Winbindd communication with ADS DC fails for Samba-3.0.11

Ravi Wijayaratne ravi_wija at yahoo.com
Tue Mar 8 00:50:52 GMT 2005


Hi All

I am trying to debug why winbindd fails to authenticate using info from a
ADS server where signing is enabled.

Here are the symptom of the problem:

How to reproduce
================
1. Join the domain ABC 
2. Run net use * \\<IP of the server>\share1 /u:ABC/user1 user1_password from a Windows 
(2k XP or 2k3 client)
3. Notice this fails
4. Then Run net use * \\<Name of server>\share1 /u:ABC/user1 user1_password
5. Notice that this operation succeeds.

I have attached log.winbindd

I tested Samba 3-0-7 and the problem does not exist in 3.0.7. I have attached both winbindd
logs.

Any insight re: this matter is much appreciated

Thank you
Ravi
 
--------from log.winbindd from 3.0.10 or 3.0.11 FAILED --------------

[ 2870]: setgrent
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn NETBIOS_NAME
[ 2870]: request netbios name
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn ENDGRENT
[ 2870]: endgrent
client_write: wrote 1300 bytes.
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 22, pid 7797: EOF
accepted socket 20
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn INTERFACE_VERSION
[ 7897]: request interface version
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[ 7897]: request location of privileged pipe
client_write: wrote 1300 bytes.
client_write: need to write 36 extra data bytes.
client_write: wrote 36 bytes.
client_write: client_write: complete response written.
accepted socket 22
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 20, pid 7897: EOF
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn PING
[ 7897]: ping
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn PING
[ 7897]: ping
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn AUTH_CRAP
[ 7897]: pam auth crap domain: NORTHAMERICA user: na_user5
is_myname("NORTHAMERICA") returns 0
Using cleartext machine password
check_negative_conn_cache: cache entry expired for NORTHAMERICA, NORTHAMERICADC
IPC$ connections done anonymously
secrets_named_mutex: got mutex for NORTHAMERICADC
write_socket(20,183)
write_socket(20,183) wrote 183
got smb length of 192
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7786
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   17 (0x11)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=  499 (0x1F3)
smb_vwv[11]=41088 (0xA080)
smb_vwv[12]=56888 (0xDE38)
smb_vwv[13]=36215 (0x8D77)
smb_vwv[14]=50466 (0xC522)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]=    1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E  B0 14 F8 35 20 98 01 3A  .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05  05 02 A0 5F 30 5D A0 30  `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23  6E 6F 72 74 68 61 6D 65  .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40  4E 4F 52 54 48 41 4D 45  ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41  50 51 41                 RICA.SNA PQA
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7786
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   17 (0x11)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=  499 (0x1F3)
smb_vwv[11]=41088 (0xA080)
smb_vwv[12]=56888 (0xDE38)
smb_vwv[13]=36215 (0x8D77)
smb_vwv[14]=50466 (0xC522)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]=    1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E  B0 14 F8 35 20 98 01 3A  .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05  05 02 A0 5F 30 5D A0 30  `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23  6E 6F 72 74 68 61 6D 65  .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40  4E 4F 52 54 48 41 4D 45  ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41  50 51 41                 RICA.SNA PQA
connecting to NORTHAMERICADC from SNAP2188265 with kerberos principal
[SNAP2188265$@NORTHAMERICA.SNAPQA]
Doing spnego session setup (blob length=123)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=northamericadc$@NORTHAMERICA.SNAPQA
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Mon, 07 Mar 2005 06:45:44 GMT
ads_krb5_mk_req: Ticket (northamericadc$@NORTHAMERICA.SNAPQA) in ccache (MEMORY:cliconnect) is
valid until: (Mon, 07 Mar 2005 06:45:44 GMT - 1110177944)
Got KRB5 session key of length 8
Mandatory SMB signing enabled!
SMB signing enabled!
cli_simple_set_signing: user_session_key
[000] 04 68 1F 89 8A DF 02 31                           .h.....1 
cli_simple_set_signing: NULL response_data
simple_packet_signature: sequence number 0
client_sign_outgoing_message: sent SMB signature of
[000] 9B 07 E4 C8 8C 46 FC EF                           .....F.. 
store_sequence_for_reply: stored seq = 1 mid = 2
write_socket(20,1322)
write_socket(20,1322) wrote 1322
got smb length of 167
size=167
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=7786
smb_uid=12290
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=  167 (0xA7)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=   26 (0x1A)
smb_bcc=124
[000] A1 18 30 16 A0 03 0A 01  00 A1 0B 06 09 2A 86 48  ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02  04 00 9A 57 00 69 00 6E  ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
[030] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
[040] 00 20 00 33 00 37 00 39  00 30 00 00 00 57 00 69  . .3.7.9 .0...W.i
[050] 00 6E 00 64 00 6F 00 77  00 73 00 20 00 53 00 65  .n.d.o.w .s. .S.e
[060] 00 72 00 76 00 65 00 72  00 20 00 32 00 30 00 30  .r.v.e.r . .2.0.0
[070] 00 33 00 20 00 35 00 2E  00 32 00 00              .3. .5.. .2..
get_sequence_for_reply: found seq = 1 mid = 2
simple_packet_signature: sequence number 1
client_check_incoming_message: BAD SIG: wanted SMB signature of
[000] 18 42 A1 72 FF F2 22 83                           .B.r..". 
client_check_incoming_message: BAD SIG: got SMB signature of
[000] 31 D1 BC 7E 1C 5D F5 17                           1..~.].. 
simple_packet_signature: sequence number 4294967292
simple_packet_signature: sequence number 4294967293
simple_packet_signature: sequence number 4294967294
simple_packet_signature: sequence number 4294967295
simple_packet_signature: sequence number 0
simple_packet_signature: sequence number 1
simple_packet_signature: sequence number 2
simple_packet_signature: sequence number 3
simple_packet_signature: sequence number 4
simple_packet_signature: sequence number 5
signing_good: BAD SIG: seq 1
SMB Signature verification failed on incoming packet!
failed kerberos session setup with Undetermined error
secrets_named_mutex: released mutex for NORTHAMERICADC
add_failed_connection_entry: added domain NORTHAMERICA (NORTHAMERICADC) to failed conn cache
check_negative_conn_cache: returning negative entry for NORTHAMERICA, NORTHAMERICADC
Using cleartext machine password
internal_resolve_name: looking up NORTHAMERICA#1c
Returning expired cache entry: key = NBT/NORTHAMERICA#1C, value =
192.168.93.197:0,192.168.93.79:0, timeout = Sun Mar  6 20:44:35 2005

