[2008/06/20 11:54:14, 4] nsswitch/winbindd_dual.c:fork_domain_child(1062) child daemon request 47 [2008/06/20 11:54:14, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn INIT_CONNECTION [2008/06/20 11:54:14, 8] nsswitch/winbindd_cm.c:connection_ok(1498) connection_ok: Connection to for domain RK_KLBG has NULL cli! [2008/06/20 11:54:14, 10] lib/gencache.c:gencache_get(212) Cache entry with key = SAF/DOMAIN/RK_KLBG couldn't be found [2008/06/20 11:54:14, 5] libsmb/namequery.c:saf_fetch(133) saf_fetch: failed to find server for "RK_KLBG" domain [2008/06/20 11:54:14, 10] nsswitch/winbindd_cm.c:cm_open_connection(1368) cm_open_connection: dcname is '' for domain RK_KLBG [2008/06/20 11:54:14, 8] libsmb/namequery.c:get_sorted_dc_list(1626) get_sorted_dc_list: attempting lookup for name RK_KLBG (sitename NULL) using [lmhosts wins host bcast] [2008/06/20 11:54:14, 10] lib/gencache.c:gencache_get(212) Cache entry with key = SAF/DOMAIN/RK_KLBG couldn't be found [2008/06/20 11:54:14, 5] libsmb/namequery.c:saf_fetch(133) saf_fetch: failed to find server for "RK_KLBG" domain [2008/06/20 11:54:14, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ", *" [2008/06/20 11:54:14, 10] libsmb/namequery.c:internal_resolve_name(1166) internal_resolve_name: looking up RK_KLBG#1c (sitename (null)) [2008/06/20 11:54:14, 10] lib/gencache.c:gencache_get(226) Returning expired cache entry: key = NBT/RK_KLBG#1C, value = 192.168.60.3:0, timeout = Fri Jun 20 11:29:34 2008 [2008/06/20 11:54:14, 5] libsmb/namecache.c:namecache_fetch(210) no entry for RK_KLBG#1C found. [2008/06/20 11:54:14, 3] libsmb/namequery.c:resolve_lmhosts(966) resolve_lmhosts: Attempting lmhosts lookup for name RK_KLBG<0x1c> [2008/06/20 11:54:14, 4] libsmb/namequery.c:getlmhostsent(717) getlmhostsent: lmhost entry: 127.0.0.1 localhost [2008/06/20 11:54:14, 3] libsmb/namequery.c:resolve_wins(863) resolve_wins: Attempting wins lookup for name RK_KLBG<0x1c> [2008/06/20 11:54:14, 10] lib/gencache.c:gencache_get(212) Cache entry with key = WINS_SRV_DEAD/127.0.0.1,0.0.0.0 couldn't be found [2008/06/20 11:54:14, 4] lib/wins_srv.c:wins_srv_is_dead(111) wins_srv_is_dead: 127.0.0.1 is alive [2008/06/20 11:54:14, 3] libsmb/namequery.c:resolve_wins(902) resolve_wins: using WINS server 127.0.0.1 and tag '*' [2008/06/20 11:54:14, 10] lib/util_sock.c:open_socket_in(831) bind succeeded on port 0 [2008/06/20 11:54:14, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 50 to (127.0.0.1) on port 137 [2008/06/20 11:54:14, 10] lib/util_sock.c:read_udp_socket(294) read_udp_socket: lastip 127.0.0.1 lastport 137 read: 62 [2008/06/20 11:54:14, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 17261 [2008/06/20 11:54:14, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 62 from (127.0.0.1) port 137 [2008/06/20 11:54:14, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 127.0.0.1(137) header: id=17261 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=RK_KLBG<1c> rr_type=32 rr_class=1 ttl=258945 answers 0 char ....<. hex E000C0A83C03 [2008/06/20 11:54:14, 2] libsmb/namequery.c:name_query(604) Got a positive name query response from 127.0.0.1 ( 192.168.60.3 ) [2008/06/20 11:54:14, 10] libsmb/namequery.c:remove_duplicate_addrs2(435) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/06/20 11:54:14, 5] libsmb/namecache.c:namecache_store(135) namecache_store: storing 1 address for RK_KLBG#1c: 192.168.60.3:0 [2008/06/20 11:54:14, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = NBT/RK_KLBG#1C; value = 192.168.60.3:0 and timeout = Fri Jun 20 12:05:14 2008 (660 seconds ahead) [2008/06/20 11:54:14, 10] libsmb/namequery.c:internal_resolve_name(1293) internal_resolve_name: returning 1 addresses: 192.168.60.3:0 [2008/06/20 11:54:14, 8] libsmb/namequery.c:get_dc_list(1505) Adding 1 DC's from auto lookup [2008/06/20 11:54:14, 10] libsmb/namequery.c:remove_duplicate_addrs2(435) remove_duplicate_addrs2: looking for duplicate address/port pairs [2008/06/20 11:54:14, 4] libsmb/namequery.c:get_dc_list(1599) get_dc_list: returning 1 ip addresses in an unordered list [2008/06/20 11:54:14, 4] libsmb/namequery.c:get_dc_list(1600) get_dc_list: 192.168.60.3:0 [2008/06/20 11:54:14, 8] lib/util.c:fcntl_lock(2014) fcntl_lock fd=18 op=13 offset=0 count=1 type=0 [2008/06/20 11:54:14, 3] lib/util.c:fcntl_lock(2027) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2008/06/20 11:54:14, 4] libsmb/clidgram.c:cli_send_mailslot(109) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from SAMBA<00> to RK_KLBG<1c> IP 192.168.60.3 [2008/06/20 11:54:14, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1010) Did not receive packet for \MAILSLOT\NET\GETDC33CA8C0 [2008/06/20 11:54:15, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1010) Did not receive packet for \MAILSLOT\NET\GETDC33CA8C0 [2008/06/20 11:54:15, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1010) Did not receive packet for \MAILSLOT\NET\GETDC33CA8C0 [2008/06/20 11:54:16, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1010) Did not receive packet for \MAILSLOT\NET\GETDC33CA8C0 [2008/06/20 11:54:16, 5] nsswitch/winbindd_cm.c:receive_getdc_response(1010) Did not receive packet for \MAILSLOT\NET\GETDC33CA8C0 [2008/06/20 11:54:17, 10] libsmb/namequery.c:name_status_find(303) name_status_find: looking up RK_KLBG#1c at 192.168.60.3 [2008/06/20 11:54:17, 10] lib/gencache.c:gencache_get(212) Cache entry with key = NBT/RK_KLBG#1C.20.192.168.60.3 couldn't be found [2008/06/20 11:54:17, 5] libsmb/namecache.c:namecache_status_fetch(346) namecache_status_fetch: no entry for NBT/RK_KLBG#1C.20.192.168.60.3 found. [2008/06/20 11:54:17, 10] lib/util_sock.c:open_socket_in(831) bind succeeded on port 0 [2008/06/20 11:54:17, 5] libsmb/nmblib.c:send_udp(779) Sending a packet of len 50 