 00 00 17 00 00 00 84 ........ ........ [020] 00 00 00 00 00 0F 00 00 00 02 00 11 00 00 00 00 ........ ........ [030] 00 00 00 11 00 00 00 5C 00 5C 00 62 00 72 00 65 .......\ .\.b.r.e [040] 00 64 00 64 00 65 00 2E 00 61 00 68 00 75 00 73 .d.d.e.. .a.h.u.s [050] 00 2E 00 6E 00 6F 00 00 00 00 00 0B 00 00 00 00 ...n.o.. ........ [060] 00 00 00 0B 00 00 00 4C 00 4F 00 52 00 44 00 56 .......L .O.R.D.V [070] 00 41 00 44 00 45 00 52 00 24 00 00 00 02 00 0A .A.D.E.R .$...... [080] 00 00 00 00 00 00 00 0A 00 00 00 4C 00 4F 00 52 ........ ...L.O.R [090] 00 44 00 56 00 41 00 44 00 45 00 52 00 00 00 F3 .D.V.A.D .E.R.... [0A0] E6 C6 11 69 FF AB C5 FF FF 0F 60 ...i.... ..` [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 10 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 53 5B 1D F8 2F 56 90 AA S[../V.. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 11 mid = 7 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,242) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,242) wrote 242 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 96 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 4C 69 5E 0F E8 25 DE ........ .Li^..%. [020] E1 FF FF 0F 60 00 00 00 00 ....`... . [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 11 mid = 7 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 11 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 11: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 71 6B 1E 2C E7 A7 3A 33 qk.,..:3 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 9C 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 4C 69 5E 0F E8 25 DE ........ .Li^..%. [020] E1 FF FF 0F 60 00 00 00 00 ....`... . [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 11 mid = 7 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000017 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 40 at offset 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400a returned 32 bytes. netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 4c695e0fe825dee1 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2008/12/09 16:19:47, 10] libsmb/credentials.c:netlogon_creds_client_check(338) netlogon_creds_client_check: credentials check OK. [2008/12/09 16:19:47, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(221) rpccli_netlogon_setup_creds: server bredde.ahus.no credential chain established. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 12 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 0A 96 7A E8 3B 44 0D 14 ..z.;D.. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 13 mid = 8 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,108) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,108) wrote 108 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 103 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 2816 (0xB00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 13 mid = 8 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 13 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 13: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 06 08 B6 8F FB 44 03 E7 .....D.. [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2049) Bind RPC Pipe[400b]: \NETLOGON auth_type 2, auth_level 6 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:valid_pipe_name(1653) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 type1: 00000000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 type2: 00000003 [2008/12/09 16:19:47, 6] lib/util.c:dump_data(2223) [000] 41 48 55 53 AHUS [2008/12/09 16:19:47, 6] lib/util.c:dump_data(2223) [000] 4C 4F 52 44 56 41 44 45 52 LORDVADE R [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0067 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_rb [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 00000000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_contexts: 01 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c context_id : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001e num_transfer_syntaxes: 01 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 00001f smb_io_rpc_iface [2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 12345678 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1234 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : abcd [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : ef 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 01 23 45 67 cf fb [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000001 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_rpc_iface [2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) 000034 smb_io_uuid uuid [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 data : 8a885d04 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0038 data : 1ceb [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 003a data : 11c9 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003c data : 9f e8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003e data : 08 00 2b 10 48 60 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 version: 00000002 