Winbindd Problem - Log attached

Roberto Sebastiano askrs at tiscalinet.it
Mon Jan 14 12:52:51 GMT 2002


Hi, 
I've read the winbindd howto, re-checked the configuration but I can't
get winbindd working.
The PDC is a W2k server.
Samba version is 2.2.2.
Domain name: FCESI
PDC name: SERVER

Note that I joined the domain correctly both with smbpasswd and adding
the machine manually in the PDC mmc (i see the machine "harpo" - the
samba box - from the server's mmc).

Now, if I do wbinfo -u with samba and winbindd running I get:
Error looking up domain users

Any idea why it fails ?
The log is with -d10.

Thanks
Roberto


-------------- next part --------------
INFO: Debug class all level = 10   (pid 4111 from pid 4111)
doing parameter debug timestamp = no
doing parameter password server = SERVER
doing parameter encrypt passwords = Yes
doing parameter obey pam restrictions = Yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
doing parameter syslog = 0
doing parameter max log size = 1000
doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
doing parameter domain master = False
doing parameter dns proxy = No
doing parameter wins server = 10.0.0.1
wins_srv_load_list(): Building WINS server list:
10.0.0.1,
1 WINS server listed.
doing parameter winbind uid = 15000-20000
doing parameter winbind gid = 15000-20000
doing parameter template homedir = 
doing parameter invalid users = root
doing parameter printing = lprng
doing parameter print command = /usr/bin/lpr  -P%p -r %s
doing parameter lpq command = /usr/bin/lpq  -P%p
doing parameter lprm command = /usr/bin/lpq  -P%p
doing parameter lppause command = /usr/sbin/lpc hold %p %j
doing parameter lpresume command = /usr/sbin/lpc release %p %j
doing parameter queuepause command = /usr/sbin/lpc  -P%p stop
doing parameter queueresume command = /usr/sbin/lpc -P%p start
Processing section "[homes]"
doing parameter comment = Home Directories
doing parameter create mask = 0700
doing parameter directory mask = 0700
doing parameter browseable = No
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /tmp
doing parameter create mask = 0700
doing parameter printable = Yes
doing parameter browseable = No
Processing section "[acl2000-hi]"
doing parameter comment = Epson Aculaser C2000 Alta-Ris, 1° MM 1° PIANO
doing parameter path = /var/spool/lpd/samba
doing parameter read only = No
doing parameter create mask = 0700
doing parameter guest ok = Yes
doing parameter printable = Yes
doing parameter printer name = acl2000-hi
doing parameter oplocks = No
Processing section "[acl2000-low]"
doing parameter comment = Epson Aculaser C2000 Bassa-Ris, 1° MM 1° PIANO
doing parameter path = /var/spool/lpd/samba
doing parameter read only = No
doing parameter create mask = 0700
doing parameter guest ok = Yes
doing parameter printable = Yes
doing parameter printer name = acl2000-low
doing parameter oplocks = No
pm_process() returned Yes
adding IPC service IPC$
adding IPC service ADMIN$
added interface ip=10.0.0.3 bcast=10.255.255.255 nmask=255.0.0.0
codepage_initialise: client code page = 850
load_client_codepage: loading codepage 850.