to (192.168.60.3) on port 137 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_udp_socket(294) read_udp_socket: lastip 192.168.60.3 lastport 137 read: 265 [2008/06/20 11:54:17, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 8402 [2008/06/20 11:54:17, 5] libsmb/nmblib.c:read_packet(757) Received a packet of len 265 from (192.168.60.3) port 137 [2008/06/20 11:54:17, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 192.168.60.3(137) header: id=8402 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=RK_KLBG<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .SAMBA hex 0953414D424120202020202020202020 answers 10 char .d.SAMBA hex 00640053414D42412020202020202020 answers 20 char .d.SAMBA hex 202003640053414D4241202020202020 answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F answers 40 char WSE__....RK_KLBG hex 5753455F5F0201E400524B5F4B4C4247 answers 50 char .d.RK_KL hex 20202020202020201D6400524B5F4B4C answers 60 char BG .d.RK_ hex 424720202020202020201B6400524B5F answers 70 char KLBG ...R hex 4B4C424720202020202020201CE40052 answers 80 char K_KLBG .. hex 4B5F4B4C424720202020202020201EE4 answers 90 char .RK_KLBG hex 00524B5F4B4C42472020202020202020 answers a0 char ................ hex 00E40000000000000000000000000000 answers b0 char ................ hex 00000000000000000000000000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char . hex 00 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) SAMBA#00: flags = 0x64 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) SAMBA#03: flags = 0x64 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) SAMBA#20: flags = 0x64 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) __MSBROWSE__#01: flags = 0xe4 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) RK_KLBG#1d: flags = 0x64 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) RK_KLBG#1b: flags = 0x64 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) RK_KLBG#1c: flags = 0xe4 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) RK_KLBG#1e: flags = 0xe4 [2008/06/20 11:54:17, 10] libsmb/namequery.c:parse_node_status(185) RK_KLBG#00: flags = 0xe4 [2008/06/20 11:54:17, 10] libsmb/namequery.c:name_status_find(342) name_status_find: name found, name SAMBA ip address is 192.168.60.3 [2008/06/20 11:54:17, 5] libsmb/namecache.c:namecache_store(135) namecache_store: storing 1 address for SAMBA#20: 192.168.60.3:0 [2008/06/20 11:54:17, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = NBT/SAMBA#20; value = 192.168.60.3:0 and timeout = Fri Jun 20 12:05:17 2008 (660 seconds ahead) [2008/06/20 11:54:17, 10] nsswitch/winbindd_cm.c:cm_prepare_connection(654) cm_prepare_connection: connecting to DC SAMBA for domain RK_KLBG [2008/06/20 11:54:17, 10] passdb/secrets.c:secrets_named_mutex(983) secrets_named_mutex: got mutex for SAMBA [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,194) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,194) wrote 194 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 127 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8196 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 1536 (0x600) smb_vwv[ 8]= 32 (0x20) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=21610 (0x546A) smb_vwv[13]=48026 (0xBB9A) smb_vwv[14]=51410 (0xC8D2) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... .. .0. . [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7...£. [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0. ...NO NE [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8196 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 1536 (0x600) smb_vwv[ 8]= 32 (0x20) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=21610 (0x546A) smb_vwv[13]=48026 (0xBB9A) smb_vwv[14]=51410 (0xC8D2) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 73 61 6D 62 61 00 00 00 00 00 00 00 00 00 00 00 samba... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... .. .0. . [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7...£. [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0. ...NO NE [2008/06/20 11:54:17, 5] nsswitch/winbindd_cm.c:cm_prepare_connection(758) connecting to SAMBA from SAMBA with username [RK_KLBG]\[SAMBA$] [2008/06/20 11:54:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(801) Doing spnego session setup (blob length=58) [2008/06/20 11:54:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(826) got OID=1 3 6 1 4 1 311 2 2 10 [2008/06/20 11:54:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(834) got principal=NONE [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,164) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,164) wrote 164 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 370 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=370 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8196 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 257 (0x101) smb_bcc=327 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.þ0.û . ...¡...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .¢.å..âN [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 7F 75 A1 C1 9E ED CA BA 00 ......`. u¡Á.íʺ. [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 .......¤ .¤.>...R [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [110] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 33 .b.a. .3 ...0...3 [120] 00 30 00 2D 00 32 00 6C 00 65 00 6F 00 2E 00 66 .0.-.2.l .e.o...f [130] 00 63 00 35 00 00 00 52 00 4B 00 5F 00 4B 00 4C .c.5...R .K._.K.L [140] 00 42 00 47 00 00 00 .B.G... [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=370 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8196 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 257 (0x101) smb_bcc=327 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] A1 81 FE 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.