Win2K problem looking up SIDs to names.
Jeremy Allison
jeremy at valinux.com
Tue Feb 29 01:43:47 GMT 2000
Luke,
I'm doing a security -> view on Win2k and its
giving me a open"\lsarpc" pipe call, followed by an
OPEN_POLICY2, followed by this rpc call (which
we don't decode). BTW: I checked in TNG and we don't
decode it there either.
switch message SMBtrans (pid 1195)
Skipping become_user - already user
trans <\PIPE\> data=152 params=0 setup=2
calling named_pipe
named pipe command on <> name
api_fd_reply
search for pipe pnum=7037
pipe name lsarpc pnum=7038 (pipes_open=2)
pipe name lsarpc pnum=7037 (pipes_open=2)
Got API command 0x26 on pipe "lsarpc" (pnum 7037)api_fd_reply: p:0x8184c80 max_trans_reply: 1024
000000 smb_io_rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0098
000a auth_len : 0000
000c call_id : 00000003
000010 smb_io_rpc_hdr_req req
0010 alloc_hint: 00000080
0014 context_id: 0000
0016 opnum : 0039
Doing \PIPE\lsarpc
api_rpcTNP: api_ntlsa_rpc op 0x39 - unknown
rpc_command: DCE/RPC fault should be sent here
Unsupported API fd command
Any idea what this one is ? Without it Win2k
won't go onto do the lookup sids call. Under NT4.x,
after the OPEN_POLICY2 it goes straight into the
api_rpcTNP: api_ntlsa_rpc op 0xf - api_rpc_command: LSA_LOOKUPSIDS
call and all is well (correct unix names shown in dialog
box).
Cheers,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list