Adding chars 0x85 0xb7 (l->u = True) (u->l = True)
Adding chars 0xa0 0xb5 (l->u = True) (u->l = True)
Adding chars 0x83 0xb6 (l->u = True) (u->l = True)
Adding chars 0xc6 0xc7 (l->u = True) (u->l = True)
Adding chars 0x84 0x8e (l->u = True) (u->l = True)
Adding chars 0x86 0x8f (l->u = True) (u->l = True)
Adding chars 0x91 0x92 (l->u = True) (u->l = True)
Adding chars 0x87 0x80 (l->u = True) (u->l = True)
Adding chars 0x8a 0xd4 (l->u = True) (u->l = True)
Adding chars 0x82 0x90 (l->u = True) (u->l = True)
Adding chars 0x88 0xd2 (l->u = True) (u->l = True)
Adding chars 0x89 0xd3 (l->u = True) (u->l = True)
Adding chars 0x8d 0xde (l->u = True) (u->l = True)
Adding chars 0xa1 0xd6 (l->u = True) (u->l = True)
Adding chars 0x8c 0xd7 (l->u = True) (u->l = True)
Adding chars 0x8b 0xd8 (l->u = True) (u->l = True)
Adding chars 0xd0 0xd1 (l->u = True) (u->l = True)
Adding chars 0xa4 0xa5 (l->u = True) (u->l = True)
Adding chars 0x95 0xe3 (l->u = True) (u->l = True)
Adding chars 0xa2 0xe0 (l->u = True) (u->l = True)
Adding chars 0x93 0xe2 (l->u = True) (u->l = True)
Adding chars 0xe4 0xe5 (l->u = True) (u->l = True)
Adding chars 0x94 0x99 (l->u = True) (u->l = True)
Adding chars 0x9b 0x9d (l->u = True) (u->l = True)
Adding chars 0x97 0xeb (l->u = True) (u->l = True)
Adding chars 0xa3 0xe9 (l->u = True) (u->l = True)
Adding chars 0x96 0xea (l->u = True) (u->l = True)
Adding chars 0x81 0x9a (l->u = True) (u->l = True)
Adding chars 0xec 0xed (l->u = True) (u->l = True)
Adding chars 0xe7 0xe8 (l->u = True) (u->l = True)
Adding chars 0x9c 0x0 (l->u = False) (u->l = False)
load_unicode_map: loading unicode map for codepage 850.
added interface ip=10.0.0.3 bcast=10.255.255.255 nmask=255.0.0.0
establishing connections
server: dc=, pwdb_init=0, lsa_hnd=0
resolve_lmhosts: Attempting lmhosts lookup for name FCESI<0x1c>
getlmhostsent: lmhost entry: 10.0.0.1 server 
resolve_wins: Attempting wins lookup for name FCESI<0x1c>
wins_srv_count: WINS status: 1 servers.
  10.0.0.1 <10.0.0.1>: alive
resolve_wins: WINS server == <10.0.0.1>
bind succeeded on port 0
Sending a packet of len 50 to (10.0.0.1) on port 137
read_udp_socket: lastip 10.0.0.1 lastport 137 read: 62
parse_nmb: packet id = 6719
Received a packet of len 62 from (10.0.0.1) port 137
nmb packet from 10.0.0.1(137) header: id=6719 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FCESI<1c> rr_type=32 rr_class=1 ttl=0
    answers   0 char ......   hex 80000A000001
Got a positive name query response from 10.0.0.1 ( 10.0.0.1 )
bind succeeded on port 0
Sending a packet of len 50 to (10.0.0.1) on port 137
read_udp_socket: lastip 10.0.0.1 lastport 137 read: 355
parse_nmb: packet id = 621
Received a packet of len 355 from (10.0.0.1) port 137
nmb packet from 10.0.0.1(137) header: id=621 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
    answers   0 char .SERVER            hex 0D534552564552202020202020202020
    answers  10 char .D.SERVER          hex 00440053455256455220202020202020
    answers  20 char    D.FCESI         hex 20202044004643455349202020202020
    answers  30 char     ...FCESI       hex 202020201CC400464345534920202020
    answers  40 char       ...FCESI     hex 20202020202000C40046434553492020
    answers  50 char         .D.FCESI   hex 20202020202020201B44004643455349
    answers  60 char           ...SER   hex 202020202020202020201EC400534552
    answers  70 char VER         .D.F   hex 56455220202020202020202003440046
    answers  80 char CESI          .D   hex 43455349202020202020202020201D44
    answers  90 char ...__MSBROWSE__.   hex 0001025F5F4D5342524F5753455F5F02
    answers  a0 char ...INet~Services   hex 01C400494E65747E5365727669636573
    answers  b0 char   ...IS~SERVER..   hex 20201CC40049537E5345525645520000
    answers  c0 char .....D.SERVER      hex 00000000004400534552564552202020
    answers  d0 char       .D.ADMINIS   hex 20202020202001440041444D494E4953
    answers  e0 char TRATOR  .D......   hex 545241544F52202003440000A0C9FB99
    answers  f0 char ................   hex 13000000000000000000000000000000
    answers 100 char ................   hex 00000000000000000000000000000000
    answers 110 char .........   hex 000000000000000000
cli_init_creds: user  domain  flgs: 0
ntlmssp_cli_flgs:0
resolve_srv_name: SERVER
resolve_lmhosts: Attempting lmhosts lookup for name SERVER<0x20>
getlmhostsent: lmhost entry: 10.0.0.1 server 
cli_establish_connection: HARPO<00> connecting to SERVER<20> (10.0.0.1) -  []
Connecting to 10.0.0.1 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 16
socket option IPTOS_THROUGHPUT = 16
socket option SO_SNDBUF = 8192
socket option SO_RCVBUF = 8192
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(7,76)
write_socket(7,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
write_socket(7,168)
write_socket(7,168) wrote 168
got smb length of 103
size=103
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=4111
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=243 (0xF3)
smb_vwv[11]=19968 (0x4E00)
smb_vwv[12]=31529 (0x7B29)
smb_vwv[13]=34807 (0x87F7)
smb_vwv[14]=49500 (0xC15C)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=34
[000] 0A 3D 2D A7 B6 7A BA E3  46 00 43 00 45 00 53 00  .=-..z.. F.C.E.S.
