Winbindd communication with ADS DC fails for Samba-3.0.11
Ravi Wijayaratne
ravi_wija at yahoo.com
Tue Mar 8 00:50:52 GMT 2005
Hi All
I am trying to debug why winbindd fails to authenticate using info from a
ADS server where signing is enabled.
Here are the symptom of the problem:
How to reproduce
================
1. Join the domain ABC
2. Run net use * \\<IP of the server>\share1 /u:ABC/user1 user1_password from a Windows
(2k XP or 2k3 client)
3. Notice this fails
4. Then Run net use * \\<Name of server>\share1 /u:ABC/user1 user1_password
5. Notice that this operation succeeds.
I have attached log.winbindd
I tested Samba 3-0-7 and the problem does not exist in 3.0.7. I have attached both winbindd
logs.
Any insight re: this matter is much appreciated
Thank you
Ravi
--------from log.winbindd from 3.0.10 or 3.0.11 FAILED --------------
[ 2870]: setgrent
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn NETBIOS_NAME
[ 2870]: request netbios name
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn ENDGRENT
[ 2870]: endgrent
client_write: wrote 1300 bytes.
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 22, pid 7797: EOF
accepted socket 20
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn INTERFACE_VERSION
[ 7897]: request interface version
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[ 7897]: request location of privileged pipe
client_write: wrote 1300 bytes.
client_write: need to write 36 extra data bytes.
client_write: wrote 36 bytes.
client_write: client_write: complete response written.
accepted socket 22
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 20, pid 7897: EOF
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn PING
[ 7897]: ping
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn PING
[ 7897]: ping
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn AUTH_CRAP
[ 7897]: pam auth crap domain: NORTHAMERICA user: na_user5
is_myname("NORTHAMERICA") returns 0
Using cleartext machine password
check_negative_conn_cache: cache entry expired for NORTHAMERICA, NORTHAMERICADC
IPC$ connections done anonymously
secrets_named_mutex: got mutex for NORTHAMERICADC
write_socket(20,183)
write_socket(20,183) wrote 183
got smb length of 192
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7786
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 499 (0x1F3)
smb_vwv[11]=41088 (0xA080)
smb_vwv[12]=56888 (0xDE38)
smb_vwv[13]=36215 (0x8D77)
smb_vwv[14]=50466 (0xC522)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]= 1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E B0 14 F8 35 20 98 01 3A .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 74 68 61 6D 65 .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40 4E 4F 52 54 48 41 4D 45 ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41 50 51 41 RICA.SNA PQA
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7786
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 499 (0x1F3)
smb_vwv[11]=41088 (0xA080)
smb_vwv[12]=56888 (0xDE38)
smb_vwv[13]=36215 (0x8D77)
smb_vwv[14]=50466 (0xC522)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]= 1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E B0 14 F8 35 20 98 01 3A .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 74 68 61 6D 65 .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40 4E 4F 52 54 48 41 4D 45 ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41 50 51 41 RICA.SNA PQA
connecting to NORTHAMERICADC from SNAP2188265 with kerberos principal
[SNAP2188265$@NORTHAMERICA.SNAPQA]
Doing spnego session setup (blob length=123)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=northamericadc$@NORTHAMERICA.SNAPQA
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Mon, 07 Mar 2005 06:45:44 GMT
ads_krb5_mk_req: Ticket (northamericadc$@NORTHAMERICA.SNAPQA) in ccache (MEMORY:cliconnect) is
valid until: (Mon, 07 Mar 2005 06:45:44 GMT - 1110177944)
Got KRB5 session key of length 8
Mandatory SMB signing enabled!
SMB signing enabled!
cli_simple_set_signing: user_session_key
[000] 04 68 1F 89 8A DF 02 31 .h.....1
cli_simple_set_signing: NULL response_data
simple_packet_signature: sequence number 0
client_sign_outgoing_message: sent SMB signature of
[000] 9B 07 E4 C8 8C 46 FC EF .....F..
store_sequence_for_reply: stored seq = 1 mid = 2
write_socket(20,1322)
write_socket(20,1322) wrote 1322
got smb length of 167
size=167
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=7786
smb_uid=12290
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 167 (0xA7)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 26 (0x1A)
smb_bcc=124
[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02 04 00 9A 57 00 69 00 6E ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r
[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3
[040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i
[050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e
[060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0
[070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2..
get_sequence_for_reply: found seq = 1 mid = 2
simple_packet_signature: sequence number 1
client_check_incoming_message: BAD SIG: wanted SMB signature of
[000] 18 42 A1 72 FF F2 22 83 .B.r..".
client_check_incoming_message: BAD SIG: got SMB signature of
[000] 31 D1 BC 7E 1C 5D F5 17 1..~.]..
simple_packet_signature: sequence number 4294967292
simple_packet_signature: sequence number 4294967293
simple_packet_signature: sequence number 4294967294
simple_packet_signature: sequence number 4294967295
simple_packet_signature: sequence number 0
simple_packet_signature: sequence number 1
simple_packet_signature: sequence number 2
simple_packet_signature: sequence number 3
simple_packet_signature: sequence number 4
simple_packet_signature: sequence number 5
signing_good: BAD SIG: seq 1
SMB Signature verification failed on incoming packet!