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000048 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0048 auth_type : 44 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0049 auth_level : 06 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004a auth_pad_len : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 004b auth_reserved: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 004c auth_context_id: 00000001 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=185 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 103 (0x67) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16395 (0x400B) smb_bcc=118 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 67 00 17 00 18 00 00 00 B8 .......g ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 41 48 55 53 00 4C 4F 52 44 .......A HUS.LORD [070] 56 41 44 45 52 00 VADER. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 14 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] A2 EB 76 0D 79 22 F6 1A ..v.y".. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 15 mid = 9 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,189) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,189) wrote 189 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 144 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 g....... .X...... [010] 00 B8 10 B8 10 D9 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 D1 5D 01 00 00 00 00 00 00 \lsass.. ]....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 76 F4 17 ......v. . [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 15 mid = 9 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 15 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 15: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 80 8F 40 96 1B 14 A4 45 ..@....E [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 67 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 g....... .X...... [010] 00 B8 10 B8 10 D9 61 22 00 0C 00 5C 50 49 50 45 ......a" ...\PIPE [020] 5C 6C 73 61 73 73 00 D1 5D 01 00 00 00 00 00 00 \lsass.. ]....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 76 F4 17 ......v. . [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 15 mid = 9 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 88 at offset 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b returned 88 bytes. [2008/12/09 16:19:47, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b bind request returned ok. [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0058 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_ba [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_bba [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 max_tsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 max_rsize: 10b8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 assoc_gid: 002261d9 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_addr_str [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 len: 000c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a str: \PIPE\lsass. [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000026 smb_io_rpc_results [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 num_results: 01 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002c result : 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002e reason : 0000 [2008/12/09 16:19:47, 6] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_iface [2008/12/09 16:19:47, 7] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_uuid uuid [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 data : 8a885d04 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0034 data : 1ceb [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0036 data : 11c9 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0038 data : 9f e8 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 003a data : 08 00 2b 10 48 60 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 version: 00000002 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:check_bind_response(1704) check_bind_response: accepted! [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2554) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine bredde.ahus.no for domain AHUS and bound using schannel. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 16 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 24 99 B7 B3 C9 FA 5E A0 $.....^. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 17 mid = 10 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,45) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,45) wrote 45 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=10 smt_wct=0 smb_bcc=0 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 17 mid = 10 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 17 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 17: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] E6 A9 C2 70 EB B7 8E B2 ...p.... [2008/12/09 16:19:47, 10] libsmb/clientgen.c:cli_rpc_pipe_close(567) cli_rpc_pipe_close: closed pipe \NETLOGON to machine bredde.ahus.no netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : 'bredde.