[010] 49 00 00 00 53 00 45 00  52 00 56 00 45 00 52 00  I...S.E. R.V.E.R.
[020] 00 00                                             .. 
size=103
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=4111
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=243 (0xF3)
smb_vwv[11]=19968 (0x4E00)
smb_vwv[12]=31529 (0x7B29)
smb_vwv[13]=34807 (0x87F7)
smb_vwv[14]=49500 (0xC15C)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=34
[000] 0A 3D 2D A7 B6 7A BA E3  46 00 43 00 45 00 53 00  .=-..z.. F.C.E.S.
[010] 49 00 00 00 53 00 45 00  52 00 56 00 45 00 52 00  I...S.E. R.V.E.R.
[020] 00 00                                             .. 
write_socket(7,92)
write_socket(7,92) wrote 92
got smb length of 127
size=127
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=127 (0x7F)
smb_vwv[2]=0 (0x0)
smb_bcc=86
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 35 00 2E 00 30 00 00  00 57 00 69 00 6E 00 64  .5...0.. .W.i.n.d
[020] 00 6F 00 77 00 73 00 20  00 32 00 30 00 30 00 30  .o.w.s.  .2.0.0.0
[030] 00 20 00 4C 00 41 00 4E  00 20 00 4D 00 61 00 6E  . .L.A.N . .M.a.n
[040] 00 61 00 67 00 65 00 72  00 00 00 46 00 43 00 45  .a.g.e.r ...F.C.E
[050] 00 53 00 49 00 00                                 .S.I.. 
size=127
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=127 (0x7F)
smb_vwv[2]=0 (0x0)
smb_bcc=86
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 35 00 2E 00 30 00 00  00 57 00 69 00 6E 00 64  .5...0.. .W.i.n.d
[020] 00 6F 00 77 00 73 00 20  00 32 00 30 00 30 00 30  .o.w.s.  .2.0.0.0
[030] 00 20 00 4C 00 41 00 4E  00 20 00 4D 00 61 00 6E  . .L.A.N . .M.a.n
[040] 00 61 00 67 00 65 00 72  00 00 00 46 00 43 00 45  .a.g.e.r ...F.C.E
[050] 00 53 00 49 00 00                                 .S.I.. 
write_socket(7,80)
write_socket(7,80) wrote 80
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00                              IPC.... 
write_socket(7,104)
write_socket(7,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=34
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=103 (0x67)
smb_vwv[2]=2304 (0x900)
smb_vwv[3]=384 (0x180)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=16 (0x10)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0
Bind RPC Pipe[8009]: \PIPE\lsarpc
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AB  xW4.4... ...#Eg..
[010] 00 00 00 00                                       .... 
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
[010] 02 00 00 00                                       .... 
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0b
    0003 flags     : 00
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0048
    000a auth_len  : 0000
    000c call_id   : 00000001
000010 smb_io_rpc_hdr_rb 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 1630
        0012 max_rsize: 1630
        0014 assoc_gid: 00000000
    0018 num_elements: 00000001
    001c context_id  : 0000
    001e num_syntaxes: 01
    00001f smb_io_rpc_iface 
        0020 data   : 12345778
        0024 data   : 1234
        0026 data   : abcd
        0028 data   : ef 00 01 23 45 67 89 ab 
        0030 version: 00000000
    000034 smb_io_rpc_iface 
        0034 data   : 8a885d04
        0038 data   : 1ceb
        003a data   : 11c9
        003c data   : 9f e8 08 00 2b 10 48 60 
        0044 version: 00000002
rpc_api_pipe: cmd:26 fnum:8009
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=72 (0x48)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=72 (0x48)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=72 (0x48)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=32777 (0x8009)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 0B 00 10 00 00 00 48  00 00 00 01 00 00 00 30  .......H .......0
[020] 16 30 16 00 00 00 00 01  00 00 00 00 00 01 00 78  .0...... .......x
[030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AB 00  W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
[050] 10 48 60 02 00 00 00                              .H`.... 
