TNG-2.4.1; 1st domain logon succeeds, none after that
Paul J Collins
pjdc at eircom.net
Wed Apr 19 23:24:05 GMT 2000
Below is the end of log.lsarpc just at the point where the "domain
controller not found" message appears. I've been trying to see which
logs show most activity during a login, and I think this is pretty
much the most active.
I have no idea how to interpret this stuff, but I hope it provides
some clues.
One thing I noticed is that the line below, "secret time" has a date
that is EARLIER than the date I created the QUIRM$ trust account, or
even the date when I installed QUIRM itself. I have also noticed
stuff in log.nmb to do with process_logon_packet; is this related to
the trust account?
This sort of random log-posting is sure to annoy, but I'm lost as to
which type of information will help.
Paul.
-------log.lsarpc-------
api_pipe_request: validated auth
pipe name: lsarpc
search name: lsarpc
Doing \PIPE\lsarpc
api_rpc_command: api_ntlsa_rpc op 0x0 - api_rpc_command: LSA_CLOSE
000008 lsa_io_q_close
000008 smb_io_pol_hnd
0008 ptr: 00000000
00000c smb_io_rpc_uuid uuid
000c time_low: fbe82b00
0010 time_mid: aa52
0012 time_hiv: 01bf
0014 rem: 3a 11 00 00 01 00 00 00
Compare policy hnd[1] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 01 00 00 00 ....
Found policy hnd[1] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 01 00 00 00 ....
policy(pnum=1 open_policy): Closing
policy closed
000000 lsa_io_r_close
000000 smb_io_pol_hnd
0000 ptr: 00000000
000004 smb_io_rpc_uuid uuid
0004 time_low: 00000000
0008 time_mid: 0000
000a time_hiv: 0000
000c rem: 00 00 00 00 00 00 00 00
0014 status: 00000000
called api_ntlsa_rpc
create_noauth_reply: data_start: 0 data_end: 24 max_tsize: 5680
alloc_hint: 24
hdr flags: 3
000000 smb_io_rpc_hdr rhdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type : 10 00 00 00
prs_set_packtype: bigendian: No
0008 frag_len : 0030
000a auth_len : 0000
000c call_id : 0000002a
000010 smb_io_rpc_hdr_resp resp
0010 alloc_hint: 00000018
0014 context_id: 006d
0016 cancel_ct : 00
0017 reserved : 00
create_rpc_reply: finished sending
ncalrpc_l_send_prs: data: 0x80e0198 len 48
[000] 05 00 02 03 10 00 00 00 30 00 00 00 2A 00 00 00 ........ 0...*...
[010] 18 00 00 00 6D 00 00 00 00 00 00 00 00 00 00 00 ....m... ........
[020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
write_socket(7,48)
write_socket(7,48) wrote 48
rpc_local: len 0
rpc_local: no data to send
ncalrpc_l_send_prs: data: (nil) len 48
receive_message_or_msrpc: timeout 60000 fd 7
read_data: read of 16 returned 0. Error = Success
end of file from client
unbecome_to_initial_uid: 127
Opened policy hnd[5] register_policy_hnd: vuser [4384, 6d]
[000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
Compare policy hnd[5] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
Found policy hnd[5] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
policy pnum=5 setting name to open_policy2
copy_unistr2: string len 12
lookup secret $MACHINE.ACC
000000 smb_io_unistr2 key
0000 uni_max_len: 0000000c
0004 undoc : 00000000
0008 uni_str_len: 0000000c
000c buffer : $.M.A.C.H.I.N.E...A.C.C.
Compare policy hnd[5] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
Found policy hnd[5] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
Getting policy vuser_key pnum=5 pid=4384 vuid=6d
Opened policy hnd[6] register_policy_hnd: vuser [4384, 6d]
[000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
policy pnum=6 setting name to secret (open)
copy_unistr2: string len 12
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
policy(pnum=6 secret (open)): Setting policy state
setting tdb secret name=$MACHINE.ACC
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Getting policy vuser_key pnum=6 pid=4384 vuid=6d
lookup user 1120,6d
000000 vuid_io_key key
0000 pid : 00001120
0004 vuid: 006d
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Getting policy vuser_key pnum=6 pid=4384 vuid=6d
lookup user 1120,6d
000000 vuid_io_key key
0000 pid : 00001120
0004 vuid: 006d
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
policy(pnum=6 secret (open)): Getting policy state
copy_unistr2: string len 12
copy_unistr2: string len 12
lookup secret $MACHINE.ACC
000000 smb_io_unistr2 key
0000 uni_max_len: 0000000c
0004 undoc : 00000000
0008 uni_str_len: 0000000c
000c buffer : $.M.A.C.H.I.N.E...A.C.C.
000000 lsa_io_secret usr
000000 lsa_io_secret_info
0000 ptr_value : 00000001
000004 lsa_io_secret_value
0004 ptr_secret: 00000001
000008 smb_io_strhdr hdr_secret
0008 str_str_len: 00000018
000c str_max_len: 00000018
0010 buffer : 00000001
000014 smb_io_string2 secret
0014 str_max_len: 00000018
0018 undoc : 00000000
001c str_str_len: 00000018
0020 buffer : ..........l'....0....e..
0038 ptr_update: 00000001
000040 smb_io_time last_update
0040 low : cf5be280
0044 high: 01bfa970
000048 lsa_io_secret_info
0048 ptr_value : 00000000
004c ptr_update: 00000001
000050 smb_io_time last_update
0050 low : cf5be280
0054 high: 01bfa970
secret time: Tue, 18 Apr 2000 21:00:57 GMT
current time: Wed, 19 Apr 2000 23:59:59 GMT
Compare policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
Found policy hnd[6] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 03 00 00 00 ....
policy(pnum=6 secret (open)): Closing
policy closed
Compare policy hnd[5] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
Found policy hnd[5] [000] 00 00 00 00 00 2B E8 FB 52 AA BF 01 3A 11 00 00 .....+.. R...:...
[010] 02 00 00 00 ....
policy(pnum=5 open_policy2): Closing
policy closed
update_trust_account: 194
msrpc close: 551
unbecome_to_initial_uid: 127
Closing connections
Server exit (normal exit)
--
Paul Collins <sneakums at eircom.net> - - - - - [ A&P,a&f ]
GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD
PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C
"Linux: it's just this operating system, you know?"
More information about the samba-ntdom
mailing list