failed kerberos session setup with Undetermined error
secrets_named_mutex: released mutex for NORTHAMERICADC
add_failed_connection_entry: added domain NORTHAMERICA (NORTHAMERICADC) to failed conn cache
check_negative_conn_cache: returning negative entry for NORTHAMERICA, NORTHAMERICADC
Using cleartext machine password
internal_resolve_name: looking up NORTHAMERICA#1c
Returning expired cache entry: key = NBT/NORTHAMERICA#1C, value =
192.168.93.197:0,192.168.93.79:0, timeout = Sun Mar 6 20:44:35 2005
no entry for NORTHAMERICA#1C found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C)
resolve_hosts: not appropriate for name type <0x1c>
resolve_hosts: Attempting to resolve DC's for NORTHAMERICA using DNS
resolve_lmhosts: Attempting lmhosts lookup for name NORTHAMERICA<0x1c>
startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such file or directory
resolve_wins: Attempting wins lookup for name NORTHAMERICA<0x1c>
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
Current wins server for tag 'eth0' with source 0.0.0.0 is 10.25.5.30
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
resolve_wins: using WINS server 10.25.5.30 and tag 'eth0'
bind succeeded on port 0
Sending a packet of len 50 to (10.25.5.30) on port 137
read_udp_socket: lastip 10.25.5.30 lastport 137 read: 74
parse_nmb: packet id = 17423
Received a packet of len 74 from (10.25.5.30) port 137
nmb packet from 10.25.5.30(137) header: id=17423 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NORTHAMERICA<1c> rr_type=32 rr_class=1 ttl=0
answers 0 char ....].....]O.... hex 8000C0A85DC58000C0A85D4F8000C0A8
answers 10 char ]. hex 5DC5
Got a positive name query response from 10.25.5.30 ( 192.168.93.197 192.168.93.79 192.168.93.197 )
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 2 addresses for NORTHAMERICA#1c: 192.168.93.197:0,192.168.93.79:0
Adding cache entry with key = NBT/NORTHAMERICA#1C; value = 192.168.93.197:0,192.168.93.79:0 and
timeout = Sun Mar 6 20:45:44 2005
(0 seconds in the past)
internal_resolve_name: returning 2 addresses: 192.168.93.197:0 192.168.93.79:0
name_status_find: looking up NORTHAMERICA#1c at 192.168.93.197
Cache entry with key = NBT/NORTHAMERICA#1C.20.192.168.93.197 couldn't be found
namecache_status_fetch: no entry for NBT/NORTHAMERICA#1C.20.192.168.93.197 found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C.20.192.168.93.197)
bind succeeded on port 0
Sending a packet of len 50 to (192.168.93.197) on port 137
read_udp_socket: lastip 192.168.93.197 lastport 137 read: 301
parse_nmb: packet id = 8680
Received a packet of len 301 from (192.168.93.197) port 137
nmb packet from 192.168.93.197(137) header: id=8680 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NORTHAMERICA<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .NORTHAMERICADC hex 084E4F525448414D4552494341444320
answers 10 char .$.NORTHAMERICA hex 0024004E4F525448414D455249434120
answers 20 char ...NORTHAMERIC hex 202000A4004E4F525448414D45524943
answers 30 char A ...NORTHAMER hex 412020201CA4004E4F525448414D4552
answers 40 char ICADC $.NORTHAM hex 4943414443202024004E4F525448414D
answers 50 char ERICA .$.NORTH hex 45524943412020201B24004E4F525448
answers 60 char AMERICA ...NOR hex 414D45524943412020201EA4004E4F52
answers 70 char THAMERICA .$.. hex 5448414D45524943412020201D240001
answers 80 char .__MSBROWSE__... hex 025F5F4D5342524F5753455F5F0201A4
answers 90 char ..PVWH.......... hex 000050565748CC000000000000000000
answers a0 char ................ hex 00000000000000000000000000000000
answers b0 char ............... hex 000000000000000000000000000000
NORTHAMERICADC#00: flags = 0x24
NORTHAMERICA#00: flags = 0xa4
NORTHAMERICA#1c: flags = 0xa4
NORTHAMERICADC#20: flags = 0x24
NORTHAMERICA#1b: flags = 0x24
NORTHAMERICA#1e: flags = 0xa4
NORTHAMERICA#1d: flags = 0x24
__MSBROWSE__#01: flags = 0xa4
name_status_find: name found, name NORTHAMERICADC ip address is 192.168.93.197
check_negative_conn_cache: returning negative entry for NORTHAMERICA, NORTHAMERICADC
name_status_find: looking up NORTHAMERICA#1c at 192.168.93.79
Cache entry with key = NBT/NORTHAMERICA#1C.20.192.168.93.79 couldn't be found
namecache_status_fetch: no entry for NBT/NORTHAMERICA#1C.20.192.168.93.79 found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C.20.192.168.93.79)
bind succeeded on port 0
Sending a packet of len 50 to (192.168.93.79) on port 137
Sending a packet of len 50 to (192.168.93.79) on port 137
name_status_find: name not found
Could not open a connection to NORTHAMERICA for \PIPE\NETLOGON
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
could not open handle to NETLOGON pipe (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
NTLM CRAP authentication for user [NORTHAMERICA]\[na_user5] returned NT_STATUS_NO_LOGON_SERVERS
(PAM: 4)
client_write: wrote 1300 bytes.
---------------- winbindd.log Samba 3.0.7 BUG FREE --------
, time is now 1110228772
Search for (objectclass=*) gave 1 replies
store_cache_seqnum: success [NORTHAMERICA][628919 @ 1110228772]
refresh_sequence_number: NORTHAMERICA seq number is now 628919
client_write: wrote 1300 bytes.
client_write: need to write 50 extra data bytes.
client_write: wrote 50 bytes.
client_write: client_write: complete response written.
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 25, pid 7115: EOF
accepted socket 24
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn INTERFACE_VERSION
[ 7119]: request interface version
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[ 7119]: request location of privileged pipe
client_write: wrote 1300 bytes.
client_write: need to write 36 extra data bytes.
client_write: wrote 36 bytes.
client_write: client_write: complete response written.
accepted socket 25
client_read: read 0 bytes. Need 1824 more for a full request.
read failed on sock 24, pid 7119: EOF
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn DOMAIN_INFO
[ 7119]: domain_info [NORTHAMERICA.SNAPQA]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
name_to_sid: [Cached] - doing backend query for name for domain NORTHAMERICA
rpc: name_to_sid name=na_user5
name_to_sid [rpc] na_user5 for domain NORTHAMERICA
ads_dc_name: domain=NORTHAMERICA
ads_find_dc: looking for realm 'NORTHAMERICA.SNAPQA'
get_sorted_dc_list: attempting lookup using [ads]
internal_resolve_name: looking up NORTHAMERICA.SNAPQA#1c
Cache entry with key = NBT/NORTHAMERICA.SNAPQA#1C couldn't be found
no entry for NORTHAMERICA.SNAPQA#1C found.
Deleting cache entry (key = NBT/NORTHAMERICA.SNAPQA#1C)
resolve_hosts: Attempting to resolve DC's for NORTHAMERICA.SNAPQA using DNS
Adding 0 DC's from auto lookup
get_dc_list: no servers found
ads_find_dc: looking for domain 'NORTHAMERICA'
get_sorted_dc_list: attempting lookup using [host ads lmhosts wins bcast]
internal_resolve_name: looking up NORTHAMERICA#1c
Returning expired cache entry: key = NBT/NORTHAMERICA#1C, value =
192.168.93.197:0,192.168.93.79:0, timeout = Mon Mar 7 20:52:50 2005
no entry for NORTHAMERICA#1C found.