write_socket(7,158)
write_socket(7,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 01 00 00  ........ .D......
[010] 00 B8 10 B8 10 B8 32 16  00 0C 00 5C 50 49 50 45  ......2. ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 01 00 00  ........ .D......
[010] 00 B8 10 B8 10 B8 32 16  00 0C 00 5C 50 49 50 45  ......2. ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0c
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0044
    000a auth_len  : 0000
    000c call_id   : 00000001
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 10b8
        0012 max_rsize: 10b8
        0014 assoc_gid: 001632b8
    000018 smb_io_rpc_addr_str 
        0018 len: 000c
        001a str: \PIPE\lsass.
    000026 smb_io_rpc_results 
        0028 num_results: 01
        002c result     : 0000
        002e reason     : 0000
    000030 smb_io_rpc_iface 
        0030 data   : 8a885d04
        0034 data   : 1ceb
        0036 data   : 11c9
        0038 data   : 9f e8 08 00 2b 10 48 60 
        0040 version: 00000002
bind_rpc_pipe: server pipe_name found: \PIPE\lsass
bind_rpc_pipe: accepted!
init_open_pol: attr:0 da:33554432
init_lsa_obj_attr
000000 lsa_io_q_open_pol 
    0000 ptr       : 00000001
    0004 system_name: 005c
    000008 lsa_io_obj_attr 
        0008 len         : 00000018
        000c ptr_root_dir: 00000000
        0010 ptr_obj_name: 00000000
        0014 attributes  : 00000000
        0018 ptr_sec_desc: 00000000
        001c ptr_sec_qos : 00000000
    0020 des_access: 02000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x6 data_len: 0x3c
create_rpc_request: data_len: 3c auth_len: 0 alloc_hint: 2c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 003c
    000a auth_len  : 0000
    000c call_id   : 00000002
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000002c
    0014 context_id: 0000
    0016 opnum     : 0006
rpc_api_pipe: cmd:26 fnum:8009
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=60 (0x3C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=60 (0x3C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=60 (0x3C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=32777 (0x8009)
smb_bcc=75
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C  00 00 00 02 00 00 00 2C  .......< .......,
[020] 00 00 00 00 00 06 00 01  00 00 00 5C 00 00 00 18  ........ ...\....
[030] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[040] 00 00 00 00 00 00 00 00  00 00 02                 ........ ...
write_socket(7,146)
write_socket(7,146) wrote 146
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 00 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  ........ .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 CE 52 25  ........ ......R%
[020] 35 7B C8 D5 11 98 3F 00  A0 C9 FB 99 13 00 00 00  5{....?. ........
[030] 00                                                . 
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 00 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  ........ .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 CE 52 25  ........ ......R%
[020] 35 7B C8 D5 11 98 3F 00  A0 C9 FB 99 13 00 00 00  5{....?. ........
[030] 00                                                . 
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0030
    000a auth_len  : 0000
    000c call_id   : 00000002
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000018
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_open_pol 
    000018 smb_io_pol_hnd 
        0018 data1: 00000000
        001c data2: 352552ce
        0020 data3: c87b
        0022 data4: 11d5
        0024 data5: 98 3f 00 a0 c9 fb 99 13 
    002c status: 00000000
getting trusted domain list
adding trusted domain FCESI
init_q_enum_trust_dom
000000 lsa_io_q_enum_trust_dom 
    000000 smb_io_pol_hnd 
        0000 data1: 00000000
        0004 data2: 352552ce
        0008 data3: c87b
        000a data4: 11d5
        000c data5: 98 3f 00 a0 c9 fb 99 13 
    0014 enum_context : 00000000
    0018 preferred_len: ffffffff
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xd data_len: 0x34
create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0034
    000a auth_len  : 0000
    000c call_id   : 00000003
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000024
    0014 context_id: 0000
    0016 opnum     : 000d
rpc_api_pipe: cmd:26 fnum:8009
size=134
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=52 (0x34)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=52 (0x34)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=32777 (0x8009)
smb_bcc=67
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 34  00 00 00 03 00 00 00 24  .......4 .......$
[020] 00 00 00 00 00 0D 00 00  00 00 00 CE 52 25 35 7B  ........ ....R%5{
[030] C8 D5 11 98 3F 00 A0 C9  FB 99 13 00 00 00 00 FF  ....?... ........