no entry for NORTHAMERICA#1C found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C)
resolve_hosts: not appropriate for name type <0x1c>
resolve_hosts: Attempting to resolve DC's for NORTHAMERICA using DNS
resolve_lmhosts: Attempting lmhosts lookup for name NORTHAMERICA<0x1c>
startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such file or directory
resolve_wins: Attempting wins lookup for name NORTHAMERICA<0x1c>
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
Current wins server for tag 'eth0' with source 0.0.0.0 is 10.25.5.30
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
resolve_wins: using WINS server 10.25.5.30 and tag 'eth0'
bind succeeded on port 0
Sending a packet of len 50 to (10.25.5.30) on port 137
read_udp_socket: lastip 10.25.5.30 lastport 137 read: 74
parse_nmb: packet id = 17423
Received a packet of len 74 from (10.25.5.30) port 137
nmb packet from 10.25.5.30(137) header: id=17423 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=NORTHAMERICA<1c> rr_type=32 rr_class=1 ttl=0
    answers   0 char ....].....]O....   hex 8000C0A85DC58000C0A85D4F8000C0A8
    answers  10 char ].   hex 5DC5
Got a positive name query response from 10.25.5.30 ( 192.168.93.197 192.168.93.79 192.168.93.197 )
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 2 addresses for NORTHAMERICA#1c: 192.168.93.197:0,192.168.93.79:0
Adding cache entry with key = NBT/NORTHAMERICA#1C; value = 192.168.93.197:0,192.168.93.79:0 and
timeout = Sun Mar  6 20:45:44 2005
 (0 seconds in the past)
internal_resolve_name: returning 2 addresses: 192.168.93.197:0 192.168.93.79:0 
name_status_find: looking up NORTHAMERICA#1c at 192.168.93.197
Cache entry with key = NBT/NORTHAMERICA#1C.20.192.168.93.197 couldn't be found
namecache_status_fetch: no entry for NBT/NORTHAMERICA#1C.20.192.168.93.197 found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C.20.192.168.93.197)
bind succeeded on port 0
Sending a packet of len 50 to (192.168.93.197) on port 137
read_udp_socket: lastip 192.168.93.197 lastport 137 read: 301
parse_nmb: packet id = 8680
Received a packet of len 301 from (192.168.93.197) port 137
nmb packet from 192.168.93.197(137) header: id=8680 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=NORTHAMERICA<1c> rr_type=33 rr_class=1 ttl=0
    answers   0 char .NORTHAMERICADC    hex 084E4F525448414D4552494341444320
    answers  10 char .$.NORTHAMERICA    hex 0024004E4F525448414D455249434120
    answers  20 char   ...NORTHAMERIC   hex 202000A4004E4F525448414D45524943
    answers  30 char A   ...NORTHAMER   hex 412020201CA4004E4F525448414D4552
    answers  40 char ICADC  $.NORTHAM   hex 4943414443202024004E4F525448414D
    answers  50 char ERICA   .$.NORTH   hex 45524943412020201B24004E4F525448
    answers  60 char AMERICA   ...NOR   hex 414D45524943412020201EA4004E4F52
    answers  70 char THAMERICA   .$..   hex 5448414D45524943412020201D240001
    answers  80 char .__MSBROWSE__...   hex 025F5F4D5342524F5753455F5F0201A4
    answers  90 char ..PVWH..........   hex 000050565748CC000000000000000000
    answers  a0 char ................   hex 00000000000000000000000000000000
    answers  b0 char ...............   hex 000000000000000000000000000000
NORTHAMERICADC#00: flags = 0x24
NORTHAMERICA#00: flags = 0xa4
NORTHAMERICA#1c: flags = 0xa4
NORTHAMERICADC#20: flags = 0x24
NORTHAMERICA#1b: flags = 0x24
NORTHAMERICA#1e: flags = 0xa4
NORTHAMERICA#1d: flags = 0x24
__MSBROWSE__#01: flags = 0xa4
name_status_find: name found, name NORTHAMERICADC ip address is 192.168.93.197
check_negative_conn_cache: returning negative entry for NORTHAMERICA, NORTHAMERICADC
name_status_find: looking up NORTHAMERICA#1c at 192.168.93.79
Cache entry with key = NBT/NORTHAMERICA#1C.20.192.168.93.79 couldn't be found
namecache_status_fetch: no entry for NBT/NORTHAMERICA#1C.20.192.168.93.79 found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C.20.192.168.93.79)
bind succeeded on port 0
Sending a packet of len 50 to (192.168.93.79) on port 137
Sending a packet of len 50 to (192.168.93.79) on port 137
name_status_find: name not found
Could not open a connection to NORTHAMERICA for \PIPE\NETLOGON
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
could not open handle to NETLOGON pipe (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
NTLM CRAP authentication for user [NORTHAMERICA]\[na_user5] returned NT_STATUS_NO_LOGON_SERVERS
(PAM: 4)
client_write: wrote 1300 bytes.

---------------- winbindd.log Samba 3.0.7 BUG FREE --------
, time is now 1110228772
Search for (objectclass=*) gave 1 replies
store_cache_seqnum: success [NORTHAMERICA][628919 @ 1110228772]
refresh_sequence_number: NORTHAMERICA seq number is now 628919
client_write: wrote 1300 bytes.
client_write: need to write 50 extra data bytes.
client_write: wrote 50 bytes.
client_write: client_write: complete response written.
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 25, pid 7115: EOF
accepted socket 24
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn INTERFACE_VERSION
[ 7119]: request interface version
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[ 7119]: request location of privileged pipe
client_write: wrote 1300 bytes.
client_write: need to write 36 extra data bytes.
client_write: wrote 36 bytes.
client_write: client_write: complete response written.
accepted socket 25
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 24, pid 7119: EOF
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn DOMAIN_INFO
[ 7119]: domain_info [NORTHAMERICA.SNAPQA]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
name_to_sid: [Cached] - doing backend query for name for domain NORTHAMERICA
rpc: name_to_sid name=na_user5
name_to_sid [rpc] na_user5 for domain NORTHAMERICA
ads_dc_name: domain=NORTHAMERICA
ads_find_dc: looking for realm 'NORTHAMERICA.SNAPQA'
get_sorted_dc_list: attempting lookup using [ads]
internal_resolve_name: looking up NORTHAMERICA.SNAPQA#1c
Cache entry with key = NBT/NORTHAMERICA.SNAPQA#1C couldn't be found
no entry for NORTHAMERICA.SNAPQA#1C found.
Deleting cache entry (key = NBT/NORTHAMERICA.SNAPQA#1C)
resolve_hosts: Attempting to resolve DC's for NORTHAMERICA.SNAPQA using DNS
Adding 0 DC's from auto lookup
get_dc_list: no servers found
ads_find_dc: looking for domain 'NORTHAMERICA'
get_sorted_dc_list: attempting lookup using [host ads lmhosts wins bcast]
internal_resolve_name: looking up NORTHAMERICA#1c
Returning expired cache entry: key = NBT/NORTHAMERICA#1C, value =
192.168.93.197:0,192.168.93.79:0, timeout = Mon Mar  7 20:52:50 2005