Deleting cache entry (key = NBT/NORTHAMERICA#1C)
resolve_hosts: not appropriate for name type <0x1c>
resolve_hosts: Attempting to resolve DC's for NORTHAMERICA using DNS
resolve_lmhosts: Attempting lmhosts lookup for name NORTHAMERICA<0x1c>
startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such file or directory
resolve_wins: Attempting wins lookup for name NORTHAMERICA<0x1c>
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
Current wins server for tag 'eth0' with source 0.0.0.0 is 10.25.5.30
Cache entry with key = WINS_SRV_DEAD/10.25.5.30,0.0.0.0 couldn't be found
wins_srv_is_dead: 10.25.5.30 is alive
resolve_wins: using WINS server 10.25.5.30 and tag 'eth0'
bind succeeded on port 0
Sending a packet of len 50 to (10.25.5.30) on port 137
read_udp_socket: lastip 10.25.5.30 lastport 137 read: 74
parse_nmb: packet id = 9394
Received a packet of len 74 from (10.25.5.30) port 137
nmb packet from 10.25.5.30(137) header: id=9394 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NORTHAMERICA<1c> rr_type=32 rr_class=1 ttl=0
answers 0 char ....].....]O.... hex 8000C0A85DC58000C0A85D4F8000C0A8
answers 10 char ]. hex 5DC5
Got a positive name query response from 10.25.5.30 ( 192.168.93.197 192.168.93.79 192.168.93.197 )
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 2 addresses for NORTHAMERICA#1c: 192.168.93.197:0,192.168.93.79:0
Adding cache entry with key = NBT/NORTHAMERICA#1C; value = 192.168.93.197:0,192.168.93.79:0 and
timeout = Mon Mar 7 20:53:10 2005
(0 seconds in the past)
internal_resolve_name: returning 2 addresses: 192.168.93.197:0 192.168.93.79:0
Adding 2 DC's from auto lookup
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 2 ip addresses in an unordered list
get_dc_list: 192.168.93.197:0 192.168.93.79:0
ads_try_connect: trying ldap server '192.168.93.197' port 389
Connected to LDAP server 192.168.93.197
got ldap server name northamericadc at NORTHAMERICA.SNAPQA, using bind path:
dc=NORTHAMERICA,dc=SNAPQA
time offset is 1 seconds
ads_dc_name: using server='NORTHAMERICADC' IP=192.168.93.197
IPC$ connections done anonymously
secrets_named_mutex: got mutex for NORTHAMERICADC
Connecting to host=NORTHAMERICADC
Connecting to 192.168.93.197 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 87380
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(24,183)
write_socket(24,183) wrote 183
got smb length of 192
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7014
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 499 (0x1F3)
smb_vwv[11]=57472 (0xE080)
smb_vwv[12]=31132 (0x799C)
smb_vwv[13]=22444 (0x57AC)
smb_vwv[14]=50467 (0xC523)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]= 1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E B0 14 F8 35 20 98 01 3A .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 74 68 61 6D 65 .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40 4E 4F 52 54 48 41 4D 45 ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41 50 51 41 RICA.SNA PQA
size=192
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7014
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 499 (0x1F3)
smb_vwv[11]=57472 (0xE080)
smb_vwv[12]=31132 (0x799C)
smb_vwv[13]=22444 (0x57AC)
smb_vwv[14]=50467 (0xC523)
smb_vwv[15]=57345 (0xE001)
smb_vwv[16]= 1 (0x1)
smb_bcc=123
[000] 9A 7B CD 06 DA 1B 57 4E B0 14 F8 35 20 98 01 3A .{....WN ...5 ..:
[010] 60 69 06 06 2B 06 01 05 05 02 A0 5F 30 5D A0 30 `i..+... ..._0].0
[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......*
[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H...
[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7...
[050] A3 29 30 27 A0 25 1B 23 6E 6F 72 74 68 61 6D 65 .)0'.%.# northame
[060] 72 69 63 61 64 63 24 40 4E 4F 52 54 48 41 4D 45 ricadc$@ NORTHAME
[070] 52 49 43 41 2E 53 4E 41 50 51 41 RICA.SNA PQA
connecting to NORTHAMERICADC from SNAP610010 with kerberos principal
[SNAP610010$@NORTHAMERICA.SNAPQA]
Doing spnego session setup (blob length=123)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=northamericadc$@NORTHAMERICA.SNAPQA
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Tue, 08 Mar 2005 06:53:11 GMT
Ticket (northamericadc$@NORTHAMERICA.SNAPQA) in ccache (MEMORY:cliconnect) is valid until: (Tue,
08 Mar 2005 06:53:11 GMT - 1110264791)
Got KRB5 session key of length 8
Mandatory SMB signing enabled!
SMB signing enabled!
cli_simple_set_signing: user_session_key
[000] A4 5B FB 1F 1A 15 9B 85 .[......
cli_simple_set_signing: NULL response_data
simple_packet_signature: sequence number 0
client_sign_outgoing_message: sent SMB signature of
[000] 75 E7 3C CB 3D 37 04 92 u.<.=7..
store_sequence_for_reply: stored seq = 1 mid = 2
write_socket(24,1304)
write_socket(24,1304) wrote 1304
got smb length of 167
size=167
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=7014
smb_uid=6145
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 167 (0xA7)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 26 (0x1A)
smb_bcc=124
[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02 04 00 9A 57 00 69 00 6E ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r
[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3
[040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i
[050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e
[060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0
[070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2..
get_sequence_for_reply: found seq = 1 mid = 2
simple_packet_signature: sequence number 1
client_check_incoming_message: seq 1: got good SMB signature of
[000] 9F 02 DC 3A 19 CC 48 F4 ...:..H.
size=167
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=7014
smb_uid=6145
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 167 (0xA7)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 26 (0x1A)
smb_bcc=124
[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H
[010] 82 F7 12 01 02 02 A2 02 04 00 9A 57 00 69 00 6E ........ ...W.i.n
[020] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r
[030] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3
[040] 00 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 . .3.7.9 .0...W.i
[050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e
[060] 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 .r.v.e.r . .2.0.0
[070] 00 33 00 20 00 35 00 2E 00 32 00 00 .3. .5.. .2..
simple_packet_signature: sequence number 2
client_sign_outgoing_message: sent SMB signature of
[000] D9 7B 47 AF B3 80 03 AD .{G.....
store_sequence_for_reply: stored seq = 3 mid = 3
write_socket(24,96)
write_socket(24,96) wrote 96
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=3
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00 IPC....
get_sequence_for_reply: found seq = 3 mid = 3
simple_packet_signature: sequence number 3
client_check_incoming_message: seq 3: got good SMB signature of
[000] 23 F1 93 D9 50 D2 E4 14 #...P...
cli_init_creds: user domain
secrets_named_mutex: released mutex for NORTHAMERICADC
Using cleartext machine password
simple_packet_signature: sequence number 4
client_sign_outgoing_message: sent SMB signature of
[000] 28 87 2F 80 28 B7 3F 0D (./.(.?.
store_sequence_for_reply: stored seq = 5 mid = 4
write_socket(24,108)
write_socket(24,108) wrote 108
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=4
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 3840 (0xF00)
smb_vwv[ 3]= 320 (0x140)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 5 mid = 4
simple_packet_signature: sequence number 5
client_check_incoming_message: seq 5: got good SMB signature of
[000] 53 E3 23 25 83 F6 CA E2 S.#%....
Bind RPC Pipe[400f]: \PIPE\NETLOGON
Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg..
[010] 01 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0048
000a auth_len : 0000
000c call_id : 00000006
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_elements: 00000001
001c context_id : 0000
001e num_syntaxes: 01
00001f smb_io_rpc_iface
000020 smb_io_uuid uuid
0020 data : 12345678
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 cf fb
0030 version: 00000001
000034 smb_io_rpc_iface
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: fnum:400f
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=5
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16399 (0x400F)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x
[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
simple_packet_signature: sequence number 6
client_sign_outgoing_message: sent SMB signature of
[000] 8A 41 57 03 30 87 57 33 .AW.0.W3
store_sequence_for_reply: stored seq = 7 mid = 5
write_socket(24,158)
write_socket(24,158) wrote 158
get_sequence_for_reply: found seq = 7 mid = 5
cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num =
8
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=5
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D......
[010] 00 B8 10 B8 10 89 CE 00 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
simple_packet_signature: sequence number 7
client_check_incoming_message: seq 7: got good SMB signature of
[000] B7 EF 62 9F E5 4D A9 2C ..b..M.,
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=5
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D......
[010] 00 B8 10 B8 10 89 CE 00 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num =
8
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0044
000a auth_len : 0000
000c call_id : 00000006
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 0000ce89
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
bind_rpc_pipe: accepted!
cli_net_req_chal: LSA Request Challenge from SNAP610010 to NORTHAMERICADC: F66216052F4789A5
init_q_req_chal: 676
init_q_req_chal: 685
000000 net_io_q_req_chal
0000 undoc_buffer: 00000001
000004 smb_io_unistr2
0004 uni_max_len: 00000011
0008 offset : 00000000
000c uni_str_len: 00000011
0010 buffer : \.\.N.O.R.T.H.A.M.E.R.I.C.A.D.C...