[040] FF FF FF                                          ... 
write_socket(7,138)
write_socket(7,138) wrote 138
got smb length of 96
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=40 (0x28)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=40 (0x28)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=41
[000] 00 05 00 02 03 10 00 00  00 28 00 00 00 03 00 00  ........ .(......
[010] 00 10 00 00 00 00 00 00  00 00 00 00 80 00 00 00  ........ ........
[020] 00 00 00 00 00 1A 00 00  80                       ........ .
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=40 (0x28)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=40 (0x28)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=41
[000] 00 05 00 02 03 10 00 00  00 28 00 00 00 03 00 00  ........ .(......
[010] 00 10 00 00 00 00 00 00  00 00 00 00 80 00 00 00  ........ ........
[020] 00 00 00 00 00 1A 00 00  80                       ........ .
rpc_check_hdr: rdata->data_size = 40
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0028
    000a auth_len  : 0000
    000c call_id   : 00000003
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000010
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 40
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_enum_trust_dom 
    0018 enum_context    : 80000000
    001c num_domains     : 00000000
    0020 ptr_enum_domains: 00000000
    0024 status: 8000001a
server: dc=SERVER, pwdb_init=1, lsa_hnd=1
FCESI: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
accepted socket 10
[ 4112]: list users
checking domain handles for domain FCESI
server: dc=SERVER, pwdb_init=1, lsa_hnd=1
FCESI: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
opening sam handles
Getting domain info for domain FCESI
looking up sid for domain FCESI
resolve_lmhosts: Attempting lmhosts lookup for name FCESI<0x1c>
getlmhostsent: lmhost entry: 10.0.0.1 server 
resolve_wins: Attempting wins lookup for name FCESI<0x1c>
wins_srv_count: WINS status: 1 servers.
  10.0.0.1 <10.0.0.1>: alive
resolve_wins: WINS server == <10.0.0.1>
bind succeeded on port 0
Sending a packet of len 50 to (10.0.0.1) on port 137
read_udp_socket: lastip 10.0.0.1 lastport 137 read: 62
parse_nmb: packet id = 18066
Received a packet of len 62 from (10.0.0.1) port 137
nmb packet from 10.0.0.1(137) header: id=18066 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FCESI<1c> rr_type=32 rr_class=1 ttl=0
    answers   0 char ......   hex 80000A000001
Got a positive name query response from 10.0.0.1 ( 10.0.0.1 )
bind succeeded on port 0
Sending a packet of len 50 to (10.0.0.1) on port 137
read_udp_socket: lastip 10.0.0.1 lastport 137 read: 355
parse_nmb: packet id = 3971
Received a packet of len 355 from (10.0.0.1) port 137
nmb packet from 10.0.0.1(137) header: id=3971 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
    answers   0 char .SERVER            hex 0D534552564552202020202020202020
    answers  10 char .D.SERVER          hex 00440053455256455220202020202020
    answers  20 char    D.FCESI         hex 20202044004643455349202020202020
    answers  30 char     ...FCESI       hex 202020201CC400464345534920202020
    answers  40 char       ...FCESI     hex 20202020202000C40046434553492020
    answers  50 char         .D.FCESI   hex 20202020202020201B44004643455349
    answers  60 char           ...SER   hex 202020202020202020201EC400534552
    answers  70 char VER         .D.F   hex 56455220202020202020202003440046
    answers  80 char CESI          .D   hex 43455349202020202020202020201D44
    answers  90 char ...__MSBROWSE__.   hex 0001025F5F4D5342524F5753455F5F02
    answers  a0 char ...INet~Services   hex 01C400494E65747E5365727669636573
    answers  b0 char   ...IS~SERVER..   hex 20201CC40049537E5345525645520000
    answers  c0 char .....D.SERVER      hex 00000000004400534552564552202020
    answers  d0 char       .D.ADMINIS   hex 20202020202001440041444D494E4953
    answers  e0 char TRATOR  .D......   hex 545241544F52202003440000A0C9FB99
    answers  f0 char ................   hex 13000000000000000000000000000000
    answers 100 char ................   hex 00000000000000000000000000000000
    answers 110 char .........   hex 000000000000000000
init_q_query
000000 lsa_io_q_query 
    000000 smb_io_pol_hnd 
        0000 data1: 00000000
        0004 data2: 352552ce
        0008 data3: c87b
        000a data4: 11d5
        000c data5: 98 3f 00 a0 c9 fb 99 13 
    0014 info_class: 0005
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x7 data_len: 0x2e
create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 002e
    000a auth_len  : 0000
    000c call_id   : 00000004
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000001e
    0014 context_id: 0000
    0016 opnum     : 0007
rpc_api_pipe: cmd:26 fnum:8009
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=46 (0x2E)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=46 (0x2E)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=32777 (0x8009)
smb_bcc=61
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 2E  00 00 00 04 00 00 00 1E  ........ ........