no entry for NORTHAMERICA#1C found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C)
resolve_hosts: not appropriate for name type <0x1c>
resolve_hosts: Attempting to resolve DC's for NORTHAMERICA using DNS
resolve_lmhosts: Attempting lmhosts lookup for name NORTHAMERICA<0x1c>
startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such file or directory
resolve_wins: Attempting wins lookup for name NORTHAMERICA<0x1c>
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
Current wins server for tag 'eth0' with source 0.0.0.0 is 10.25.5.30
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
resolve_wins: using WINS server 10.25.5.30 and tag 'eth0'
bind succeeded on port 0
Sending a packet of len 50 to (10.25.5.30) on port 137
read_udp_socket: lastip 10.25.5.30 lastport 137 read: 74
parse_nmb: packet id = 9394
Received a packet of len 74 from (10.25.5.30) port 137
nmb packet from 10.25.5.30(137) header: id=9394 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=NORTHAMERICA<1c> rr_type=32 rr_class=1 ttl=0
    answers   0 char ....].....]O....   hex 8000C0A85DC58000C0A85D4F8000C0A8
    answers  10 char ].   hex 5DC5
Got a positive name query response from 10.25.5.30 ( 192.168.93.197 192.168.93.79 192.168.93.197 )
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 2 addresses for NORTHAMERICA#1c: 192.168.93.197:0,192.168.93.79:0
Adding cache entry with key = NBT/NORTHAMERICA#1C; value = 192.168.93.197:0,192.168.93.79:0 and
timeout = Mon Mar  7 20:53:10 2005
 (0 seconds in the past)
internal_resolve_name: returning 2 addresses: 192.168.93.197:0 192.168.93.79:0 
Adding 2 DC's from auto lookup
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 2 ip addresses in an unordered list
get_dc_list: 192.168.93.197:0 192.168.93.79:0 
ads_try_connect: trying ldap server '192.168.93.197' port 389
Connected to LDAP server 192.168.93.197
got ldap server name northamericadc at NORTHAMERICA.SNAPQA, using bind path:
dc=NORTHAMERICA,dc=SNAPQA
time offset is 1 seconds
ads_dc_name: using server='NORTHAMERICADC' IP=192.168.93.197
IPC$ connections done anonymously
secrets_named_mutex: got mutex for NORTHAMERICADC
Connecting to host=NORTHAMERICADC
Connecting to 192.168.93.197 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 87380
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(24,183)
write_socket(24,183) wrote 183
got smb length of 192
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7014
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   17 (0x11)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=  499 (0x1F3)
smb_vwv[11]=57472 (0xE080)
smb_vwv[12]=31132 (0x799C)
smb_vwv[13]=22444 (0x57AC)
smb_vwv[14]=50467 (0xC523)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]=    1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E  B0 14 F8 35 20 98 01 3A  .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05  05 02 A0 5F 30 5D A0 30  `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23  6E 6F 72 74 68 61 6D 65  .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40  4E 4F 52 54 48 41 4D 45  ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41  50 51 41                 RICA.SNA PQA
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7014
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   17 (0x11)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=  499 (0x1F3)
smb_vwv[11]=57472 (0xE080)
smb_vwv[12]=31132 (0x799C)
smb_vwv[13]=22444 (0x57AC)
smb_vwv[14]=50467 (0xC523)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]=    1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E  B0 14 F8 35 20 98 01 3A  .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05  05 02 A0 5F 30 5D A0 30  `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23  6E 6F 72 74 68 61 6D 65  .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40  4E 4F 52 54 48 41 4D 45  ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41  50 51 41                 RICA.SNA PQA
connecting to NORTHAMERICADC from SNAP610010 with kerberos principal
[SNAP610010$@NORTHAMERICA.SNAPQA]
Doing spnego session setup (blob length=123)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=northamericadc$@NORTHAMERICA.SNAPQA
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Tue, 08 Mar 2005 06:53:11 GMT
Ticket (northamericadc$@NORTHAMERICA.SNAPQA) in ccache (MEMORY:cliconnect) is valid until: (Tue,
08 Mar 2005 06:53:11 GMT - 1110264791)
Got KRB5 session key of length 8
Mandatory SMB signing enabled!
SMB signing enabled!
cli_simple_set_signing: user_session_key
[000] A4 5B FB 1F 1A 15 9B 85                           .[...... 
cli_simple_set_signing: NULL response_data
simple_packet_signature: sequence number 0
client_sign_outgoing_message: sent SMB signature of
[000] 75 E7 3C CB 3D 37 04 92                           u.<.=7.. 
store_sequence_for_reply: stored seq = 1 mid = 2
write_socket(24,1304)
write_socket(24,1304) wrote 1304
got smb length of 167
size=167
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=7014
smb_uid=6145
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=  167 (0xA7)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=   26 (0x1A)
smb_bcc=124
[000] A1 18 30 16 A0 03 0A 01  00 A1 0B 06 09 2A 86 48  ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02  04 00 9A 57 00 69 00 6E  ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
[030] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
[040] 00 20 00 33 00 37 00 39  00 30 00 00 00 57 00 69  . .3.7.9 .0...W.i
[050] 00 6E 00 64 00 6F 00 77  00 73 00 20 00 53 00 65  .n.d.o.w .s. .S.e
[060] 00 72 00 76 00 65 00 72  00 20 00 32 00 30 00 30  .r.v.e.r . .2.0.0
[070] 00 33 00 20 00 35 00 2E  00 32 00 00              .3. .5.. .2..
get_sequence_for_reply: found seq = 1 mid = 2
simple_packet_signature: sequence number 1
client_check_incoming_message: seq 1: got good SMB signature of
[000] 9F 02 DC 3A 19 CC 48 F4                           ...:..H. 
size=167
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=7014
smb_uid=6145
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=  167 (0xA7)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=   26 (0x1A)
smb_bcc=124
[000] A1 18 30 16 A0 03 0A 01  00 A1 0B 06 09 2A 86 48  ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02  04 00 9A 57 00 69 00 6E  ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
[030] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
[040] 00 20 00 33 00 37 00 39  00 30 00 00 00 57 00 69  . .3.7.9 .0...W.i
[050] 00 6E 00 64 00 6F 00 77  00 73 00 20 00 53 00 65  .n.d.o.w .s. .S.e
[060] 00 72 00 76 00 65 00 72  00 20 00 32 00 30 00 30  .r.v.e.r . .2.0.0
[070] 00 33 00 20 00 35 00 2E  00 32 00 00              .3. .5.. .2..
simple_packet_signature: sequence number 2
client_sign_outgoing_message: sent SMB signature of
[000] D9 7B 47 AF B3 80 03 AD                           .{G..... 
store_sequence_for_reply: stored seq = 3 mid = 3
write_socket(24,96)
write_socket(24,96) wrote 96
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=3
smt_wct=3
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=   48 (0x30)
smb_vwv[ 2]=    1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00                              IPC.... 
get_sequence_for_reply: found seq = 3 mid = 3
simple_packet_signature: sequence number 3
client_check_incoming_message: seq 3: got good SMB signature of
[000] 23 F1 93 D9 50 D2 E4 14                           #...P... 
cli_init_creds: user  domain 
secrets_named_mutex: released mutex for NORTHAMERICADC
Using cleartext machine password
simple_packet_signature: sequence number 4
client_sign_outgoing_message: sent SMB signature of
[000] 28 87 2F 80 28 B7 3F 0D                           (./.(.?. 
store_sequence_for_reply: stored seq = 5 mid = 4
write_socket(24,108)
write_socket(24,108) wrote 108
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=4
smt_wct=34
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=  103 (0x67)
smb_vwv[ 2]= 3840 (0xF00)
smb_vwv[ 3]=  320 (0x140)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=    0 (0x0)
smb_vwv[11]=    0 (0x0)
smb_vwv[12]=    0 (0x0)
smb_vwv[13]=    0 (0x0)
smb_vwv[14]=    0 (0x0)
smb_vwv[15]=    0 (0x0)
smb_vwv[16]=    0 (0x0)
smb_vwv[17]=    0 (0x0)
smb_vwv[18]=    0 (0x0)