000032 smb_io_unistr2
0034 uni_max_len: 0000000b
0038 offset : 00000000
003c uni_str_len: 0000000b
0040 buffer : S.N.A.P.6.1.0.0.1.0...
000056 smb_io_chal
0056 data: f6 62 16 05 2f 47 89 a5
create_rpc_request: opnum: 0x4 data_len: 0x76
create_rpc_request: data_len: 76 auth_len: 0 alloc_hint: 66
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0076
000a auth_len : 0000
000c call_id : 00000007
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000066
0014 context_id: 0000
0016 opnum : 0004
rpc_api_pipe: fnum:400f
size=200
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=6
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 118 (0x76)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 118 (0x76)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16399 (0x400F)
smb_bcc=133
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 76 00 00 00 07 00 00 00 66 .......v .......f
[020] 00 00 00 00 00 04 00 01 00 00 00 11 00 00 00 00 ........ ........
[030] 00 00 00 11 00 00 00 5C 00 5C 00 4E 00 4F 00 52 .......\ .\.N.O.R
[040] 00 54 00 48 00 41 00 4D 00 45 00 52 00 49 00 43 .T.H.A.M .E.R.I.C
[050] 00 41 00 44 00 43 00 00 00 00 00 0B 00 00 00 00 .A.D.C.. ........
[060] 00 00 00 0B 00 00 00 53 00 4E 00 41 00 50 00 36 .......S .N.A.P.6
[070] 00 31 00 30 00 30 00 31 00 30 00 00 00 F6 62 16 .1.0.0.1 .0....b.
[080] 05 2F 47 89 A5 ./G..
simple_packet_signature: sequence number 8
client_sign_outgoing_message: sent SMB signature of
[000] D1 B5 0A C4 EF DB 40 24 ......@$
store_sequence_for_reply: stored seq = 9 mid = 6
write_socket(24,204)
write_socket(24,204) wrote 204
get_sequence_for_reply: found seq = 9 mid = 6
cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num =
10
got smb length of 92
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=6
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 36 (0x24)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=37
[000] 76 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 v....... .$......
[010] 00 0C 00 00 00 00 00 00 00 D2 38 31 E0 B5 8C 1C ........ ..81....
[020] DA 00 00 00 00 .....
simple_packet_signature: sequence number 9
client_check_incoming_message: seq 9: got good SMB signature of
[000] 9C 40 33 35 A3 78 3D 2F . at 35.x=/
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=6
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 36 (0x24)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=37
[000] 76 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 v....... .$......
[010] 00 0C 00 00 00 00 00 00 00 D2 38 31 E0 B5 8C 1C ........ ..81....
[020] DA 00 00 00 00 .....
cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num =
10
rpc_check_hdr: rdata->data_size = 36
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0024
000a auth_len : 0000
000c call_id : 00000007
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 0000000c
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 36
rpc_api_pipe: fragment first and last both set
000018 net_io_r_req_chal
000018 smb_io_chal
0018 data: d2 38 31 e0 b5 8c 1c da
0020 status: NT_STATUS_OK
cred_session_key
clnt_chal: F66216052F4789A5
srv_chal : D23831E0B58C1CDA
clnt+srv : C89B47E5E4D3A57F
sess_key : 45D6BD1276CBC751
cred_create
sess_key : 45D6BD1276CBC751
stor_cred: F66216052F4789A5
timestamp: 0
timecred : F66216052F4789A5
calc_cred: 61380E8EFE221678
cli_net_auth2: srv:\\NORTHAMERICADC acct:SNAP610010$ sc:2 mc: SNAP610010 chal 61380E8EFE221678
neg: 400701ff
init_q_auth_2: 797
make_log_info 1336
init_q_auth_2: 803
000000 net_io_q_auth_2
000000 smb_io_log_info
0000 undoc_buffer: 00000001
000004 smb_io_unistr2 unistr2
0004 uni_max_len: 00000011
0008 offset : 00000000
000c uni_str_len: 00000011
0010 buffer : \.\.N.O.R.T.H.A.M.E.R.I.C.A.D.C...
000032 smb_io_unistr2 unistr2
0034 uni_max_len: 0000000c
0038 offset : 00000000
003c uni_str_len: 0000000c
0040 buffer : S.N.A.P.6.1.0.0.1.0.$...
0058 sec_chan: 0002
00005a smb_io_unistr2 unistr2
005c uni_max_len: 0000000b
0060 offset : 00000000
0064 uni_str_len: 0000000b
0068 buffer : S.N.A.P.6.1.0.0.1.0...
00007e smb_io_chal
007e data: 61 38 0e 8e fe 22 16 78
000086 net_io_neg_flags
0088 neg_flags: 400701ff
create_rpc_request: opnum: 0xf data_len: 0xa4
create_rpc_request: data_len: a4 auth_len: 0 alloc_hint: 94
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00a4
000a auth_len : 0000
000c call_id : 00000008
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000094
0014 context_id: 0000
0016 opnum : 000f
rpc_api_pipe: fnum:400f
size=246
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=7
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 164 (0xA4)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 164 (0xA4)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=16399 (0x400F)
smb_bcc=179
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 A4 00 00 00 08 00 00 00 94 ........ ........
[020] 00 00 00 00 00 0F 00 01 00 00 00 11 00 00 00 00 ........ ........
[030] 00 00 00 11 00 00 00 5C 00 5C 00 4E 00 4F 00 52 .......\ .\.N.O.R
[040] 00 54 00 48 00 41 00 4D 00 45 00 52 00 49 00 43 .T.H.A.M .E.R.I.C
[050] 00 41 00 44 00 43 00 00 00 00 00 0C 00 00 00 00 .A.D.C.. ........
[060] 00 00 00 0C 00 00 00 53 00 4E 00 41 00 50 00 36 .......S .N.A.P.6
[070] 00 31 00 30 00 30 00 31 00 30 00 24 00 00 00 02 .1.0.0.1 .0.$....
[080] 00 00 00 0B 00 00 00 00 00 00 00 0B 00 00 00 53 ........ .......S
[090] 00 4E 00 41 00 50 00 36 00 31 00 30 00 30 00 31 .N.A.P.6 .1.0.0.1
[0A0] 00 30 00 00 00 61 38 0E 8E FE 22 16 78 00 00 FF .0...a8. ..".x...
[0B0] 01 07 40 ..@
simple_packet_signature: sequence number 10
client_sign_outgoing_message: sent SMB signature of
[000] BE 20 62 65 E8 83 2E 80 . be....
store_sequence_for_reply: stored seq = 11 mid = 7
write_socket(24,250)
write_socket(24,250) wrote 250
get_sequence_for_reply: found seq = 11 mid = 7
cli_signing_trans_start: storing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num
= 12
got smb length of 96
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=7
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 40 (0x28)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 40 (0x28)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=41
[000] A4 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(......
[010] 00 10 00 00 00 00 00 00 00 02 39 2F 55 E1 4E D1 ........ ..9/U.N.