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000019 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_req hdr_req [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000034 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 opnum : 0028 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000050 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0050 auth_type : 44 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0051 auth_level : 06 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0052 auth_pad_len : 04 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0053 auth_reserved: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0054 auth_context_id: 00000001 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357) add_schannel_auth_footer: SCHANNEL seq_num=0 [2008/12/09 16:19:47, 10] rpc_parse/parse_prs.c:schannel_encode(1666) SCHANNEL: schannel_encode seq_num=0 data_len=56 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000058 smb_io_rpc_auth_schannel_chk [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0058 sig : 77 00 7a 00 ff ff 00 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0060 seq_num: 07 23 a8 e6 3c 0e 2c 70 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0068 packet_digest: d4 e6 7d fe f3 d9 3a 53 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0070 confounder: 58 ea b3 cb 0a 1b 2e e5 [2008/12/09 16:19:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(769) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16395 (0x400B) smb_bcc=135 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 20 00 19 00 00 00 34 .......x . .....4 [020] 00 00 00 00 00 28 00 70 34 95 7E 95 FB D4 24 E0 .....(.p 4.~...$. [030] D2 9F 96 AC E4 AE F8 65 E1 F6 6E 15 00 EC DF A9 .......e ..n..... [040] 29 FF EE AC BB E7 B7 6D B7 A8 CB F3 F1 41 05 53 )......m .....A.S [050] FE 45 07 FC 9F 0B 02 E5 82 B0 07 E1 7A 5F 15 44 .E...... ....z_.D [060] 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 07 .......w .z...... [070] 23 A8 E6 3C 0E 2C 70 D4 E6 7D FE F3 D9 3A 53 58 #..<.,p. .}...:SX [080] EA B3 CB 0A 1B 2E E5 ....... [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 18 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(351) client_sign_outgoing_message: sent SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 3B B2 4D 63 70 C2 F8 2A ;.Mcp..* [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(67) store_sequence_for_reply: stored seq = 19 mid = 11 [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(236) write_socket(26,206) [2008/12/09 16:19:47, 6] libsmb/clientgen.c:write_socket(239) write_socket(26,206) wrote 206 [2008/12/09 16:19:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 664 [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=664 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 608 (0x260) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 608 (0x260) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=609 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 19 00 00 x....... .`. .... [010] 00 1C 02 00 00 00 00 00 00 B1 47 61 5A 1D D4 F2 ........ ..GaZ... [020] A6 A7 92 78 94 EB 0F 45 13 EA 25 08 37 C8 D4 47 ...x...E ..%.7..G [030] A5 75 01 B8 67 77 5A 64 27 72 1E 89 86 C6 C6 86 .u..gwZd 'r...... [040] B6 03 94 B9 62 A6 56 CE 41 09 4B E1 DF 40 0B 6F ....b.V. A.K..@.o [050] 19 A6 80 19 C2 1B 4E E1 86 38 8D 2C 57 69 72 3A ......N. .8.,Wir: [060] 80 45 24 96 ED C4 CA 61 A2 8C E8 A4 AB 16 42 6B .E$....a ......Bk [070] 5D 07 C4 93 DE 29 82 0F 52 8D 1F 1C 70 1F 62 0D ]....).. R...p.b. [080] FA 2A 61 7C 87 75 92 27 EA F2 26 43 F4 64 A2 A6 .*a|.u.' ..&C.d.. [090] 76 97 E8 C6 E9 3D E3 7F 34 05 8A 35 6D 61 59 1A v....=.. 4..5maY. [0A0] 3E 58 EB 87 B4 60 ED FE E1 0A D4 32 2E A0 5E 8C >X...`.. ...2..^. [0B0] 4B 33 95 65 E8 7B 66 43 2C C0 96 4F FE F2 F9 52 K3.e.{fC ,..O...R [0C0] 8F F0 4F 88 77 51 BA 4C B6 34 83 29 96 A0 03 C4 ..O.wQ.L .4.).... [0D0] 79 1E A5 DE C0 0E 9D 73 14 6F D8 84 CD B0 F1 C4 y......s .o...... [0E0] 5E 07 87 D9 24 E6 D0 C5 95 E7 16 1E 6F 74 0B 4C ^...$... ....ot.L [0F0] DE 61 6C 81 C9 F4 59 06 55 5E 0D F6 47 39 29 DC .al...Y. U^..G9). [100] A1 34 AB 97 DE 06 F1 49 CE F8 3B CE 72 37 DD 19 .4.....I ..;.r7.. [110] 59 A8 12 19 EC 2A A5 B3 78 B6 66 82 9B 8B C1 C5 Y....*.. x.f..... [120] 2C 6F 33 67 AE 92 6D 94 3E 52 3F 18 6F DB 0C F3 ,o3g..m. >R?.o... [130] 19 B1 C6 11 16 B2 9E 45 6D 0F A9 CA 23 6B 81 1E .......E m...#k.. [140] E8 94 CD EE 4A D3 B0 1D 21 AA 80 D4 89 58 83 8F ....J... !....X.. [150] 0C 38 D6 78 32 A3 CB 33 5C 7A A0 FC 4F C5 F4 D3 .8.x2..3 \z..O... [160] 7E E9 3C 2E 37 88 6E 1B 0C 37 75 8C B7 37 89 ED ~.<.7.n. .7u..7.. [170] 76 31 C6 D8 17 B4 56 2F 83 7C 30 68 96 69 08 2B v1....V/ .|0h.i.+ [180] C4 7C 12 68 5E BF 50 50 2F FB D8 B0 FA C5 21 82 .|.h^.PP /.....!. [190] 50 46 B2 86 CA 9F 54 75 74 EB 7E 50 C1 43 78 38 PF....Tu t.