smb_vwv[19]=    0 (0x0)
smb_vwv[20]=    0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=    0 (0x0)
smb_vwv[23]=    0 (0x0)
smb_vwv[24]=   16 (0x10)
smb_vwv[25]=    0 (0x0)
smb_vwv[26]=    0 (0x0)
smb_vwv[27]=    0 (0x0)
smb_vwv[28]=    0 (0x0)
smb_vwv[29]=    0 (0x0)
smb_vwv[30]=    0 (0x0)
smb_vwv[31]=  512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=    5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 5 mid = 4
simple_packet_signature: sequence number 5
client_check_incoming_message: seq 5: got good SMB signature of
[000] 53 E3 23 25 83 F6 CA E2                           S.#%.... 
Bind RPC Pipe[400f]: \PIPE\NETLOGON
Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB  EF 00 01 23 45 67 CF FB  xV4.4... ...#Eg..
[010] 01 00 00 00                                       .... 
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
[010] 02 00 00 00                                       .... 
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0b
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0048
    000a auth_len  : 0000
    000c call_id   : 00000006
000010 smb_io_rpc_hdr_rb 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 10b8
        0012 max_rsize: 10b8
        0014 assoc_gid: 00000000
    0018 num_elements: 00000001
    001c context_id  : 0000
    001e num_syntaxes: 01
    00001f smb_io_rpc_iface 
        000020 smb_io_uuid uuid
            0020 data   : 12345678
            0024 data   : 1234
            0026 data   : abcd
            0028 data   : ef 00 
            002a data   : 01 23 45 67 cf fb 
        0030 version: 00000001
    000034 smb_io_rpc_iface 
        000034 smb_io_uuid uuid
            0034 data   : 8a885d04
            0038 data   : 1ceb
            003a data   : 11c9
            003c data   : 9f e8 
            003e data   : 08 00 2b 10 48 60 
        0044 version: 00000002
rpc_api_pipe: fnum:400f
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=5
smt_wct=16
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   72 (0x48)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=   82 (0x52)
smb_vwv[11]=   72 (0x48)
smb_vwv[12]=   82 (0x52)
smb_vwv[13]=    2 (0x2)
smb_vwv[14]=   38 (0x26)
smb_vwv[15]=16399 (0x400F)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 48  00 00 00 06 00 00 00 B8  .......H ........
[020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
[030] 56 34 12 34 12 CD AB EF  00 01 23 45 67 CF FB 01  V4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
[050] 10 48 60 02 00 00 00                              .H`.... 
simple_packet_signature: sequence number 6
client_sign_outgoing_message: sent SMB signature of
[000] 8A 41 57 03 30 87 57 33                           .AW.0.W3 
store_sequence_for_reply: stored seq = 7 mid = 5
write_socket(24,158)
write_socket(24,158) wrote 158
get_sequence_for_reply: found seq = 7 mid = 5
cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num =
8
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=5
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   68 (0x44)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   68 (0x44)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00  00 44 00 00 00 06 00 00  H....... .D......
[010] 00 B8 10 B8 10 89 CE 00  00 0C 00 5C 50 49 50 45  ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  01 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
simple_packet_signature: sequence number 7
client_check_incoming_message: seq 7: got good SMB signature of
[000] B7 EF 62 9F E5 4D A9 2C                           ..b..M., 
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=5
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   68 (0x44)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   68 (0x44)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00  00 44 00 00 00 06 00 00  H....... .D......
[010] 00 B8 10 B8 10 89 CE 00  00 0C 00 5C 50 49 50 45  ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  01 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num =
8
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0c
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0044
    000a auth_len  : 0000
    000c call_id   : 00000006
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 10b8
        0012 max_rsize: 10b8
        0014 assoc_gid: 0000ce89
    000018 smb_io_rpc_addr_str 
        0018 len: 000c
        001a str: \PIPE\lsass.
    000026 smb_io_rpc_results 
        0028 num_results: 01
        002c result     : 0000
        002e reason     : 0000
    000030 smb_io_rpc_iface 
        000030 smb_io_uuid uuid
            0030 data   : 8a885d04
            0034 data   : 1ceb
            0036 data   : 11c9
            0038 data   : 9f e8 
            003a data   : 08 00 2b 10 48 60 
        0040 version: 00000002
bind_rpc_pipe: accepted!
cli_net_req_chal: LSA Request Challenge from SNAP610010 to NORTHAMERICADC: F66216052F4789A5
init_q_req_chal: 676
init_q_req_chal: 685
000000 net_io_q_req_chal 
    0000 undoc_buffer: 00000001
    000004 smb_io_unistr2 
        0004 uni_max_len: 00000011
        0008 offset     : 00000000
        000c uni_str_len: 00000011
        0010 buffer     : \.\.N.O.R.T.H.A.M.E.R.I.C.A.D.C...
    000032 smb_io_unistr2 
        0034 uni_max_len: 0000000b
        0038 offset     : 00000000
        003c uni_str_len: 0000000b
        0040 buffer     : S.N.A.P.6.1.0.0.1.0...
    000056 smb_io_chal 
        0056 data: f6 62 16 05 2f 47 89 a5 
create_rpc_request: opnum: 0x4 data_len: 0x76
create_rpc_request: data_len: 76 auth_len: 0 alloc_hint: 66
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0076
    000a auth_len  : 0000
    000c call_id   : 00000007
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000066
    0014 context_id: 0000
    0016 opnum     : 0004
rpc_api_pipe: fnum:400f
size=200
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=6
smt_wct=16
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  118 (0x76)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=   82 (0x52)
smb_vwv[11]=  118 (0x76)
smb_vwv[12]=   82 (0x52)
smb_vwv[13]=    2 (0x2)
smb_vwv[14]=   38 (0x26)
smb_vwv[15]=16399 (0x400F)
smb_bcc=133
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 76  00 00 00 07 00 00 00 66  .......v .......f
[020] 00 00 00 00 00 04 00 01  00 00 00 11 00 00 00 00  ........ ........
[030] 00 00 00 11 00 00 00 5C  00 5C 00 4E 00 4F 00 52  .......\ .\.N.O.R
[040] 00 54 00 48 00 41 00 4D  00 45 00 52 00 49 00 43  .T.H.A.M .E.R.I.C
[050] 00 41 00 44 00 43 00 00  00 00 00 0B 00 00 00 00  .A.D.C.. ........
[060] 00 00 00 0B 00 00 00 53  00 4E 00 41 00 50 00 36  .......S .N.A.P.6
[070] 00 31 00 30 00 30 00 31  00 30 00 00 00 F6 62 16  .1.0.0.1 .0....b.
[080] 05 2F 47 89 A5                                    ./G.. 
simple_packet_signature: sequence number 8
client_sign_outgoing_message: sent SMB signature of
[000] D1 B5 0A C4 EF DB 40 24                           ......@$ 
store_sequence_for_reply: stored seq = 9 mid = 6
write_socket(24,204)
write_socket(24,204) wrote 204
get_sequence_for_reply: found seq = 9 mid = 6
cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num =
10
got smb length of 92
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=6
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   36 (0x24)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   36 (0x24)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=37
[000] 76 05 00 02 03 10 00 00  00 24 00 00 00 07 00 00  v....... .$......
[010] 00 0C 00 00 00 00 00 00  00 D2 38 31 E0 B5 8C 1C  ........ ..81....
[020] DA 00 00 00 00                                    ..... 
simple_packet_signature: sequence number 9
client_check_incoming_message: seq 9: got good SMB signature of
[000] 9C 40 33 35 A3 78 3D 2F                           . at 35.x=/ 
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=6
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   36 (0x24)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   36 (0x24)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=37
[000] 76 05 00 02 03 10 00 00  00 24 00 00 00 07 00 00  v....... .$......
[010] 00 0C 00 00 00 00 00 00  00 D2 38 31 E0 B5 8C 1C  ........ ..81....
[020] DA 00 00 00 00                                    ..... 
cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num =
10
rpc_check_hdr: rdata->data_size = 36
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0024
    000a auth_len  : 0000
    000c call_id   : 00000007
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 0000000c
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 36
rpc_api_pipe: fragment first and last both set
000018 net_io_r_req_chal 
    000018 smb_io_chal 
        0018 data: d2 38 31 e0 b5 8c 1c da 
    0020 status: NT_STATUS_OK
cred_session_key
	clnt_chal: F66216052F4789A5
	srv_chal : D23831E0B58C1CDA
	clnt+srv : C89B47E5E4D3A57F
	sess_key : 45D6BD1276CBC751
cred_create
	sess_key : 45D6BD1276CBC751
	stor_cred: F66216052F4789A5
	timestamp: 0
	timecred : F66216052F4789A5
	calc_cred: 61380E8EFE221678
cli_net_auth2: srv:\\NORTHAMERICADC acct:SNAP610010$ sc:2 mc: SNAP610010 chal 61380E8EFE221678
neg: 400701ff
init_q_auth_2: 797
make_log_info 1336
init_q_auth_2: 803
000000 net_io_q_auth_2 
    000000 smb_io_log_info 
        0000 undoc_buffer: 00000001
        000004 smb_io_unistr2 unistr2
            0004 uni_max_len: 00000011
            0008 offset     : 00000000
            000c uni_str_len: 00000011
            0010 buffer     : \.\.N.O.R.T.H.A.M.E.R.I.C.A.D.C...
        000032 smb_io_unistr2 unistr2
            0034 uni_max_len: 0000000c
            0038 offset     : 00000000
            003c uni_str_len: 0000000c
            0040 buffer     : S.N.A.P.6.1.0.0.1.0.$...
        0058 sec_chan: 0002
        00005a smb_io_unistr2 unistr2
            005c uni_max_len: 0000000b
            0060 offset     : 00000000
            0064 uni_str_len: 0000000b
            0068 buffer     : S.N.A.P.6.1.0.0.1.0...
    00007e smb_io_chal 
        007e data: 61 38 0e 8e fe 22 16 78 
    000086 net_io_neg_flags 
        0088 neg_flags: 400701ff
create_rpc_request: opnum: 0xf data_len: 0xa4
create_rpc_request: data_len: a4 auth_len: 0 alloc_hint: 94
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 00a4
    000a auth_len  : 0000
    000c call_id   : 00000008
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000094
    0014 context_id: 0000
    0016 opnum     : 000f
rpc_api_pipe: fnum:400f
size=246
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=7
smt_wct=16
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  164 (0xA4)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=   82 (0x52)
smb_vwv[11]=  164 (0xA4)
smb_vwv[12]=   82 (0x52)
smb_vwv[13]=    2 (0x2)
smb_vwv[14]=   38 (0x26)
smb_vwv[15]=16399 (0x400F)
smb_bcc=179
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 A4  00 00 00 08 00 00 00 94  ........ ........
[020] 00 00 00 00 00 0F 00 01  00 00 00 11 00 00 00 00  ........ ........
[030] 00 00 00 11 00 00 00 5C  00 5C 00 4E 00 4F 00 52  .......\ .\.N.O.R
[040] 00 54 00 48 00 41 00 4D  00 45 00 52 00 49 00 43  .T.H.A.M .E.R.I.C
[050] 00 41 00 44 00 43 00 00  00 00 00 0C 00 00 00 00  .A.D.C.. ........
[060] 00 00 00 0C 00 00 00 53  00 4E 00 41 00 50 00 36  .......S .N.A.P.6
[070] 00 31 00 30 00 30 00 31  00 30 00 24 00 00 00 02  .1.0.0.1 .0.$....
[080] 00 00 00 0B 00 00 00 00  00 00 00 0B 00 00 00 53  ........ .......S
[090] 00 4E 00 41 00 50 00 36  00 31 00 30 00 30 00 31  .N.A.P.6 .1.0.0.1
[0A0] 00 30 00 00 00 61 38 0E  8E FE 22 16 78 00 00 FF  .0...a8. ..".x...
[0B0] 01 07 40                                          ..@ 
simple_packet_signature: sequence number 10
client_sign_outgoing_message: sent SMB signature of
[000] BE 20 62 65 E8 83 2E 80                           . be.... 
store_sequence_for_reply: stored seq = 11 mid = 7
write_socket(24,250)
write_socket(24,250) wrote 250
get_sequence_for_reply: found seq = 11 mid = 7
cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num
= 12
got smb length of 96
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=7
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   40 (0x28)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   40 (0x28)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=41
[000] A4 05 00 02 03 10 00 00  00 28 00 00 00 08 00 00  ........ .(......
[010] 00 10 00 00 00 00 00 00  00 02 39 2F 55 E1 4E D1  ........ ..9/U.N.
[020] 94 FF 01 07 40 00 00 00  00                       .... at ... .
simple_packet_signature: sequence number 11
client_check_incoming_message: seq 11: got good SMB signature of
[000] 7F 19 E8 4A 8B 3D 7E FE                           ...J.=~. 
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=7
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   40 (0x28)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   40 (0x28)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=41
[000] A4 05 00 02 03 10 00 00  00 28 00 00 00 08 00 00  ........ .(......
[010] 00 10 00 00 00 00 00 00  00 02 39 2F 55 E1 4E D1  ........ ..9/U.N.
[020] 94 FF 01 07 40 00 00 00  00                       .... at ... .
cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num
= 12
rpc_check_hdr: rdata->data_size = 40
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0028
    000a auth_len  : 0000
    000c call_id   : 00000008
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000010
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 40
rpc_api_pipe: fragment first and last both set
000018 net_io_r_auth_2 
    000018 smb_io_chal 
        0018 data: 02 39 2f 55 e1 4e d1 94 
    000020 net_io_neg_flags 
        0020 neg_flags: 400701ff
    0024 status: NT_STATUS_OK
cred_create
	sess_key : 45D6BD1276CBC751
	stor_cred: D23831E0B58C1CDA
	timestamp: 0
	timecred : D23831E0B58C1CDA
	calc_cred: 02392F55E14ED194
cred_assert
	challenge : 02392F55E14ED194
	calculated: 02392F55E14ED194
credentials check ok
simple_packet_signature: sequence number 12
client_sign_outgoing_message: sent SMB signature of
[000] D3 A5 0F 56 1F 78 9B C3                           ...V.x.. 
store_sequence_for_reply: stored seq = 13 mid = 8
write_socket(24,104)
write_socket(24,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=8
smt_wct=34
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=  103 (0x67)
smb_vwv[ 2]= 1024 (0x400)
smb_vwv[ 3]=  384 (0x180)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=    0 (0x0)
smb_vwv[11]=    0 (0x0)
smb_vwv[12]=    0 (0x0)
smb_vwv[13]=    0 (0x0)
smb_vwv[14]=    0 (0x0)
smb_vwv[15]=    0 (0x0)
smb_vwv[16]=    0 (0x0)
smb_vwv[17]=    0 (0x0)
smb_vwv[18]=    0 (0x0)
smb_vwv[19]=    0 (0x0)
smb_vwv[20]=    0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=    0 (0x0)
smb_vwv[23]=    0 (0x0)
smb_vwv[24]=   16 (0x10)
smb_vwv[25]=    0 (0x0)
smb_vwv[26]=    0 (0x0)
smb_vwv[27]=    0 (0x0)
smb_vwv[28]=    0 (0x0)
smb_vwv[29]=    0 (0x0)
smb_vwv[30]=    0 (0x0)
smb_vwv[31]=  512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=    5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 13 mid = 8
simple_packet_signature: sequence number 13
client_check_incoming_message: seq 13: got good SMB signature of
[000] E8 B8 B7 4E F7 7B BD B9                           ...N.{.. 
Bind RPC Pipe[8004]: \PIPE\lsarpc
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AB  xW4.4... ...#Eg..
[010] 00 00 00 00                                       .... 
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
[010] 02 00 00 00                                       .... 
000000 smb_io_rpc_hdr_auth hdr_auth
    0000 auth_type    : 44
    0001 auth_level   : 05
    0002 padding      : 00
    0003 reserved     : 00
    0004 auth_context : 00000001
000008 smb_io_rpc_auth_netsec_neg netsec_neg
    0008 type1: 00000000
    000c type2: 00000003
[000] 4E 4F 52 54 48 41 4D 45  52 49 43 41              NORTHAME RICA
[000] 53 4E 41 50 36 31 30 30  31 30                    SNAP6100 10
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0b
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0070
    000a auth_len  : 0020
    000c call_id   : 00000009
000010 smb_io_rpc_hdr_rb 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 10b8
        0012 max_rsize: 10b8
        0014 assoc_gid: 00000000
    0018 num_elements: 00000001
    001c context_id  : 0000
    001e num_syntaxes: 01
    00001f smb_io_rpc_iface 
        000020 smb_io_uuid uuid
            0020 data   : 12345778
            0024 data   : 1234
            0026 data   : abcd
            0028 data   : ef 00 