[020] 94 FF 01 07 40 00 00 00 00 .... at ... .
simple_packet_signature: sequence number 11
client_check_incoming_message: seq 11: got good SMB signature of
[000] 7F 19 E8 4A 8B 3D 7E FE ...J.=~.
size=96
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=7
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 40 (0x28)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 40 (0x28)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=41
[000] A4 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(......
[010] 00 10 00 00 00 00 00 00 00 02 39 2F 55 E1 4E D1 ........ ..9/U.N.
[020] 94 FF 01 07 40 00 00 00 00 .... at ... .
cli_signing_trans_stop: freeing mid = 7, reply_seq_num = 11, send_seq_num = 10 data->send_seq_num
= 12
rpc_check_hdr: rdata->data_size = 40
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0028
000a auth_len : 0000
000c call_id : 00000008
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000010
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 40
rpc_api_pipe: fragment first and last both set
000018 net_io_r_auth_2
000018 smb_io_chal
0018 data: 02 39 2f 55 e1 4e d1 94
000020 net_io_neg_flags
0020 neg_flags: 400701ff
0024 status: NT_STATUS_OK
cred_create
sess_key : 45D6BD1276CBC751
stor_cred: D23831E0B58C1CDA
timestamp: 0
timecred : D23831E0B58C1CDA
calc_cred: 02392F55E14ED194
cred_assert
challenge : 02392F55E14ED194
calculated: 02392F55E14ED194
credentials check ok
simple_packet_signature: sequence number 12
client_sign_outgoing_message: sent SMB signature of
[000] D3 A5 0F 56 1F 78 9B C3 ...V.x..
store_sequence_for_reply: stored seq = 13 mid = 8
write_socket(24,104)
write_socket(24,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=8
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 1024 (0x400)
smb_vwv[ 3]= 384 (0x180)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
get_sequence_for_reply: found seq = 13 mid = 8
simple_packet_signature: sequence number 13
client_check_incoming_message: seq 13: got good SMB signature of
[000] E8 B8 B7 4E F7 7B BD B9 ...N.{..
Bind RPC Pipe[8004]: \PIPE\lsarpc
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
[010] 00 00 00 00 ....
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[010] 02 00 00 00 ....
000000 smb_io_rpc_hdr_auth hdr_auth
0000 auth_type : 44
0001 auth_level : 05
0002 padding : 00
0003 reserved : 00
0004 auth_context : 00000001
000008 smb_io_rpc_auth_netsec_neg netsec_neg
0008 type1: 00000000
000c type2: 00000003
[000] 4E 4F 52 54 48 41 4D 45 52 49 43 41 NORTHAME RICA
[000] 53 4E 41 50 36 31 30 30 31 30 SNAP6100 10
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0b
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0070
000a auth_len : 0020
000c call_id : 00000009
000010 smb_io_rpc_hdr_rb
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 00000000
0018 num_elements: 00000001
001c context_id : 0000
001e num_syntaxes: 01
00001f smb_io_rpc_iface
000020 smb_io_uuid uuid
0020 data : 12345778
0024 data : 1234
0026 data : abcd
0028 data : ef 00
002a data : 01 23 45 67 89 ab
0030 version: 00000000
000034 smb_io_rpc_iface
000034 smb_io_uuid uuid
0034 data : 8a885d04
0038 data : 1ceb
003a data : 11c9
003c data : 9f e8
003e data : 08 00 2b 10 48 60
0044 version: 00000002
rpc_api_pipe: fnum:8004
size=194
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=9
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 112 (0x70)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 112 (0x70)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=32772 (0x8004)
smb_bcc=127
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 70 00 20 00 09 00 00 00 B8 .......p . ......
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x
[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 44 05 00 00 01 00 00 00 00 .H`....D ........
[060] 00 00 00 03 00 00 00 4E 4F 52 54 48 41 4D 45 52 .......N ORTHAMER
[070] 49 43 41 00 53 4E 41 50 36 31 30 30 31 30 00 ICA.SNAP 610010.
simple_packet_signature: sequence number 14
client_sign_outgoing_message: sent SMB signature of
[000] DE 1C 1E 59 3A EC F8 1E ...Y:...
store_sequence_for_reply: stored seq = 15 mid = 9
write_socket(24,198)
write_socket(24,198) wrote 198
get_sequence_for_reply: found seq = 15 mid = 9
cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num
= 16
got smb length of 144
size=144
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=9
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 88 (0x58)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 88 (0x58)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=89
[000] 70 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 p....... .X......
[010] 00 B8 10 B8 10 8A CE 00 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........
[050] 00 00 00 00 00 00 00 00 00 ........ .
simple_packet_signature: sequence number 15
client_check_incoming_message: seq 15: got good SMB signature of
[000] A8 5A 0F 9A 17 75 72 7C .Z...ur|
size=144
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=9
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 88 (0x58)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 88 (0x58)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=89
[000] 70 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 p....... .X......
[010] 00 B8 10 B8 10 8A CE 00 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 44 05 00 00 01 00 00 00 01 00 00 `....D.. ........
[050] 00 00 00 00 00 00 00 00 00 ........ .
cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num
= 16
rpc_check_hdr: rdata->data_size = 88
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 0c
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0058
000a auth_len : 000c
000c call_id : 00000009
rpc_api_pipe: len left: 0 smbtrans read: 88
rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal No
rpc_auth_pipe: packet:
000000 smb_io_rpc_hdr_auth auth_hdr
0000 auth_type : 44
0001 auth_level : 05
0002 padding : 00
0003 reserved : 00
0004 auth_context : 00000001
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba
000010 smb_io_rpc_hdr_bba
0010 max_tsize: 10b8
0012 max_rsize: 10b8
0014 assoc_gid: 0000ce8a
000018 smb_io_rpc_addr_str
0018 len: 000c
001a str: \PIPE\lsass.
000026 smb_io_rpc_results
0028 num_results: 01
002c result : 0000
002e reason : 0000
000030 smb_io_rpc_iface
000030 smb_io_uuid uuid
0030 data : 8a885d04
0034 data : 1ceb
0036 data : 11c9
0038 data : 9f e8
003a data : 08 00 2b 10 48 60
0040 version: 00000002
bind_rpc_pipe: accepted!
init_open_pol: attr:0 da:33554432
init_lsa_obj_attr
000000 lsa_io_q_open_pol
0000 ptr : 00000001
0004 system_name: 005c
000008 lsa_io_obj_attr
0008 len : 00000018
000c ptr_root_dir: 00000000
0010 ptr_obj_name: 00000000
0014 attributes : 00000000
0018 ptr_sec_desc: 00000000
001c ptr_sec_qos : 00000000
0020 des_access: 02000000
000028 smb_io_rpc_hdr_auth hdr_auth
0028 auth_type : 44
0029 auth_level : 05
002a padding : 04
002b reserved : 00
002c auth_context : 00000001
SCHANNEL seq_num=0
SCHANNEL: netsec_encode seq_num=0 data_len=40
000030 smb_io_rpc_auth_netsec_chk
0030 sig : 77 00 ff ff ff ff 00 00
0038 seq_num: 67 1f 4e a4 f0 71 2e 4c
0040 packet_digest: 66 02 4b 28 7b c4 49 87
0048 confounder: 63 fe 7d d0 4f 69 d2 a2
create_rpc_request: opnum: 0x6 data_len: 0x68
create_rpc_request: data_len: 68 auth_len: 20 alloc_hint: 30
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0068
000a auth_len : 0020
000c call_id : 0000000a
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000030
0014 context_id: 0000
0016 opnum : 0006
rpc_api_pipe: fnum:8004
size=186
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=10
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 104 (0x68)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 104 (0x68)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=32772 (0x8004)
smb_bcc=119
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 68 00 20 00 0A 00 00 00 30 .......h . .....0
[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\....