~P.Cx8 [1A0] C4 06 CF 5F CF 54 72 54 20 F5 B9 22 9F A7 EC 01 ..._.TrT ..".... [1B0] 03 9D 30 31 6C A1 97 B4 23 8F F4 AC 47 DB E7 1C ..01l... #...G... [1C0] 4A CF EC 70 5E F7 B6 83 E0 5D 74 7F 2D B5 4D 0D J..p^... .]t.-.M. [1D0] 05 A1 E4 D3 68 27 BE 91 BF 2E 58 95 06 F9 D2 8C ....h'.. ..X..... [1E0] 35 32 BA 06 FF 47 21 BF 5C 8F 30 47 E6 65 A1 9E 52...G!. \.0G.e.. [1F0] 0F 22 3D 71 CD 52 98 A3 AA 34 32 4C BB 78 FE BE ."=q.R.. .42L.x.. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 19 mid = 11 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 19 [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:client_check_incoming_message(434) client_check_incoming_message: seq 19: got good SMB signature of [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 15 D6 A2 FE 76 F6 30 D4 ....v.0. [2008/12/09 16:19:47, 5] lib/util.c:show_msg(642) [2008/12/09 16:19:47, 5] lib/util.c:show_msg(652) size=664 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2052 smb_pid=4428 smb_uid=4096 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 608 (0x260) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 608 (0x260) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=609 [2008/12/09 16:19:47, 10] lib/util.c:dump_data(2223) [000] 78 05 00 02 03 10 00 00 00 60 02 20 00 19 00 00 x....... .`. .... [010] 00 1C 02 00 00 00 00 00 00 B1 47 61 5A 1D D4 F2 ........ ..GaZ... [020] A6 A7 92 78 94 EB 0F 45 13 EA 25 08 37 C8 D4 47 ...x...E ..%.7..G [030] A5 75 01 B8 67 77 5A 64 27 72 1E 89 86 C6 C6 86 .u..gwZd 'r...... [040] B6 03 94 B9 62 A6 56 CE 41 09 4B E1 DF 40 0B 6F ....b.V. A.K..@.o [050] 19 A6 80 19 C2 1B 4E E1 86 38 8D 2C 57 69 72 3A ......N. .8.,Wir: [060] 80 45 24 96 ED C4 CA 61 A2 8C E8 A4 AB 16 42 6B .E$....a ......Bk [070] 5D 07 C4 93 DE 29 82 0F 52 8D 1F 1C 70 1F 62 0D ]....).. R...p.b. [080] FA 2A 61 7C 87 75 92 27 EA F2 26 43 F4 64 A2 A6 .*a|.u.' ..&C.d.. [090] 76 97 E8 C6 E9 3D E3 7F 34 05 8A 35 6D 61 59 1A v....=.. 4..5maY. [0A0] 3E 58 EB 87 B4 60 ED FE E1 0A D4 32 2E A0 5E 8C >X...`.. ...2..^. [0B0] 4B 33 95 65 E8 7B 66 43 2C C0 96 4F FE F2 F9 52 K3.e.{fC ,..O...R [0C0] 8F F0 4F 88 77 51 BA 4C B6 34 83 29 96 A0 03 C4 ..O.wQ.L .4.).... [0D0] 79 1E A5 DE C0 0E 9D 73 14 6F D8 84 CD B0 F1 C4 y......s .o...... [0E0] 5E 07 87 D9 24 E6 D0 C5 95 E7 16 1E 6F 74 0B 4C ^...$... ....ot.L [0F0] DE 61 6C 81 C9 F4 59 06 55 5E 0D F6 47 39 29 DC .al...Y. U^..G9). [100] A1 34 AB 97 DE 06 F1 49 CE F8 3B CE 72 37 DD 19 .4.....I ..;.r7.. [110] 59 A8 12 19 EC 2A A5 B3 78 B6 66 82 9B 8B C1 C5 Y....*.. x.f..... [120] 2C 6F 33 67 AE 92 6D 94 3E 52 3F 18 6F DB 0C F3 ,o3g..m. >R?.o... [130] 19 B1 C6 11 16 B2 9E 45 6D 0F A9 CA 23 6B 81 1E .......E m...#k.. [140] E8 94 CD EE 4A D3 B0 1D 21 AA 80 D4 89 58 83 8F ....J... !....X.. [150] 0C 38 D6 78 32 A3 CB 33 5C 7A A0 FC 4F C5 F4 D3 .8.x2..3 \z..O... [160] 7E E9 3C 2E 37 88 6E 1B 0C 37 75 8C B7 37 89 ED ~.<.7.n. .7u..7.. [170] 76 31 C6 D8 17 B4 56 2F 83 7C 30 68 96 69 08 2B v1....V/ .|0h.i.+ [180] C4 7C 12 68 5E BF 50 50 2F FB D8 B0 FA C5 21 82 .|.h^.PP /.....!. [190] 50 46 B2 86 CA 9F 54 75 74 EB 7E 50 C1 43 78 38 PF....Tu t.~P.Cx8 [1A0] C4 06 CF 5F CF 54 72 54 20 F5 B9 22 9F A7 EC 01 ..._.TrT ..".... [1B0] 03 9D 30 31 6C A1 97 B4 23 8F F4 AC 47 DB E7 1C ..01l... #...G... [1C0] 4A CF EC 70 5E F7 B6 83 E0 5D 74 7F 2D B5 4D 0D J..p^... .]t.-.M. [1D0] 05 A1 E4 D3 68 27 BE 91 BF 2E 58 95 06 F9 D2 8C ....h'.. ..X..... [1E0] 35 32 BA 06 FF 47 21 BF 5C 8F 30 47 E6 65 A1 9E 52...G!. \.0G.e.. [1F0] 0F 22 3D 71 CD 52 98 A3 AA 34 32 4C BB 78 FE BE ."=q.R.. .42L.x.. [2008/12/09 16:19:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(80) get_sequence_for_reply: found seq = 19 mid = 11 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr rpc_hdr [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0260 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0020 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000019 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000021c [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000238 smb_io_rpc_hdr_auth hdr_auth [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0238 auth_type : 44 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0239 auth_level : 06 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 023a auth_pad_len : 04 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8(624) 023b auth_reserved: 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint32(718) 023c auth_context_id: 00000001 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_debug(88) 000240 smb_io_rpc_auth_schannel_chk [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0240 sig : 77 00 7a 00 ff ff 00 00 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0248 seq_num: 6a 00 65 59 49 19 d1 b5 [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0250 packet_digest: 00 4b 14 22 59 6b 6e 1a [2008/12/09 16:19:47, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0258 confounder: 57 cb d2 42 1a d8 ad cc [2008/12/09 16:19:47, 10] rpc_parse/parse_prs.c:schannel_decode(1743) SCHANNEL: schannel_decode seq_num=1 data_len=544 [2008/12/09 16:19:47, 10] rpc_parse/parse_prs.c:schannel_decode(1763) SCHANNEL: schannel_decode seq_num=1 data_len=544 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 608, data_len 540, ss_len 4 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 608 at offset 0 [2008/12/09 16:19:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(893) rpc_api_pipe: Remote machine bredde.ahus.no pipe \NETLOGON fnum 0x400b returned 1080 bytes. netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts out: struct netr_DsrEnumerateDomainTrusts trusts : * trusts: struct netr_DomainTrustList count : 0x00000004 (4) array : * array: ARRAY(4) array: struct netr_DomainTrust netbios_name : * netbios_name : 'SIAADM' dns_name : * dns_name : 'adm.