            002a data   : 01 23 45 67 89 ab 
        0030 version: 00000000
    000034 smb_io_rpc_iface 
        000034 smb_io_uuid uuid
            0034 data   : 8a885d04
            0038 data   : 1ceb
            003a data   : 11c9
            003c data   : 9f e8 
            003e data   : 08 00 2b 10 48 60 
        0044 version: 00000002
rpc_api_pipe: fnum:8004
size=194
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=9
smt_wct=16
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  112 (0x70)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=   82 (0x52)
smb_vwv[11]=  112 (0x70)
smb_vwv[12]=   82 (0x52)
smb_vwv[13]=    2 (0x2)
smb_vwv[14]=   38 (0x26)
smb_vwv[15]=32772 (0x8004)
smb_bcc=127
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 70  00 20 00 09 00 00 00 B8  .......p . ......
[020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
[030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AB 00  W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
[050] 10 48 60 02 00 00 00 44  05 00 00 01 00 00 00 00  .H`....D ........
[060] 00 00 00 03 00 00 00 4E  4F 52 54 48 41 4D 45 52  .......N ORTHAMER
[070] 49 43 41 00 53 4E 41 50  36 31 30 30 31 30 00     ICA.SNAP 610010.
simple_packet_signature: sequence number 14
client_sign_outgoing_message: sent SMB signature of
[000] DE 1C 1E 59 3A EC F8 1E                           ...Y:... 
store_sequence_for_reply: stored seq = 15 mid = 9
write_socket(24,198)
write_socket(24,198) wrote 198
get_sequence_for_reply: found seq = 15 mid = 9
cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num
= 16
got smb length of 144
size=144
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=9
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   88 (0x58)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   88 (0x58)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=89
[000] 70 05 00 0C 03 10 00 00  00 58 00 0C 00 09 00 00  p....... .X......
[010] 00 B8 10 B8 10 8A CE 00  00 0C 00 5C 50 49 50 45  ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00 44 05 00  00 01 00 00 00 01 00 00  `....D.. ........
[050] 00 00 00 00 00 00 00 00  00                       ........ .
simple_packet_signature: sequence number 15
client_check_incoming_message: seq 15: got good SMB signature of
[000] A8 5A 0F 9A 17 75 72 7C                           .Z...ur| 
size=144
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=9
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   88 (0x58)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   88 (0x58)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=89
[000] 70 05 00 0C 03 10 00 00  00 58 00 0C 00 09 00 00  p....... .X......
[010] 00 B8 10 B8 10 8A CE 00  00 0C 00 5C 50 49 50 45  ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00 44 05 00  00 01 00 00 00 01 00 00  `....D.. ........
[050] 00 00 00 00 00 00 00 00  00                       ........ .
cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num
= 16
rpc_check_hdr: rdata->data_size = 88
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0c
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0058
    000a auth_len  : 000c
    000c call_id   : 00000009
rpc_api_pipe: len left: 0 smbtrans read: 88
rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No 
rpc_auth_pipe: packet:
000000 smb_io_rpc_hdr_auth auth_hdr
    0000 auth_type    : 44
    0001 auth_level   : 05
    0002 padding      : 00
    0003 reserved     : 00
    0004 auth_context : 00000001
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 10b8
        0012 max_rsize: 10b8
        0014 assoc_gid: 0000ce8a
    000018 smb_io_rpc_addr_str 
        0018 len: 000c
        001a str: \PIPE\lsass.
    000026 smb_io_rpc_results 
        0028 num_results: 01
        002c result     : 0000
        002e reason     : 0000
    000030 smb_io_rpc_iface 
        000030 smb_io_uuid uuid
            0030 data   : 8a885d04
            0034 data   : 1ceb
            0036 data   : 11c9
            0038 data   : 9f e8 
            003a data   : 08 00 2b 10 48 60 
        0040 version: 00000002
bind_rpc_pipe: accepted!
init_open_pol: attr:0 da:33554432
init_lsa_obj_attr
000000 lsa_io_q_open_pol 
    0000 ptr       : 00000001
    0004 system_name: 005c
    000008 lsa_io_obj_attr 
        0008 len         : 00000018
        000c ptr_root_dir: 00000000
        0010 ptr_obj_name: 00000000
        0014 attributes  : 00000000
        0018 ptr_sec_desc: 00000000
        001c ptr_sec_qos : 00000000
    0020 des_access: 02000000
000028 smb_io_rpc_hdr_auth hdr_auth
    0028 auth_type    : 44
    0029 auth_level   : 05
    002a padding      : 04
    002b reserved     : 00
    002c auth_context : 00000001
SCHANNEL seq_num=0
SCHANNEL: netsec_encode seq_num=0 data_len=40
000030 smb_io_rpc_auth_netsec_chk 
    0030 sig  : 77 00 ff ff ff ff 00 00 
    0038 seq_num: 67 1f 4e a4 f0 71 2e 4c 
    0040 packet_digest: 66 02 4b 28 7b c4 49 87 
    0048 confounder: 63 fe 7d d0 4f 69 d2 a2 
create_rpc_request: opnum: 0x6 data_len: 0x68
create_rpc_request: data_len: 68 auth_len: 20 alloc_hint: 30
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0068
    000a auth_len  : 0020
    000c call_id   : 0000000a
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000030
    0014 context_id: 0000
    0016 opnum     : 0006
rpc_api_pipe: fnum:8004
size=186
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=10
smt_wct=16
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  104 (0x68)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=   82 (0x52)
smb_vwv[11]=  104 (0x68)
smb_vwv[12]=   82 (0x52)
smb_vwv[13]=    2 (0x2)
smb_vwv[14]=   38 (0x26)
smb_vwv[15]=32772 (0x8004)
smb_bcc=119
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 68  00 20 00 0A 00 00 00 30  .......h . .....0
[020] 00 00 00 00 00 06 00 01  00 00 00 5C 00 00 00 18  ........ ...\....
[030] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[040] 00 00 00 00 00 00 00 00  00 00 02 00 00 00 00 44  ........ .......D
[050] 05 04 00 01 00 00 00 77  00 FF FF FF FF 00 00 67  .......w .......g
[060] 1F 4E A4 F0 71 2E 4C 66  02 4B 28 7B C4 49 87 63  .N..q.Lf .K({.I.c
[070] FE 7D D0 4F 69 D2 A2                              .}.Oi.. 
simple_packet_signature: sequence number 16
client_sign_outgoing_message: sent SMB signature of
[000] C9 5D F6 AB 01 31 AE 23                           .]...1.# 
store_sequence_for_reply: stored seq = 17 mid = 10
write_socket(24,190)
write_socket(24,190) wrote 190
get_sequence_for_reply: found seq = 17 mid = 10
cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16
data->send_seq_num = 18
got smb length of 152
size=152
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=10
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   96 (0x60)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   96 (0x60)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=97
[000] 68 05 00 02 03 10 00 00  00 60 00 20 00 0A 00 00  h....... .`. ....
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 FA 72 FB  ........ ......r.
[020] 91 5B 67 B8 44 A3 19 A2  5D E0 BB BC D4 00 00 00  .[g.D... ].......
[030] 00 00 00 00 00 00 00 00  00 44 05 08 00 01 00 00  ........ .D......
[040] 00 77 00 FF FF FF FF 00  00 48 A5 2E CC 7D 39 30  .w...... .H...}90
[050] E6 77 CF A8 E7 7C 26 28  BE 00 00 00 00 00 00 00  .w...|&( ........
[060] 00                                                . 
simple_packet_signature: sequence number 17
client_check_incoming_message: seq 17: got good SMB signature of
[000] BC F3 8D EE 94 11 9B E3                           ........ 
size=152
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=10
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=   96 (0x60)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   96 (0x60)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=97
[000] 68 05 00 02 03 10 00 00  00 60 00 20 00 0A 00 00  h....... .`. ....
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 FA 72 FB  ........ ......r.
[020] 91 5B 67 B8 44 A3 19 A2  5D E0 BB BC D4 00 00 00  .[g.D... ].......
[030] 00 00 00 00 00 00 00 00  00 44 05 08 00 01 00 00  ........ .D......
[040] 00 77 00 FF FF FF FF 00  00 48 A5 2E CC 7D 39 30  .w...... .H...}90
[050] E6 77 CF A8 E7 7C 26 28  BE 00 00 00 00 00 00 00  .w...|&( ........