[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[040] 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 44 ........ .......D
[050] 05 04 00 01 00 00 00 77 00 FF FF FF FF 00 00 67 .......w .......g
[060] 1F 4E A4 F0 71 2E 4C 66 02 4B 28 7B C4 49 87 63 .N..q.Lf .K({.I.c
[070] FE 7D D0 4F 69 D2 A2 .}.Oi..
simple_packet_signature: sequence number 16
client_sign_outgoing_message: sent SMB signature of
[000] C9 5D F6 AB 01 31 AE 23 .]...1.#
store_sequence_for_reply: stored seq = 17 mid = 10
write_socket(24,190)
write_socket(24,190) wrote 190
get_sequence_for_reply: found seq = 17 mid = 10
cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16
data->send_seq_num = 18
got smb length of 152
size=152
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=10
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 96 (0x60)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 96 (0x60)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=97
[000] 68 05 00 02 03 10 00 00 00 60 00 20 00 0A 00 00 h....... .`. ....
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 FA 72 FB ........ ......r.
[020] 91 5B 67 B8 44 A3 19 A2 5D E0 BB BC D4 00 00 00 .[g.D... ].......
[030] 00 00 00 00 00 00 00 00 00 44 05 08 00 01 00 00 ........ .D......
[040] 00 77 00 FF FF FF FF 00 00 48 A5 2E CC 7D 39 30 .w...... .H...}90
[050] E6 77 CF A8 E7 7C 26 28 BE 00 00 00 00 00 00 00 .w...|&( ........
[060] 00 .
simple_packet_signature: sequence number 17
client_check_incoming_message: seq 17: got good SMB signature of
[000] BC F3 8D EE 94 11 9B E3 ........
size=152
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=10
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 96 (0x60)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 96 (0x60)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=97
[000] 68 05 00 02 03 10 00 00 00 60 00 20 00 0A 00 00 h....... .`. ....
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 FA 72 FB ........ ......r.
[020] 91 5B 67 B8 44 A3 19 A2 5D E0 BB BC D4 00 00 00 .[g.D... ].......
[030] 00 00 00 00 00 00 00 00 00 44 05 08 00 01 00 00 ........ .D......
[040] 00 77 00 FF FF FF FF 00 00 48 A5 2E CC 7D 39 30 .w...... .H...}90
[050] E6 77 CF A8 E7 7C 26 28 BE 00 00 00 00 00 00 00 .w...|&( ........
[060] 00 .
cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num
= 18
rpc_check_hdr: rdata->data_size = 96
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0060
000a auth_len : 0020
000c call_id : 0000000a
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000018
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 96
rpc_auth_pipe: pkt_type: 2 len: 96 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No
rpc_auth_pipe: packet:
000000 smb_io_rpc_hdr_auth auth_hdr
0000 auth_type : 44
0001 auth_level : 05
0002 padding : 08
0003 reserved : 00
0004 auth_context : 00000001
000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign
0008 sig : 77 00 ff ff ff ff 00 00
0010 seq_num: 48 a5 2e cc 7d 39 30 e6
0018 packet_digest: 77 cf a8 e7 7c 26 28 be
0020 confounder: 00 00 00 00 00 00 00 00
SCHANNEL: netsec_encode seq_num=1 data_len=32
SCHANNEL: netsec_decode seq_num=1 data_len=32
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_open_pol
000018 smb_io_pol_hnd
0018 data1: 00000000
001c data2: 91fb72fa
0020 data3: 675b
0022 data4: 44b8
0024 data5: a3 19 a2 5d e0 bb bc d4
002c status: NT_STATUS_OK
init_q_lookup_names
000000 lsa_io_q_lookup_names
000000 smb_io_pol_hnd
0000 data1: 00000000
0004 data2: 91fb72fa
0008 data3: 675b
000a data4: 44b8
000c data5: a3 19 a2 5d e0 bb bc d4
0014 num_entries : 00000001
0018 num_entries2 : 00000001
00001c smb_io_unihdr hdr_name
001c uni_str_len: 002a
001e uni_max_len: 002a
0020 buffer : 00000001
000024 smb_io_unistr2 dom_name
0024 uni_max_len: 00000015
0028 offset : 00000000
002c uni_str_len: 00000015
0030 buffer : N.O.R.T.H.A.M.E.R.I.C.A.\.n.a._.u.s.e.r.5.
005c num_trans_entries : 00000000
0060 ptr_trans_sids : 00000000
0064 lookup_level : 00000001
0068 mapped_count : 00000000
000070 smb_io_rpc_hdr_auth hdr_auth
0070 auth_type : 44
0071 auth_level : 05
0072 padding : 04
0073 reserved : 00
0074 auth_context : 00000001
SCHANNEL seq_num=2
SCHANNEL: netsec_encode seq_num=2 data_len=112
000078 smb_io_rpc_auth_netsec_chk
0078 sig : 77 00 ff ff ff ff 00 00
0080 seq_num: 38 28 7c a2 21 60 f0 33
0088 packet_digest: e4 4a ab 3e 6c 33 dc 99
0090 confounder: 11 74 dd a1 4f 0e 50 09
create_rpc_request: opnum: 0xe data_len: 0xb0
create_rpc_request: data_len: b0 auth_len: 20 alloc_hint: 78
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00b0
000a auth_len : 0020
000c call_id : 0000000b
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000078
0014 context_id: 0000
0016 opnum : 000e
rpc_api_pipe: fnum:8004
size=258
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=11
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 176 (0xB0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 176 (0xB0)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=32772 (0x8004)
smb_bcc=191
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 B0 00 20 00 0B 00 00 00 78 ........ . .....x
[020] 00 00 00 00 00 0E 00 00 00 00 00 FA 72 FB 91 5B ........ ....r..[
[030] 67 B8 44 A3 19 A2 5D E0 BB BC D4 01 00 00 00 01 g.D...]. ........
[040] 00 00 00 2A 00 2A 00 01 00 00 00 15 00 00 00 00 ...*.*.. ........
[050] 00 00 00 15 00 00 00 4E 00 4F 00 52 00 54 00 48 .......N .O.R.T.H
[060] 00 41 00 4D 00 45 00 52 00 49 00 43 00 41 00 5C .A.M.E.R .I.C.A.\
[070] 00 6E 00 61 00 5F 00 75 00 73 00 65 00 72 00 35 .n.a._.u .s.e.r.5
[080] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........
[090] 00 00 00 00 00 00 00 44 05 04 00 01 00 00 00 77 .......D .......w
[0A0] 00 FF FF FF FF 00 00 38 28 7C A2 21 60 F0 33 E4 .......8 (|.!`.3.