þ0.û . ...¡...+ [010] 06 01 04 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E .....7.. .¢.å..âN [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 7F 75 A1 C1 9E ED CA BA 00 ......`. u¡Á.íʺ. [040] 00 00 00 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 .......¤ .¤.>...R [050] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E .K._.K.L .B.G.... [060] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 .R.K._.K .L.B.G.. [070] 00 0A 00 53 00 41 00 4D 00 42 00 41 00 04 00 36 ...S.A.M .B.A...6 [080] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 .i.n.t.e .r.n...r [090] 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 .k.-.k.l .o.s.t.e [0A0] 00 72 00 6E 00 65 00 75 00 62 00 75 00 72 00 67 .r.n.e.u .b.u.r.g [0B0] 00 2E 00 61 00 74 00 03 00 42 00 73 00 61 00 6D ...a.t.. .B.s.a.m [0C0] 00 62 00 61 00 2E 00 69 00 6E 00 74 00 65 00 72 .b.a...i .n.t.e.r [0D0] 00 6E 00 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F .n...r.k .-.k.l.o [0E0] 00 73 00 74 00 65 00 72 00 6E 00 65 00 75 00 62 .s.t.e.r .n.e.u.b [0F0] 00 75 00 72 00 67 00 2E 00 61 00 74 00 00 00 00 .u.r.g.. .a.t.... [100] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [110] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 33 .b.a. .3 ...0...3 [120] 00 30 00 2D 00 32 00 6C 00 65 00 6F 00 2E 00 66 .0.-.2.l .e.o...f [130] 00 63 00 35 00 00 00 52 00 4B 00 5F 00 4B 00 4C .c.5...R .K._.K.L [140] 00 42 00 47 00 00 00 .B.G... [2008/06/20 11:54:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018) Got challenge flags: [2008/06/20 11:54:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/06/20 11:54:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040) NTLMSSP: Set final flags: [2008/06/20 11:54:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/06/20 11:54:17, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1112) NTLMSSP challenge set by NTLM2 [2008/06/20 11:54:17, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1113) challenge is: [2008/06/20 11:54:17, 5] lib/util.c:dump_data(2286) [000] 1F 43 E6 21 C6 16 1D 6A .Cæ!Æ..j [2008/06/20 11:54:17, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2008/06/20 11:54:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,262) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,262) wrote 262 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 122 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=122 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8196 smb_uid=101 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=79 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 33 00 30 00 2D 00 32 00 6C ...0...3 .0.-.2.l [030] 00 65 00 6F 00 2E 00 66 00 63 00 35 00 00 00 52 .e.o...f .c.5...R [040] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 .K._.K.L .B.G... [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=122 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8196 smb_uid=101 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=79 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 33 00 30 00 2D 00 32 00 6C ...0...3 .0.-.2.l [030] 00 65 00 6F 00 2E 00 66 00 63 00 35 00 00 00 52 .e.o...f .c.5...R [040] 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 00 .K._.K.L .B.G... [2008/06/20 11:54:17, 10] libsmb/clientgen.c:cli_init_creds(253) cli_init_creds: user SAMBA$ domain RK_KLBG [2008/06/20 11:54:17, 10] libsmb/namequery.c:saf_store(74) saf_store: domain = [RK_KLBG], server = [SAMBA], expire = [1213956557] [2008/06/20 11:54:17, 10] lib/gencache.c:gencache_set(140) Adding cache entry with key = SAF/DOMAIN/RK_KLBG; value = SAMBA and timeout = Fri Jun 20 12:09:17 2008 (900 seconds ahead) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,78) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,78) wrote 78 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 56 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 49 50 43 00 00 00 00 IPC.... [2008/06/20 11:54:17, 10] passdb/secrets.c:secrets_named_mutex_release(995) secrets_named_mutex: released mutex for SAMBA [2008/06/20 11:54:17, 10] nsswitch/winbindd_cache.c:set_global_winbindd_state_online(2694) set_global_winbindd_state_online: online requested. [2008/06/20 11:54:17, 10] nsswitch/winbindd_cache.c:set_global_winbindd_state_online(2697) set_global_winbindd_state_online: rejecting. [2008/06/20 11:54:17, 10] nsswitch/winbindd_cm.c:set_domain_online(359) set_domain_online: called for domain RK_KLBG [2008/06/20 11:54:17, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1591) set_dc_type_and_flags: domain RK_KLBG [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,104) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,104) wrote 104 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=20224 (0x4F00) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[764f]: \lsarpc auth_type 0, auth_level 0 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.±Ð. .¨.ÀOÙ.õ [010] 00 00 00 00 .... [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 3919286a [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : b10c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : 11d0 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : 9b a8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 00 c0 4f d9 2e f5 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000000 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x764f [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30287 (0x764F) smb_bcc=87 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A .¸...... .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9.±Ð.. ¨.ÀOÙ.õ. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,158) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,158) wrote 158 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x764f returned 68 bytes. [2008/06/20 11:54:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x764f bind request returned ok. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 000053f0 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine SAMBA and bound anonymously. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 ds_io_q_getprimdominfo [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0000 level: 0001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 001a [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0000 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x764f [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30287 (0x764F) smb_bcc=41 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,112) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,112) wrote 112 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 156 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .L...... ........ [020] 00 05 00 00 00 00 00 00 01 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF ......öE ®.KÌJ..ï [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 Ö³¸Ó²... ........ [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. [060] 00 00 00 00 00 ..... [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .L...... ........ [020] 00 05 00 00 00 00 00 00 01 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF ......öE ®.KÌJ..ï [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 Ö³¸Ó²... ........ [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. [060] 00 00 00 00 00 ..... [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0064 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000004c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 100, data_len 76, ss_len 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 100 at offset 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x764f returned 152 bytes. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 ds_io_r_getprimdominfo [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr: 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 level: 0001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0006 unknown0: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 machine_role: 0005 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c flags: 01000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 netbios_ptr: 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 dnsname_ptr: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 forestname_ptr: 00000000 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_uuid domain_guid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c data : ae45f612 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0020 data : 4b89 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0022 data : 4acc [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0024 data : 95 84 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0026 data : ef d6 b3 b8 d3 b2 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 netbios_domain [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c uni_max_len: 00000008 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 offset : 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 uni_str_len: 00000008 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0038 buffer : R.K._.K.L.B.G... [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unistr2 - NULL dns_domain [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unistr2 - NULL forest_domain [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0048 status: NT_STATUS_OK [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,45) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,45) wrote 45 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=8 smt_wct=0 smb_bcc=0 [2008/06/20 11:54:17, 10] libsmb/clientgen.c:cli_rpc_pipe_close(394) cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,104) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,104) wrote 104 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=20480 (0x5000) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) Bind RPC Pipe[7650]: \lsarpc auth_type 0, auth_level 0 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« [010] 00 00 00 00 .... [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` [010] 02 00 00 00 .... [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_contexts: 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 001c context_id : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 001e num_transfer_syntaxes: 01 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 12345778 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1234 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : abcd [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : ef 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 01 23 45 67 89 ab [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000000 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 data : 8a885d04 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0038 data : 1ceb [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003a data : 11c9 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003c data : 9f e8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003e data : 08 00 2b 10 48 60 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0044 version: 00000002 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30288 (0x7650) smb_bcc=87 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,158) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,158) wrote 158 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 68 at offset 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 returned 68 bytes. [2008/06/20 11:54:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine SAMBA pipe \lsarpc fnum 0x7650 bind request returned ok. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0010 max_tsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0012 max_rsize: 10b8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 assoc_gid: 000053f0 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0018 len: 000c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 001a str: \PIPE\lsass. [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0028 num_results: 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002c result : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 002e reason : 0000 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 data : 8a885d04 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0034 data : 1ceb [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0036 data : 11c9 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0038 data : 9f e8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 003a data : 08 00 2b 10 48 60 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 version: 00000002 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine SAMBA and bound anonymously. [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_q_open_pol2(368) init_q_open_pol2: attr:0 da:33554432 [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000008 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000008 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.S.A.M.B.A... [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_attr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 len : 00000018 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0024 ptr_root_dir: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 ptr_obj_name: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 002c attributes : 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 ptr_sec_desc: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0034 ptr_sec_qos : 00000001 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 lsa_io_obj_qos sec_qos [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0038 len : 0000000c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 003c sec_imp_level : 0002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 003e sec_ctxt_mode : 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 003f effective_only: 00 [2008/06/20 11:54:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0040 des_access: 02000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 005c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000044 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 002c [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30288 (0x7650) smb_bcc=107 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 53 00 41 00 4D .......\ .\.S.A.M [040] 00 42 00 41 00 00 00 18 00 00 00 00 00 00 00 00 .B.A.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ [060] 00 00 00 02 00 01 00 00 00 00 02 ........ ... [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,178) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,178) wrote 178 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 5B 48 49 7E 06 20 00 00 00 00 00 .....[HI ~. ..... [030] 00 . [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 5B 48 49 7E 06 20 00 00 00 00 00 .....[HI ~. ..... [030] 00 . [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 returned 48 bytes. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 5b 48 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 49 7e 06 20 00 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_q_query2(3141) init_q_query2 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query_info2 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 5b 48 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 49 7e 06 20 00 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 000c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000016 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 002e [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30288 (0x7650) smb_bcc=61 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 5B 48 49 7E 06 20 00 00 0C 00 ...[HI~. .... [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,132) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,132) wrote 132 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 88 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 23 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0020 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(799) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c reserved: 00000000 [2008/06/20 11:54:17, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine SAMBA pipe \lsarpc fnum 0x7650! [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 32 at offset 0 [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) init_lsa_sec_qos [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) init_open_pol: attr:0 da:33554432 [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) init_lsa_obj_attr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 system_name: 005c [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0008 len : 00000018 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c ptr_root_dir: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 ptr_obj_name: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 attributes : 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 ptr_sec_desc: 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c ptr_sec_qos : 00000001 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0020 len : 0000000c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0024 sec_imp_level : 0002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0026 sec_ctxt_mode : 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0027 effective_only: 00 [2008/06/20 11:54:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0028 des_access: 02000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 0000002c [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0006 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30288 (0x7650) smb_bcc=83 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,154) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,154) wrote 154 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 5B 48 49 7E 06 20 00 00 00 00 00 .....