[060] 00                                                . 
cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num
= 18
rpc_check_hdr: rdata->data_size = 96
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0060
    000a auth_len  : 0020
    000c call_id   : 0000000a
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000018
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 96
rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No 
rpc_auth_pipe: packet:
000000 smb_io_rpc_hdr_auth auth_hdr
    0000 auth_type    : 44
    0001 auth_level   : 05
    0002 padding      : 08
    0003 reserved     : 00
    0004 auth_context : 00000001
000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign
    0008 sig  : 77 00 ff ff ff ff 00 00 
    0010 seq_num: 48 a5 2e cc 7d 39 30 e6 
    0018 packet_digest: 77 cf a8 e7 7c 26 28 be 
    0020 confounder: 00 00 00 00 00 00 00 00 
SCHANNEL: netsec_encode seq_num=1 data_len=32
SCHANNEL: netsec_decode seq_num=1 data_len=32
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_open_pol 
    000018 smb_io_pol_hnd 
        0018 data1: 00000000
        001c data2: 91fb72fa
        0020 data3: 675b
        0022 data4: 44b8
        0024 data5: a3 19 a2 5d e0 bb bc d4 
    002c status: NT_STATUS_OK
init_q_lookup_names
000000 lsa_io_q_lookup_names 
    000000 smb_io_pol_hnd 
        0000 data1: 00000000
        0004 data2: 91fb72fa
        0008 data3: 675b
        000a data4: 44b8
        000c data5: a3 19 a2 5d e0 bb bc d4 
    0014 num_entries    : 00000001
    0018 num_entries2   : 00000001
    00001c smb_io_unihdr hdr_name
        001c uni_str_len: 002a
        001e uni_max_len: 002a
        0020 buffer     : 00000001
    000024 smb_io_unistr2 dom_name
        0024 uni_max_len: 00000015
        0028 offset     : 00000000
        002c uni_str_len: 00000015
        0030 buffer     : N.O.R.T.H.A.M.E.R.I.C.A.\.n.a._.u.s.e.r.5.
    005c num_trans_entries : 00000000
    0060 ptr_trans_sids : 00000000
    0064 lookup_level   : 00000001
    0068 mapped_count   : 00000000
000070 smb_io_rpc_hdr_auth hdr_auth
    0070 auth_type    : 44
    0071 auth_level   : 05
    0072 padding      : 04
    0073 reserved     : 00
    0074 auth_context : 00000001
SCHANNEL seq_num=2
SCHANNEL: netsec_encode seq_num=2 data_len=112
000078 smb_io_rpc_auth_netsec_chk 
    0078 sig  : 77 00 ff ff ff ff 00 00 
    0080 seq_num: 38 28 7c a2 21 60 f0 33 
    0088 packet_digest: e4 4a ab 3e 6c 33 dc 99 
    0090 confounder: 11 74 dd a1 4f 0e 50 09 
create_rpc_request: opnum: 0xe data_len: 0xb0
create_rpc_request: data_len: b0 auth_len: 20 alloc_hint: 78
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 00b0
    000a auth_len  : 0020
    000c call_id   : 0000000b
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000078
    0014 context_id: 0000
    0016 opnum     : 000e
rpc_api_pipe: fnum:8004
size=258
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=11
smt_wct=16
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  176 (0xB0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_vwv[10]=   82 (0x52)
smb_vwv[11]=  176 (0xB0)
smb_vwv[12]=   82 (0x52)
smb_vwv[13]=    2 (0x2)
smb_vwv[14]=   38 (0x26)
smb_vwv[15]=32772 (0x8004)
smb_bcc=191
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 B0  00 20 00 0B 00 00 00 78  ........ . .....x
[020] 00 00 00 00 00 0E 00 00  00 00 00 FA 72 FB 91 5B  ........ ....r..[
[030] 67 B8 44 A3 19 A2 5D E0  BB BC D4 01 00 00 00 01  g.D...]. ........
[040] 00 00 00 2A 00 2A 00 01  00 00 00 15 00 00 00 00  ...*.*.. ........
[050] 00 00 00 15 00 00 00 4E  00 4F 00 52 00 54 00 48  .......N .O.R.T.H
[060] 00 41 00 4D 00 45 00 52  00 49 00 43 00 41 00 5C  .A.M.E.R .I.C.A.\
[070] 00 6E 00 61 00 5F 00 75  00 73 00 65 00 72 00 35  .n.a._.u .s.e.r.5
[080] 00 00 00 00 00 00 00 00  00 00 00 01 00 00 00 00  ........ ........
[090] 00 00 00 00 00 00 00 44  05 04 00 01 00 00 00 77  .......D .......w
[0A0] 00 FF FF FF FF 00 00 38  28 7C A2 21 60 F0 33 E4  .......8 (|.!`.3.
[0B0] 4A AB 3E 6C 33 DC 99 11  74 DD A1 4F 0E 50 09     J.>l3... t..O.P.
simple_packet_signature: sequence number 18
client_sign_outgoing_message: sent SMB signature of
[000] D9 BB 6E BF 71 CA 5D 81                           ..n.q.]. 
store_sequence_for_reply: stored seq = 19 mid = 11
write_socket(24,262)
write_socket(24,262) wrote 262
get_sequence_for_reply: found seq = 19 mid = 11
cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18
data->send_seq_num = 20
got smb length of 248
size=248
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=11
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  192 (0xC0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  192 (0xC0)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=193
[000] B0 05 00 02 03 10 00 00  00 C0 00 20 00 0B 00 00  ........ ... ....
[010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
[020] 00 04 00 02 00 20 00 00  00 01 00 00 00 18 00 1A  ..... .. ........
[030] 00 08 00 02 00 0C 00 02  00 0D 00 00 00 00 00 00  ........ ........
[040] 00 0C 00 00 00 4E 00 4F  00 52 00 54 00 48 00 41  .....N.O .R.T.H.A
[050] 00 4D 00 45 00 52 00 49  00 43 00 41 00 04 00 00  .M.E.R.I .C.A....
[060] 00 01 04 00 00 00 00 00  05 15 00 00 00 84 E6 FC  ........ ........
[070] A0 F4 CF 91 DA BB 6E B8  CE 01 00 00 00 10 00 02  ......n. ........
[080] 00 01 00 00 00 01 00 5D  6D 6E 04 00 00 00 00 00  .......] mn......
[090] 00 01 00 00 00 00 00 00  00 44 05 00 00 01 00 00  ........ .D......
[0A0] 00 77 00 FF FF FF FF 00  00 60 D3 92 B8 E0 C0 5A  .w...... .`.....Z
[0B0] D7 BF C1 79 BD 95 C1 88  28 00 00 00 00 00 00 00  ...y.... (.......
[0C0] 00                                                . 
simple_packet_signature: sequence number 19
client_check_incoming_message: seq 19: got good SMB signature of
[000] 3B 78 5A DB 6F 19 D6 C3                           ;xZ.o... 
size=248
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=11
smt_wct=10
smb_vwv[ 0]=    0 (0x0)
smb_vwv[ 1]=  192 (0xC0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  192 (0xC0)
smb_vwv[ 7]=   56 (0x38)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=193
[000] B0 05 00 02 03 10 00 00  00 C0 00 20 00 0B 00 00  ........ ... ....
[010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
[020] 00 04 00 02 00 20 00 00  00 01 00 00 00 18 00 1A  ..... .. ........
[030] 00 08 00 02 00 0C 00 02  00 0D 00 00 00 00 00 00  ........ ........
[040] 00 0C 00 00 00 4E 00 4F  00 52 00 54 00 48 00 41  .....N.O .R.T.H.A
[050] 00 4D 00 45 00 52 00 49  00 43 00 41 00 04 00 00  .M.E.R.I .C.A....
[060] 00 01 04 00 00 00 00 00  05 15 00 00 00 84 E6 FC  ........ ........
[070] A0 F4 CF 91 DA BB 6E B8  CE 01 00 00 00 10 00 02  ......n. ........
[080] 00 01 00 00 00 01 00 5D  6D 6E 04 00 00 00 00 00  .......] mn......
[090] 00 01 00 00 00 00 00 00  00 44 05 00 00 01 00 00  ........ .D......
[0A0] 00 77 00 FF FF FF FF 00  00 60 D3 92 B8 E0 C0 5A  .w...... .`.....Z
[0B0] D7 BF C1 79 BD 95 C1 88  28 00 00 00 00 00 00 00  ...y.... (.......
[0C0] 00                                                . 
cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num
= 20
rpc_check_hdr: rdata->data_size = 192
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 00c0
    000a auth_len  : 0020
    000c call_id   : 0000000b
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000080
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 192
rpc_auth_pipe: pkt_type: 2 len: 192 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No 
rpc_auth_pipe: packet:
000000 smb_io_rpc_hdr_auth auth_hdr
    0000 auth_type    : 44
    0001 auth_level   : 05
    0002 padding      : 00
    0003 reserved     : 00
    0004 auth_context : 00000001
000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign
    0008 sig  : 77 00 ff ff ff ff 00 00 
    0010 seq_num: 60 d3 92 b8 e0 c0 5a d7 
    0018 packet_digest: bf c1 79 bd 95 c1 88 28 
    0020 confounder: 00 00 00 00 00 00 00 00 
SCHANNEL: netsec_encode seq_num=3 data_len=128
SCHANNEL: netsec_decode seq_num=3 data_len=128
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_lookup_names 
    0018 ptr_dom_ref: 00020000
    00001c lsa_io_dom_r_ref 
        001c num_ref_doms_1: 00000001
        0020 ptr_ref_dom   : 00020004
        0024 max_entries   : 00000020