[0B0] 4A AB 3E 6C 33 DC 99 11 74 DD A1 4F 0E 50 09 J.>l3... t..O.P.
simple_packet_signature: sequence number 18
client_sign_outgoing_message: sent SMB signature of
[000] D9 BB 6E BF 71 CA 5D 81 ..n.q.].
store_sequence_for_reply: stored seq = 19 mid = 11
write_socket(24,262)
write_socket(24,262) wrote 262
get_sequence_for_reply: found seq = 19 mid = 11
cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18
data->send_seq_num = 20
got smb length of 248
size=248
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=11
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 192 (0xC0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 192 (0xC0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=193
[000] B0 05 00 02 03 10 00 00 00 C0 00 20 00 0B 00 00 ........ ... ....
[010] 00 80 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........
[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 18 00 1A ..... .. ........
[030] 00 08 00 02 00 0C 00 02 00 0D 00 00 00 00 00 00 ........ ........
[040] 00 0C 00 00 00 4E 00 4F 00 52 00 54 00 48 00 41 .....N.O .R.T.H.A
[050] 00 4D 00 45 00 52 00 49 00 43 00 41 00 04 00 00 .M.E.R.I .C.A....
[060] 00 01 04 00 00 00 00 00 05 15 00 00 00 84 E6 FC ........ ........
[070] A0 F4 CF 91 DA BB 6E B8 CE 01 00 00 00 10 00 02 ......n. ........
[080] 00 01 00 00 00 01 00 5D 6D 6E 04 00 00 00 00 00 .......] mn......
[090] 00 01 00 00 00 00 00 00 00 44 05 00 00 01 00 00 ........ .D......
[0A0] 00 77 00 FF FF FF FF 00 00 60 D3 92 B8 E0 C0 5A .w...... .`.....Z
[0B0] D7 BF C1 79 BD 95 C1 88 28 00 00 00 00 00 00 00 ...y.... (.......
[0C0] 00 .
simple_packet_signature: sequence number 19
client_check_incoming_message: seq 19: got good SMB signature of
[000] 3B 78 5A DB 6F 19 D6 C3 ;xZ.o...
size=248
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=28674
smb_pid=7014
smb_uid=6145
smb_mid=11
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 192 (0xC0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 192 (0xC0)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=193
[000] B0 05 00 02 03 10 00 00 00 C0 00 20 00 0B 00 00 ........ ... ....
[010] 00 80 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........
[020] 00 04 00 02 00 20 00 00 00 01 00 00 00 18 00 1A ..... .. ........
[030] 00 08 00 02 00 0C 00 02 00 0D 00 00 00 00 00 00 ........ ........
[040] 00 0C 00 00 00 4E 00 4F 00 52 00 54 00 48 00 41 .....N.O .R.T.H.A
[050] 00 4D 00 45 00 52 00 49 00 43 00 41 00 04 00 00 .M.E.R.I .C.A....
[060] 00 01 04 00 00 00 00 00 05 15 00 00 00 84 E6 FC ........ ........
[070] A0 F4 CF 91 DA BB 6E B8 CE 01 00 00 00 10 00 02 ......n. ........
[080] 00 01 00 00 00 01 00 5D 6D 6E 04 00 00 00 00 00 .......] mn......
[090] 00 01 00 00 00 00 00 00 00 44 05 00 00 01 00 00 ........ .D......
[0A0] 00 77 00 FF FF FF FF 00 00 60 D3 92 B8 E0 C0 5A .w...... .`.....Z
[0B0] D7 BF C1 79 BD 95 C1 88 28 00 00 00 00 00 00 00 ...y.... (.......
[0C0] 00 .
cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num
= 20
rpc_check_hdr: rdata->data_size = 192
000000 smb_io_rpc_hdr rpc_hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 00c0
000a auth_len : 0020
000c call_id : 0000000b
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
0010 alloc_hint: 00000080
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
rpc_api_pipe: len left: 0 smbtrans read: 192
rpc_auth_pipe: pkt_type: 2 len: 192 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal No
rpc_auth_pipe: packet:
000000 smb_io_rpc_hdr_auth auth_hdr
0000 auth_type : 44
0001 auth_level : 05
0002 padding : 00
0003 reserved : 00
0004 auth_context : 00000001
000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign
0008 sig : 77 00 ff ff ff ff 00 00
0010 seq_num: 60 d3 92 b8 e0 c0 5a d7
0018 packet_digest: bf c1 79 bd 95 c1 88 28
0020 confounder: 00 00 00 00 00 00 00 00
SCHANNEL: netsec_encode seq_num=3 data_len=128
SCHANNEL: netsec_decode seq_num=3 data_len=128
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_lookup_names
0018 ptr_dom_ref: 00020000
00001c lsa_io_dom_r_ref
001c num_ref_doms_1: 00000001
0020 ptr_ref_dom : 00020004
0024 max_entries : 00000020
0028 num_ref_doms_2: 00000001
00002c smb_io_unihdr dom_ref[0]
002c uni_str_len: 0018
002e uni_max_len: 001a
0030 buffer : 00020008
0034 sid_ptr[0] : 0002000c
000038 smb_io_unistr2 dom_ref[0]
0038 uni_max_len: 0000000d
003c offset : 00000000
0040 uni_str_len: 0000000c
0044 buffer : N.O.R.T.H.A.M.E.R.I.C.A.
00005c smb_io_dom_sid2 sid_ptr[0]
005c num_auths: 00000004
000060 smb_io_dom_sid sid
0060 sid_rev_num: 01
0061 num_auths : 04
0062 id_auth[0] : 00
0063 id_auth[1] : 00
0064 id_auth[2] : 00
0065 id_auth[3] : 00
0066 id_auth[4] : 00
0067 id_auth[5] : 05
0068 sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb
0078 num_entries: 00000001
007c ptr_entries: 00020010
0080 num_entries2: 00000001
000084 smb_io_dom_rid2
0084 type : 01
0088 rid : 0000046e
008c rid_idx: 00000000
0090 mapped_count: 00000001
0094 status : NT_STATUS_OK
wcache_save_name_to_sid: NA_USER5 ->
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
sid_to_name: [Cached] - doing backend query for info for domain NORTHAMERICA
ads: query_user
Current tickets expire at 1110264767
, time is now 1110228791
Search for
(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\84\E6\FC\A0\F4\CF\91\DA\BB\6E\B8\CE\6E\04\00\00)
gave 1 replies
ads query_user gave na_User5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
wcache_save_user: S-1-5-21-2700928644-3666989044-3468193467-1134 (acct_name na_User5)
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETGROUPS
[ 7119]: getgroups NORTHAMERICA\na_User5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
Adding gids from user SID: S-1-5-21-2700928644-3666989044-3468193467-1134
Adding local gids from SID: S-1-5-21-2700928644-3666989044-3468193467-1134
netsamlogon_cache_get: SID [S-1-5-21-2700928644-3666989044-3468193467-1134]
0000 timestamp: 422cbec0
000004 net_io_user_info3
0004 ptr_user_info : 00020004
000008 smb_io_time logon time
0008 low : 65df8720
000c high: 01c52357
000010 smb_io_time logoff time
0010 low : ffffffff
0014 high: 7fffffff
000018 smb_io_time kickoff time
0018 low : ffffffff
001c high: 7fffffff
000020 smb_io_time last set time
0020 low : 00000000
0024 high: 00000000
000028 smb_io_time can change time
0028 low : 2a69c000
002c high: 000000c9
000030 smb_io_time must change time
0030 low : ffffffff
0034 high: 7fffffff
000038 smb_io_unihdr hdr_user_name
0038 uni_str_len: 0010
003a uni_max_len: 0012
003c buffer : 00020008
000040 smb_io_unihdr hdr_full_name
0040 uni_str_len: 0000
0042 uni_max_len: 0000
0044 buffer : 00000000
000048 smb_io_unihdr hdr_logon_script
0048 uni_str_len: 0000
004a uni_max_len: 0000
004c buffer : 00000000
000050 smb_io_unihdr hdr_profile_path
0050 uni_str_len: 0000
0052 uni_max_len: 0000
0054 buffer : 00000000
000058 smb_io_unihdr hdr_home_dir
0058 uni_str_len: 0000
005a uni_max_len: 0000
005c buffer : 00000000
000060 smb_io_unihdr hdr_dir_drive
0060 uni_str_len: 0000
0062 uni_max_len: 0000
0064 buffer : 00000000
0068 logon_count : 0534
006a bad_pw_count : 0000
006c user_rid : 0000046e
0070 group_rid : 00000201
0074 num_groups : 00000002
0078 buffer_groups : 0002000c
007c user_flgs : 00000120
0080 user_sess_key: 8f fb 57 47 8e de c9 e2 0a 73 4c 22 ce b2 f1 98
000090 smb_io_unihdr hdr_logon_srv
0090 uni_str_len: 001c
0092 uni_max_len: 001e
0094 buffer : 00020010
000098 smb_io_unihdr hdr_logon_dom
0098 uni_str_len: 0018
009a uni_max_len: 001a
009c buffer : 00020014
00a0 buffer_dom_id : 00020018
00a4 padding : 00 00 00 00 00 00 00 00 2e 8f ae 4d 08 2d b7 3c 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00cc num_other_sids: 00000000
00d0 buffer_other_sids: 00000000
0000d4 smb_io_unistr2 uni_user_name
00d4 uni_max_len: 00000009
00d8 offset : 00000000
00dc uni_str_len: 00000008
00e0 buffer : n.a._.U.s.e.r.5.