[020] 00 00 00 00 00 07 00 00  00 00 00 CE 52 25 35 7B  ........ ....R%5{
[030] C8 D5 11 98 3F 00 A0 C9  FB 99 13 05 00           ....?... .....
write_socket(7,132)
write_socket(7,132) wrote 132
got smb length of 102
size=102
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=46 (0x2E)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=47
[000] 00 05 00 02 03 10 00 00  00 64 00 00 00 04 00 00  ........ .d......
[010] 00 4C 00 00 00 00 00 00  00 D8 A9 20 01 05 00 00  .L...... ... ....
[020] 00 0A 00 0C 00 78 4D 06  08 70 E9 04 08 06 00     .....xM. .p.....
size=102
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=46 (0x2E)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=47
[000] 00 05 00 02 03 10 00 00  00 64 00 00 00 04 00 00  ........ .d......
[010] 00 4C 00 00 00 00 00 00  00 D8 A9 20 01 05 00 00  .L...... ... ....
[020] 00 0A 00 0C 00 78 4D 06  08 70 E9 04 08 06 00     .....xM. .p.....
rpc_check_hdr: rdata->data_size = 46
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0064
    000a auth_len  : 0000
    000c call_id   : 00000004
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 0000004c
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 54 smbtrans read: 46
rpc_read: data_to_read: 54 rdata offset: 46 extra_data_size: 54
rpc_read: grew buffer by 54 bytes to 100
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 114
size=114
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4098
smb_pid=4111
smb_uid=6145
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=54 (0x36)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=55
[000] 03 00 00 00 00 00 00 05  00 00 00 46 00 43 00 45  ........ ...F.C.E
[010] 00 53 00 49 00 00 00 04  00 00 00 01 04 00 00 00  .S.I.... ........
[020] 00 00 05 15 00 00 00 11  99 B9 78 44 DD B8 3D F0  ........ ..xD..=.
[030] 94 C8 5F 00 00 00 00                              .._.... 
rpc_read: num_read = 54, read offset: 0, to read: 54
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_query 
    0018 undoc_buffer: 0120a9d8
    001c info_class: 0005
    000020 lsa_io_dom_query 
        0020 uni_dom_max_len: 000a
        0022 uni_dom_str_len: 000c
        0024 buffer_dom_name: 08064d78
        0028 buffer_dom_sid : 0804e970
        00002c smb_io_unistr2 unistr2
            002c uni_max_len: 00000006
            0030 undoc      : 00000000
            0034 uni_str_len: 00000005
            0038 buffer     : F.C.E.S.I.
