Win2K problem looking up SIDs to names.

Jeremy Allison jeremy at valinux.com
Tue Feb 29 01:43:47 GMT 2000


Luke,

	I'm doing a security -> view on Win2k and its
giving me a open"\lsarpc" pipe call, followed by an
OPEN_POLICY2, followed by this rpc call (which
we don't decode). BTW: I checked in TNG and we don't
decode it there either. 

switch message SMBtrans (pid 1195)
Skipping become_user - already user
trans <\PIPE\> data=152 params=0 setup=2
calling named_pipe
named pipe command on <> name
api_fd_reply
search for pipe pnum=7037
pipe name lsarpc pnum=7038 (pipes_open=2)
pipe name lsarpc pnum=7037 (pipes_open=2)
Got API command 0x26 on pipe "lsarpc" (pnum 7037)api_fd_reply: p:0x8184c80 max_trans_reply: 1024
000000 smb_io_rpc_hdr 
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0098
    000a auth_len  : 0000
    000c call_id   : 00000003
000010 smb_io_rpc_hdr_req req
    0010 alloc_hint: 00000080
    0014 context_id: 0000
    0016 opnum     : 0039
Doing \PIPE\lsarpc
api_rpcTNP: api_ntlsa_rpc op 0x39 - unknown
rpc_command: DCE/RPC fault should be sent here
Unsupported API fd command

Any idea what this one is ? Without it Win2k
won't go onto do the lookup sids call. Under NT4.x,
after the OPEN_POLICY2 it goes straight into the

api_rpcTNP: api_ntlsa_rpc op 0xf - api_rpc_command: LSA_LOOKUPSIDS

call and all is well (correct unix names shown in dialog
box).

Cheers,

	Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------


More information about the samba-technical mailing list