0000f0 smb_io_unistr2 - NULL uni_full_name
0000f0 smb_io_unistr2 - NULL uni_logon_script
0000f0 smb_io_unistr2 - NULL uni_profile_path
0000f0 smb_io_unistr2 - NULL uni_home_dir
0000f0 smb_io_unistr2 - NULL uni_dir_drive
00f0 num_groups2 : 00000002
0000f4 smb_io_gid
00f4 g_rid: 00000201
00f8 attr : 00000007
0000fc smb_io_gid
00fc g_rid: 000023b8
0100 attr : 00000007
000104 smb_io_unistr2 uni_logon_srv
0104 uni_max_len: 0000000f
0108 offset : 00000000
010c uni_str_len: 0000000e
0110 buffer : N.O.R.T.H.A.M.E.R.I.C.A.D.C.
00012c smb_io_unistr2 uni_logon_dom
012c uni_max_len: 0000000d
0130 offset : 00000000
0134 uni_str_len: 0000000c
0138 buffer : N.O.R.T.H.A.M.E.R.I.C.A.
000150 smb_io_dom_sid2
0150 num_auths: 00000004
000154 smb_io_dom_sid sid
0154 sid_rev_num: 01
0155 num_auths : 04
0156 id_auth[0] : 00
0157 id_auth[1] : 00
0158 id_auth[2] : 00
0159 id_auth[3] : 00
015a id_auth[4] : 00
015b id_auth[5] : 05
015c sub_auths : 00000015 a0fce684 da91cff4 ceb86ebb
winbindd_getgroups: info3 has 2 groups, 0 other sids
Adding gids from group SID: S-1-5-21-2700928644-3666989044-3468193467-513
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
Adding local gids from SID: S-1-5-21-2700928644-3666989044-3468193467-513
Adding gids from group SID: S-1-5-21-2700928644-3666989044-3468193467-9144
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-9144]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-9144 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041
internal_get_id_from_sid: ID_GROUPID fetching record
S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041
internal_get_sid_from_id: fetching record GID 34041
internal_get_sid_from_id: fetching record GID 34041 ->
S-1-5-21-2700928644-3666989044-3468193467-9144
idmap_sid_to_gid: gid = [34041]
Adding local gids from SID: S-1-5-21-2700928644-3666989044-3468193467-9144
remove_duplicate_gids: Enter 2 gids
remove_duplicate_gids: Exit 2 gids
client_write: wrote 1300 bytes.
client_write: need to write 8 extra data bytes.
client_write: wrote 8 bytes.
client_write: client_write: complete response written.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GID_TO_SID
[ 7119]: gid to sid 20001
idmap_gid_to_sid: gid = [20001]
db_get_sid_from_id: id_type_in = 0x2
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GID_TO_SID
[ 7119]: gid to sid 34041
idmap_gid_to_sid: gid = [34041]
db_get_sid_from_id: id_type_in = 0x2
internal_get_sid_from_id: fetching record GID 34041
internal_get_sid_from_id: fetching record GID 34041 ->
S-1-5-21-2700928644-3666989044-3468193467-9144
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-9144 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041
internal_get_id_from_sid: ID_GROUPID fetching record
S-1-5-21-2700928644-3666989044-3468193467-9144 -> GID 34041
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
client_read: read 1824 bytes. Need 0 more for a full request.
process_request: request fn GETPWNAM
[ 7119]: getpwnam northamerica\na_user5
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA is good.
wcache_fetch: returning entry NS/NORTHAMERICA/NA_USER5 for domain NORTHAMERICA
name_to_sid: [Cached] - cached name for domain NORTHAMERICA status Success
refresh_sequence_number: NORTHAMERICA time ok
refresh_sequence_number: NORTHAMERICA seq number is now 628919
centry_expired: Key U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain NORTHAMERICA is
good.
wcache_fetch: returning entry U/S-1-5-21-2700928644-3666989044-3468193467-1134 for domain
NORTHAMERICA
query_user: [Cached] - cached info for domain NORTHAMERICA status Success
idmap_sid_to_uid: sid = [S-1-5-21-2700928644-3666989044-3468193467-1134]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-1134 of type
0x1
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-1134 -> UID 34047
internal_get_id_from_sid: ID_USERID fetching record S-1-5-21-2700928644-3666989044-3468193467-1134
-> UID 34047
internal_get_sid_from_id: fetching record UID 34047
internal_get_sid_from_id: fetching record UID 34047 ->
S-1-5-21-2700928644-3666989044-3468193467-1134
idmap_sid_to_uid: uid = [34047]
sid_to_gid: sid = [S-1-5-21-2700928644-3666989044-3468193467-513]
db_get_id_from_sid
internal_get_id_from_sid: fetching record S-1-5-21-2700928644-3666989044-3468193467-513 of type
0x2
internal_get_id_from_sid: record S-1-5-21-2700928644-3666989044-3468193467-513 -> GID 20001
internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-2700928644-3666989044-3468193467-513
-> GID 20001
internal_get_sid_from_id: fetching record GID 20001
internal_get_sid_from_id: fetching record GID 20001 ->
S-1-5-21-2700928644-3666989044-3468193467-513
idmap_sid_to_gid: gid = [20001]
client_write: wrote 1300 bytes.
=====
------------------------------
Ravi Wijayaratne
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
More information about the samba-technical
mailing list