        0028 num_ref_doms_2: 00000001
        00002c smb_io_unihdr dom_ref[0] 
            002c uni_str_len: 0018
            002e uni_max_len: 001a
            0030 buffer     : 00020008
        0034 sid_ptr[0] : 0002000c
        000038 smb_io_unistr2 dom_ref[0] 
            0038 uni_max_len: 0000000d
            003c offset     : 00000000
            0040 uni_str_len: 0000000c
            0044 buffer     : N.O.R.T.H.A.M.E.R.I.C.A.
        00005c smb_io_dom_sid2 sid_ptr[0] 
            005c num_auths: 00000004
            000060 smb_io_dom_sid sid
                0060 sid_rev_num: 01
                0061 num_auths  : 04
                0062 id_auth[0] : 00
                0063 id_auth[1] : 00
                0064 id_auth[2] : 00
                0065 id_auth[3] : 00
                0066 id_auth[4] : 00
                0067 id_auth[5] : 05
                0068 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb 
    0078 num_entries: 00000001
    007c ptr_entries: 00020010
    0080 num_entries2: 00000001
    000084 smb_io_dom_rid2 
        0084 type   : 01
        0088 rid    : 0000046e
        008c rid_idx: 00000000
    0090 mapped_count: 00000001
    0094 status      : NT_STATUS_OK
wcache_save_name_to_sid: NA_USER5 -> 
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
sid_to_name: [Cached] - doing backend query for info for domain NORTHAMERICA
ads: query_user
Current tickets expire at 1110264767
, time is now 1110228791
Search for
(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\84\E6\FC\A0\F4\CF\91\DA\BB\6E\B8\CE\6E\04\00\00)
gave 1 replies
ads query_user gave na_User5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
wcache_save_user: S-1-5-21-2700928644-3666989044-3468193467-1134 (acct_name na_User5)
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047 
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETGROUPS
[ 7119]: getgroups NORTHAMERICA\na_User5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
Adding gids from user SID: S-1-5-21-2700928644-3666989044-3468193467-1134
Adding local gids from SID: S-1-5-21-2700928644-3666989044-3468193467-1134
netsamlogon_cache_get: SID [S-1-5-21-2700928644-3666989044-3468193467-1134]
0000 timestamp: 422cbec0
000004 net_io_user_info3 
    0004 ptr_user_info : 00020004
    000008 smb_io_time logon time
        0008 low : 65df8720
        000c high: 01c52357
    000010 smb_io_time logoff time
        0010 low : ffffffff
        0014 high: 7fffffff
    000018 smb_io_time kickoff time
        0018 low : ffffffff
        001c high: 7fffffff
    000020 smb_io_time last set time
        0020 low : 00000000
        0024 high: 00000000
    000028 smb_io_time can change time
        0028 low : 2a69c000
        002c high: 000000c9
    000030 smb_io_time must change time
        0030 low : ffffffff
        0034 high: 7fffffff
    000038 smb_io_unihdr hdr_user_name
        0038 uni_str_len: 0010
        003a uni_max_len: 0012
        003c buffer     : 00020008
    000040 smb_io_unihdr hdr_full_name
        0040 uni_str_len: 0000
        0042 uni_max_len: 0000
        0044 buffer     : 00000000
    000048 smb_io_unihdr hdr_logon_script
        0048 uni_str_len: 0000
        004a uni_max_len: 0000
        004c buffer     : 00000000
    000050 smb_io_unihdr hdr_profile_path
        0050 uni_str_len: 0000
        0052 uni_max_len: 0000
        0054 buffer     : 00000000
    000058 smb_io_unihdr hdr_home_dir
        0058 uni_str_len: 0000
        005a uni_max_len: 0000
        005c buffer     : 00000000
    000060 smb_io_unihdr hdr_dir_drive
        0060 uni_str_len: 0000
        0062 uni_max_len: 0000
        0064 buffer     : 00000000
    0068 logon_count   : 0534
    006a bad_pw_count  : 0000
    006c user_rid      : 0000046e
    0070 group_rid     : 00000201
    0074 num_groups    : 00000002
    0078 buffer_groups : 0002000c
    007c user_flgs     : 00000120
    0080 user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98 
    000090 smb_io_unihdr hdr_logon_srv
        0090 uni_str_len: 001c
        0092 uni_max_len: 001e
        0094 buffer     : 00020010
    000098 smb_io_unihdr hdr_logon_dom
        0098 uni_str_len: 0018
        009a uni_max_len: 001a
        009c buffer     : 00020014
    00a0 buffer_dom_id : 00020018
    00a4 padding       : 00 00 00 00 00 00 00 00 2e 8f ae 4d 08 2d b7 3c 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    00cc num_other_sids: 00000000
    00d0 buffer_other_sids: 00000000
    0000d4 smb_io_unistr2 uni_user_name
        00d4 uni_max_len: 00000009
        00d8 offset     : 00000000
        00dc uni_str_len: 00000008
        00e0 buffer     : n.a._.U.s.e.r.5.
    0000f0 smb_io_unistr2 - NULL uni_full_name
    0000f0 smb_io_unistr2 - NULL uni_logon_script
    0000f0 smb_io_unistr2 - NULL uni_profile_path
    0000f0 smb_io_unistr2 - NULL uni_home_dir
    0000f0 smb_io_unistr2 - NULL uni_dir_drive
    00f0 num_groups2   : 00000002
    0000f4 smb_io_gid 
        00f4 g_rid: 00000201
        00f8 attr : 00000007
    0000fc smb_io_gid 
        00fc g_rid: 000023b8
        0100 attr : 00000007
    000104 smb_io_unistr2 uni_logon_srv
        0104 uni_max_len: 0000000f
        0108 offset     : 00000000
        010c uni_str_len: 0000000e
        0110 buffer     : N.O.R.T.H.A.M.E.R.I.C.A.D.C.
    00012c smb_io_unistr2 uni_logon_dom
        012c uni_max_len: 0000000d
        0130 offset     : 00000000
        0134 uni_str_len: 0000000c
        0138 buffer     : N.O.R.T.H.A.M.E.R.I.C.A.
    000150 smb_io_dom_sid2 
        0150 num_auths: 00000004
        000154 smb_io_dom_sid sid
            0154 sid_rev_num: 01
            0155 num_auths  : 04
            0156 id_auth[0] : 00
            0157 id_auth[1] : 00
            0158 id_auth[2] : 00
            0159 id_auth[3] : 00
            015a id_auth[4] : 00
            015b id_auth[5] : 05
            015c sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb 
winbindd_getgroups: info3 has 2 groups, 0 other sids
Adding gids from group SID: S-1-5-21-2700928644-3666989044-3468193467-513
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
Adding local gids from SID: S-1-5-21-2700928644-3666989044-3468193467-513
Adding gids from group SID: S-1-5-21-2700928644-3666989044-3468193467-9144
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-9144]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-9144 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041
internal_get_id_from_sid: ID_GROUPID fetching record
S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041 
internal_get_sid_from_id: fetching record GID 34041
internal_get_sid_from_id: fetching record GID 34041 ->
S-1-5-21-2700928644-3666989044-3468193467-9144
idmap_sid_to_gid: gid = [34041]
Adding local gids from SID: S-1-5-21-2700928644-3666989044-3468193467-9144
remove_duplicate_gids: Enter 2 gids
remove_duplicate_gids: Exit 2 gids
client_write: wrote 1300 bytes.
client_write: need to write 8 extra data bytes.
client_write: wrote 8 bytes.
client_write: client_write: complete response written.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GID_TO_SID
[ 7119]: gid to sid 20001
idmap_gid_to_sid: gid = [20001]
db_get_sid_from_id: id_type_in = 0x2
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GID_TO_SID
[ 7119]: gid to sid 34041
idmap_gid_to_sid: gid = [34041]
db_get_sid_from_id: id_type_in = 0x2
internal_get_sid_from_id: fetching record GID 34041
internal_get_sid_from_id: fetching record GID 34041 ->
S-1-5-21-2700928644-3666989044-3468193467-9144
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-9144 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041
internal_get_id_from_sid: ID_GROUPID fetching record
S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041 
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047 
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047 
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047 
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047 
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001 
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.





=====
------------------------------
Ravi Wijayaratne


	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/


More information about the samba-technical mailing list