        000044 smb_io_dom_sid2 
            0044 num_auths: 00000004
            000048 smb_io_dom_sid sid
                0048 sid_rev_num: 01
                0049 num_auths  : 04
                004a id_auth[0] : 00
                004b id_auth[1] : 00
                004c id_auth[2] : 00
                004d id_auth[3] : 00
                004e id_auth[4] : 00
                004f id_auth[5] : 05
                0050 sub_auths : 00000015 78b99911 3db8dd44 5fc894f0 
    0060 status: 00000000
found sid S-1-5-21-2025429265-1035525444-1606980848 for domain FCESI
cli_init_creds: user  domain  flgs: 0
ntlmssp_cli_flgs:0
resolve_srv_name: SERVER
resolve_lmhosts: Attempting lmhosts lookup for name SERVER<0x20>
getlmhostsent: lmhost entry: 10.0.0.1 server 
cli_establish_connection: HARPO<00> connecting to SERVER<20> (10.0.0.1) -  []
Connecting to 10.0.0.1 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 16
socket option IPTOS_THROUGHPUT = 16
socket option SO_SNDBUF = 8192
socket option SO_RCVBUF = 8192
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(11,76)
write_socket(11,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
write_socket(11,168)
write_socket(11,168) wrote 168
got smb length of 103
size=103
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=4111
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=243 (0xF3)
smb_vwv[11]=59392 (0xE800)
smb_vwv[12]=11312 (0x2C30)
smb_vwv[13]=34810 (0x87FA)
smb_vwv[14]=49500 (0xC15C)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=34
[000] F3 BF 9E 9F E3 FC 82 9B  46 00 43 00 45 00 53 00  ........ F.C.E.S.
[010] 49 00 00 00 53 00 45 00  52 00 56 00 45 00 52 00  I...S.E. R.V.E.R.
[020] 00 00                                             .. 
size=103
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=4111
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=243 (0xF3)
smb_vwv[11]=59392 (0xE800)
smb_vwv[12]=11312 (0x2C30)
smb_vwv[13]=34810 (0x87FA)
smb_vwv[14]=49500 (0xC15C)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=34
[000] F3 BF 9E 9F E3 FC 82 9B  46 00 43 00 45 00 53 00  ........ F.C.E.S.
[010] 49 00 00 00 53 00 45 00  52 00 56 00 45 00 52 00  I...S.E. R.V.E.R.
[020] 00 00                                             .. 
write_socket(11,92)
write_socket(11,92) wrote 92
got smb length of 127
size=127
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=127 (0x7F)
smb_vwv[2]=0 (0x0)
smb_bcc=86
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 35 00 2E 00 30 00 00  00 57 00 69 00 6E 00 64  .5...0.. .W.i.n.d
[020] 00 6F 00 77 00 73 00 20  00 32 00 30 00 30 00 30  .o.w.s.  .2.0.0.0
[030] 00 20 00 4C 00 41 00 4E  00 20 00 4D 00 61 00 6E  . .L.A.N . .M.a.n
[040] 00 61 00 67 00 65 00 72  00 00 00 46 00 43 00 45  .a.g.e.r ...F.C.E
[050] 00 53 00 49 00 00                                 .S.I.. 
size=127
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=127 (0x7F)
smb_vwv[2]=0 (0x0)
smb_bcc=86
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 35 00 2E 00 30 00 00  00 57 00 69 00 6E 00 64  .5...0.. .W.i.n.d
[020] 00 6F 00 77 00 73 00 20  00 32 00 30 00 30 00 30  .o.w.s.  .2.0.0.0
[030] 00 20 00 4C 00 41 00 4E  00 20 00 4D 00 61 00 6E  . .L.A.N . .M.a.n
[040] 00 61 00 67 00 65 00 72  00 00 00 46 00 43 00 45  .a.g.e.r ...F.C.E
[050] 00 53 00 49 00 00                                 .S.I.. 
write_socket(11,80)
write_socket(11,80) wrote 80
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00                              IPC.... 
write_socket(11,100)
write_socket(11,100) wrote 100
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=34
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=103 (0x67)
smb_vwv[2]=2304 (0x900)
smb_vwv[3]=448 (0x1C0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=16 (0x10)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0
Bind RPC Pipe[c009]: \PIPE\samr
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AC  xW4.4... ...#Eg..
[010] 01 00 00 00                                       .... 
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
[010] 02 00 00 00                                       .... 