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000003 (3) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000020 (32) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-29509730-458046710-584457872 guid : 86e1733e-c58a-4e40-a623-e342ffcb5aeb array: struct netr_DomainTrust netbios_name : * netbios_name : 'SIAPAS' dns_name : * dns_name : 'pas.ahus.no' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000003 (3) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000020 (32) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 1: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-12156805-1400573469-1836196843 guid : af7f7233-e3ee-4db3-9a26-1fa9b7a2db87 array: struct netr_DomainTrust netbios_name : * netbios_name : 'AD' dns_name : * dns_name : 'ad.ahus.no' trust_flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000000 (0) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000004 (4) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 1: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-1100344877-3013322779-101495848 guid : 00000000-0000-0000-0000-000000000000 array: struct netr_DomainTrust netbios_name : * netbios_name : 'AHUS' dns_name : * dns_name : 'ahus.no' trust_flags : 0x0000001d (29) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND parent_index : 0x00000000 (0) trust_type : NETR_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL sid : * sid : S-1-5-21-800612262-1210951328-1076162327 guid : d36df92d-628a-435e-bede-27cb29aacda1 result : WERR_OK [2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain adm.ahus.no [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain SIAADM (adm.ahus.no), SID S-1-5-21-29509730-458046710-584457872, flags = 0x23, attributes = 0x20, type = 0x2 [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) add_wbdomain_to_tdc_array: Found existing record for SIAADM [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 6 trusted domains [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AD (ad.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain pas.ahus.no [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain SIAPAS (pas.ahus.no), SID S-1-5-21-12156805-1400573469-1836196843, flags = 0x23, attributes = 0x20, type = 0x2 [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) add_wbdomain_to_tdc_array: Found existing record for SIAPAS [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 6 trusted domains [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AD (ad.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ad.ahus.no [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain AD (ad.ahus.no), SID S-1-5-21-1100344877-3013322779-101495848, flags = 0x22, attributes = 0x4, type = 0x2 [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) add_wbdomain_to_tdc_array: Found existing record for AD [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 6 trusted domains [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AD (ad.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_ads.c:trusted_domains(1270) trusted_domains(ads): Searching trusted domain list of AHUS and storing trust flags for domain ahus.no [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:wcache_tdc_add_domain(3822) wcache_tdc_add_domain: Adding domain AHUS (ahus.no), SID S-1-5-21-800612262-1210951328-1076162327, flags = 0x1d, attributes = 0x0, type = 0x2 [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:add_wbdomain_to_tdc_array(3547) add_wbdomain_to_tdc_array: Found existing record for AHUS [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3631) pack_tdc_domains: Packing 6 trusted domains [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain BUILTIN () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain LORDVADER () [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AHUS (ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAADM (adm.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain SIAPAS (pas.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:pack_tdc_domains(3650) pack_tdc_domains: Packing domain AD (ad.ahus.no) [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:cache_store_response(2423) Storing response for pid 4428, len 3721 [2008/12/09 16:19:47, 10] winbindd/winbindd_cache.c:cache_store_response(2437) Storing extra data: len=225