[HI ~. ..... [030] 00 . [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 5B 48 49 7E 06 20 00 00 00 00 00 .....[HI ~. ..... [030] 00 . [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 48 at offset 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 returned 48 bytes. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 5b 48 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 49 7e 06 20 00 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2008/06/20 11:54:17, 5] rpc_parse/parse_lsa.c:init_q_query(488) init_q_query [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000002 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 5b 48 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : 49 7e 06 20 00 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 0005 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000016 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0016 opnum : 0007 [2008/06/20 11:54:17, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30288 (0x7650) smb_bcc=61 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 5B 48 49 7E 06 20 00 00 05 00 ...[HI~. .... [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,132) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,132) wrote 132 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`.Ù.î.. [060] 42 6A AF 99 87 00 00 00 00 Bj¯..... . [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2008/06/20 11:54:17, 10] lib/util.c:dump_data(2286) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`.Ù.î.. [060] 42 6A AF 99 87 00 00 00 00 Bj¯..... . [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0068 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000050 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 104 at offset 0 [2008/06/20 11:54:17, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine SAMBA pipe \lsarpc fnum 0x7650 returned 160 bytes. [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0000 dom_ptr: 22000000 [2008/06/20 11:54:17, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0004 info_class: 0005 [2008/06/20 11:54:17, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 0008 uni_dom_max_len: 000e [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint16(681) 000a uni_dom_str_len: 0010 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 000c buffer_dom_name: 00000001 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0010 buffer_dom_sid : 00000001 [2008/06/20 11:54:17, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0014 uni_max_len: 00000008 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0018 offset : 00000000 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 001c uni_str_len: 00000007 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0020 buffer : R.K._.K.L.B.G. [2008/06/20 11:54:17, 8] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0030 num_auths: 00000004 [2008/06/20 11:54:17, 9] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0034 sid_rev_num: 01 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0035 num_auths : 04 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0036 id_auth[0] : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0037 id_auth[1] : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0038 id_auth[2] : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 0039 id_auth[3] : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[4] : 00 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[5] : 05 [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_uint32s(997) 003c sub_auths : 00000015 0ad91560 42050dee 8799af6a [2008/06/20 11:54:17, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 004c status: NT_STATUS_OK [2008/06/20 11:54:17, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1707) set_dc_type_and_flags: domain RK_KLBG is NOT in native mode. [2008/06/20 11:54:17, 5] nsswitch/winbindd_cm.c:set_dc_type_and_flags(1710) set_dc_type_and_flags: domain RK_KLBG is NOT running active directory. [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(152) write_socket(17,45) [2008/06/20 11:54:17, 6] libsmb/clientgen.c:write_socket(155) write_socket(17,45) wrote 45 [2008/06/20 11:54:17, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2008/06/20 11:54:17, 5] lib/util.c:show_msg(506) [2008/06/20 11:54:17, 5] lib/util.c:show_msg(516) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8196 smb_uid=101 smb_mid=15 smt_wct=0 smb_bcc=0 [2008/06/20 11:54:17, 10] libsmb/clientgen.c:cli_rpc_pipe_close(394) cli_rpc_pipe_close: closed pipe \lsarpc to machine SAMBA [2008/06/20 11:54:17, 10] nsswitch/winbindd_cache.c:cache_store_response(2267) Storing response for pid 8196, len 3240 [2008/06/20 11:54:52, 4] nsswitch/winbindd_dual.c:fork_domain_child(1062) child daemon request 19 [2008/06/20 11:54:52, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn LIST_TRUSTDOM [2008/06/20 11:54:52, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(121) [ 8195]: list trusted domains [2008/06/20 11:54:52, 5] passdb/secrets.c:secrets_trusted_domains(960) secrets_get_trusted_domains: got 0 domains [2008/06/20 11:54:52, 10] nsswitch/winbindd_cache.c:cache_store_response(2267) Storing response for pid 8196, len 3240 [2008/06/20 11:56:18, 5] lib/gencache.c:gencache_shutdown(94) Closing cache file