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0b
    0003 flags     : 00
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0048
    000a auth_len  : 0000
    000c call_id   : 00000005
000010 smb_io_rpc_hdr_rb 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 1630
        0012 max_rsize: 1630
        0014 assoc_gid: 00000000
    0018 num_elements: 00000001
    001c context_id  : 0000
    001e num_syntaxes: 01
    00001f smb_io_rpc_iface 
        0020 data   : 12345778
        0024 data   : 1234
        0026 data   : abcd
        0028 data   : ef 00 01 23 45 67 89 ac 
        0030 version: 00000001
    000034 smb_io_rpc_iface 
        0034 data   : 8a885d04
        0038 data   : 1ceb
        003a data   : 11c9
        003c data   : 9f e8 08 00 2b 10 48 60 
        0044 version: 00000002
rpc_api_pipe: cmd:26 fnum:c009
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=72 (0x48)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=72 (0x48)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=72 (0x48)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=49161 (0xC009)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 0B 00 10 00 00 00 48  00 00 00 05 00 00 00 30  .......H .......0
[020] 16 30 16 00 00 00 00 01  00 00 00 00 00 01 00 78  .0...... .......x
[030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AC 01  W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
[050] 10 48 60 02 00 00 00                              .H`.... 
write_socket(11,158)
write_socket(11,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 05 00 00  ........ .D......
[010] 00 B8 10 B8 10 B9 32 16  00 0C 00 5C 50 49 50 45  ......2. ...\PIPE
[020] 5C 6C 73 61 73 73 00 06  08 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 05 00 00  ........ .D......
[010] 00 B8 10 B8 10 B9 32 16  00 0C 00 5C 50 49 50 45  ......2. ...\PIPE
[020] 5C 6C 73 61 73 73 00 06  08 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0c
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0044
    000a auth_len  : 0000
    000c call_id   : 00000005
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 10b8
        0012 max_rsize: 10b8
        0014 assoc_gid: 001632b9
    000018 smb_io_rpc_addr_str 
        0018 len: 000c
        001a str: \PIPE\lsass.
    000026 smb_io_rpc_results 
        0028 num_results: 01
        002c result     : 0000
        002e reason     : 0000
    000030 smb_io_rpc_iface 
        0030 data   : 8a885d04
        0034 data   : 1ceb
        0036 data   : 11c9
        0038 data   : 9f e8 08 00 2b 10 48 60 
        0040 version: 00000002
bind_rpc_pipe: server pipe_name found: \PIPE\lsass
bind_rpc_pipe: accepted!
init_samr_q_connect
000000 samr_io_q_connect 
    0000 ptr_srv_name: 00000001
    000004 smb_io_unistr2 
        0004 uni_max_len: 00000007
        0008 undoc      : 00000000
        000c uni_str_len: 00000007
        0010 buffer     : S.E.R.V.E.R...
    0020 access_mask: 02000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x39 data_len: 0x3c
create_rpc_request: data_len: 3c auth_len: 0 alloc_hint: 2c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 003c
    000a auth_len  : 0000
    000c call_id   : 00000006
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000002c
    0014 context_id: 0000
    0016 opnum     : 0039
rpc_api_pipe: cmd:26 fnum:c009
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=60 (0x3C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=60 (0x3C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=60 (0x3C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=49161 (0xC009)
smb_bcc=75
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C  00 00 00 06 00 00 00 2C  .......< .......,
[020] 00 00 00 00 00 39 00 01  00 00 00 07 00 00 00 00  .....9.. ........
[030] 00 00 00 07 00 00 00 53  00 45 00 52 00 56 00 45  .......S .E.R.V.E
[040] 00 52 00 00 00 00 00 00  00 00 02                 .R...... ...
write_socket(11,146)
write_socket(11,146) wrote 146
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 00 05 00 02 03 10 00 00  00 30 00 00 00 06 00 00  ........ .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[020] 00 00 00 00 00 00 00 00  00 00 00 00 00 22 00 00  ........ ....."..
[030] C0                                                . 
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4096
smb_pid=4111
smb_uid=4096
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 00 05 00 02 03 10 00 00  00 30 00 00 00 06 00 00  ........ .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[020] 00 00 00 00 00 00 00 00  00 00 00 00 00 22 00 00  ........ ....."..
[030] C0                                                . 
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0030
    000a auth_len  : 0000
    000c call_id   : 00000006
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000018
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_connect 
    000018 smb_io_pol_hnd connect_pol
        0018 data1: 00000000
        001c data2: 00000000
        0020 data3: 0000
        0022 data4: 0000
        0024 data5: 00 00 00 00 00 00 00 00 
    002c status: c0000022
read failed on sock 10, pid 4112: EOF


More information about the samba-technical mailing list