TNG-2.4.1; 1st domain logon succeeds, none after that

Paul J Collins pjdc at eircom.net
Wed Apr 19 23:24:05 GMT 2000


Below is the end of log.lsarpc just at the point where the "domain
controller not found" message appears.  I've been trying to see which
logs show most activity during a login, and I think this is pretty
much the most active.

I have no idea how to interpret this stuff, but I hope it provides
some clues.

One thing I noticed is that the line below, "secret time" has a date
that is EARLIER than the date I created the QUIRM$ trust account, or
even the date when I installed QUIRM itself.  I have also noticed
stuff in log.nmb to do with process_logon_packet; is this related to
the trust account?

This sort of random log-posting is sure to annoy, but I'm lost as to
which type of information will help.

Paul.

-------log.lsarpc-------

api_pipe_request: validated auth
pipe name: lsarpc
search name: lsarpc
Doing \PIPE\lsarpc
api_rpc_command: api_ntlsa_rpc op 0x0 - api_rpc_command: LSA_CLOSE
000008 lsa_io_q_close 
    000008 smb_io_pol_hnd 
        0008 ptr: 00000000
        00000c smb_io_rpc_uuid uuid
            000c time_low: fbe82b00
            0010 time_mid: aa52
            0012 time_hiv: 01bf
            0014 rem: 3a 11 00 00 01 00 00 00 
Compare policy hnd[1] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 01 00 00 00                                       .... 
Found policy hnd[1] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 01 00 00 00                                       .... 
policy(pnum=1 open_policy): Closing
policy closed
000000 lsa_io_r_close 
    000000 smb_io_pol_hnd 
        0000 ptr: 00000000
        000004 smb_io_rpc_uuid uuid
            0004 time_low: 00000000
            0008 time_mid: 0000
            000a time_hiv: 0000
            000c rem: 00 00 00 00 00 00 00 00 
    0014 status: 00000000
called api_ntlsa_rpc
create_noauth_reply: data_start: 0 data_end: 24 max_tsize: 5680
alloc_hint: 24
hdr flags: 3
000000 smb_io_rpc_hdr rhdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type : 10 00 00 00 
prs_set_packtype: bigendian: No
    0008 frag_len  : 0030
    000a auth_len  : 0000
    000c call_id   : 0000002a
000010 smb_io_rpc_hdr_resp resp
    0010 alloc_hint: 00000018
    0014 context_id: 006d
    0016 cancel_ct : 00
    0017 reserved  : 00
create_rpc_reply: finished sending
ncalrpc_l_send_prs: data: 0x80e0198 len 48
[000] 05 00 02 03 10 00 00 00  30 00 00 00 2A 00 00 00  ........ 0...*...
[010] 18 00 00 00 6D 00 00 00  00 00 00 00 00 00 00 00  ....m... ........
[020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
write_socket(7,48)
write_socket(7,48) wrote 48
rpc_local: len 0
rpc_local: no data to send
ncalrpc_l_send_prs: data: (nil) len 48
receive_message_or_msrpc: timeout 60000 fd 7
read_data: read of 16 returned 0. Error = Success
end of file from client
unbecome_to_initial_uid: 127
Opened policy hnd[5] register_policy_hnd: vuser [4384, 6d]
[000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
Compare policy hnd[5] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
Found policy hnd[5] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
policy pnum=5 setting name to open_policy2
copy_unistr2: string len 12
lookup secret $MACHINE.ACC
000000 smb_io_unistr2 key
    0000 uni_max_len: 0000000c
    0004 undoc      : 00000000
    0008 uni_str_len: 0000000c
    000c buffer     : $.M.A.C.H.I.N.E...A.C.C.
Compare policy hnd[5] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
Found policy hnd[5] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
Getting policy vuser_key pnum=5 pid=4384 vuid=6d
Opened policy hnd[6] register_policy_hnd: vuser [4384, 6d]
[000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
policy pnum=6 setting name to secret (open)
copy_unistr2: string len 12
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
policy(pnum=6 secret (open)): Setting policy state
setting tdb secret name=$MACHINE.ACC
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Getting policy vuser_key pnum=6 pid=4384 vuid=6d
lookup user 1120,6d
000000 vuid_io_key key
0000 pid : 00001120
0004 vuid: 006d
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Getting policy vuser_key pnum=6 pid=4384 vuid=6d
lookup user 1120,6d
000000 vuid_io_key key
0000 pid : 00001120
0004 vuid: 006d
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
policy(pnum=6 secret (open)): Getting policy state
copy_unistr2: string len 12
copy_unistr2: string len 12
lookup secret $MACHINE.ACC
000000 smb_io_unistr2 key
    0000 uni_max_len: 0000000c
    0004 undoc      : 00000000
    0008 uni_str_len: 0000000c
    000c buffer     : $.M.A.C.H.I.N.E...A.C.C.
000000 lsa_io_secret usr
    000000 lsa_io_secret_info 
        0000 ptr_value : 00000001
        000004 lsa_io_secret_value 
            0004 ptr_secret: 00000001
            000008 smb_io_strhdr hdr_secret
                0008 str_str_len: 00000018
                000c str_max_len: 00000018
                0010 buffer     : 00000001
            000014 smb_io_string2 secret
                0014 str_max_len: 00000018
                0018 undoc      : 00000000
                001c str_str_len: 00000018
                0020 buffer     : ..........l'....0....e..
        0038 ptr_update: 00000001
        000040 smb_io_time last_update
            0040 low : cf5be280
            0044 high: 01bfa970
    000048 lsa_io_secret_info 
        0048 ptr_value : 00000000
        004c ptr_update: 00000001
        000050 smb_io_time last_update
            0050 low : cf5be280
            0054 high: 01bfa970
secret time: Tue, 18 Apr 2000 21:00:57 GMT
current time: Wed, 19 Apr 2000 23:59:59 GMT
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 03 00 00 00                                       .... 
policy(pnum=6 secret (open)): Closing
policy closed
Compare policy hnd[5] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
Found policy hnd[5] [000] 00 00 00 00 00 2B E8 FB  52 AA BF 01 3A 11 00 00  .....+.. R...:...
[010] 02 00 00 00                                       .... 
policy(pnum=5 open_policy2): Closing
policy closed
update_trust_account: 194
msrpc close: 551
unbecome_to_initial_uid: 127
Closing connections
Server exit (normal exit)

-- 
Paul Collins <sneakums at eircom.net> - - - - - [ A&P,a&f ]
 GPG: 0A49 49A9 2932 0EE5 89B2  9EE0 3B65 7154 8131 1BCD
 PGP: 88BA 2393 8E3C CECF E43A  44B4 0766 DD71 04E5 962C
"Linux: it's just this operating system, you know?"



More information about the samba-ntdom mailing list