OK. In a different test box, I am able to view the netr_LogonSamLogonEx
response in winbindd.log. Not sure, I was unable to see in the box that I
was working earlier.
Here is the data that I am seeing in winbindd.log after running command
"wbinfo -a usera%password".
[2014/06/09 07:05:33.007821, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
netr_LogonSamLogonEx: struct netr_LogonSamLogonEx
out: struct netr_LogonSamLogonEx
validation : *
validation : union netr_Validation(case 6)
sam6 : *
sam6: struct netr_SamInfo6
base: struct netr_SamBaseInfo
last_logon : Thu Jun 5
11:07:31 2014 PDT
last_logoff : Mon Jan 18
19:14:07 2038 PST
acct_expiry : Mon Jan 18
19:14:07 2038 PST
last_password_change : Fri Sep 13
14:39:34 2013 PDT
allow_password_change : Fri Sep 13
14:39:34 2013 PDT
force_password_change : Mon Jan 18
19:14:07 2038 PST
account_name: struct lsa_String
length : 0x000a (10)
size : 0x000c (12)
string : *
string : 'usera'
full_name: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
logon_script: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
profile_path: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
home_directory: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
home_drive: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
logon_count : 0xffff (65535)
bad_password_count : 0x0000 (0)
rid : 0x00000456 (1110)
primary_gid : 0x00000201 (513)
groups: struct samr_RidWithAttributeArray
count : 0x00000005 (5)
rids : *
rids: ARRAY(5)
rids: struct samr_RidWithAttribute
rid :
0x00000938 (2360)
attributes :
0x00000007 (7)
1: SE_GROUP_MANDATORY
1:
SE_GROUP_ENABLED_BY_DEFAULT
1: SE_GROUP_ENABLED
0: SE_GROUP_OWNER
0:
SE_GROUP_USE_FOR_DENY_ONLY
0: SE_GROUP_RESOURCE
0x00: SE_GROUP_LOGON_ID
(0)
rids: struct samr_RidWithAttribute
rid :
0x00000201 (513)
attributes :
0x00000007 (7)
1: SE_GROUP_MANDATORY
1:
SE_GROUP_ENABLED_BY_DEFAULT
1: SE_GROUP_ENABLED
0: SE_GROUP_OWNER
0:
SE_GROUP_USE_FOR_DENY_ONLY
0: SE_GROUP_RESOURCE
0x00: SE_GROUP_LOGON_ID
(0)
rids: struct samr_RidWithAttribute
rid :
0x00000937 (2359)
attributes :
0x00000007 (7)
1: SE_GROUP_MANDATORY
1:
SE_GROUP_ENABLED_BY_DEFAULT
1: SE_GROUP_ENABLED
0: SE_GROUP_OWNER
0:
SE_GROUP_USE_FOR_DENY_ONLY
0: SE_GROUP_RESOURCE
0x00: SE_GROUP_LOGON_ID
(0)
rids: struct samr_RidWithAttribute
rid :
0x00000936 (2358)
attributes :
0x00000007 (7)
1: SE_GROUP_MANDATORY
1:
SE_GROUP_ENABLED_BY_DEFAULT
1: SE_GROUP_ENABLED
0: SE_GROUP_OWNER
0:
SE_GROUP_USE_FOR_DENY_ONLY
0: SE_GROUP_RESOURCE
0x00: SE_GROUP_LOGON_ID
(0)
rids: struct samr_RidWithAttribute
rid :
0x00000935 (2357)
attributes :
0x00000007 (7)
1: SE_GROUP_MANDATORY
1:
SE_GROUP_ENABLED_BY_DEFAULT
1: SE_GROUP_ENABLED
0: SE_GROUP_OWNER
0:
SE_GROUP_USE_FOR_DENY_ONLY
0: SE_GROUP_RESOURCE
0x00: SE_GROUP_LOGON_ID
(0)
user_flags : 0x00000920 (2336)
0: NETLOGON_GUEST
0: NETLOGON_NOENCRYPTION
0: NETLOGON_CACHED_ACCOUNT
0: NETLOGON_USED_LM_PASSWORD
1: NETLOGON_EXTRA_SIDS
0: NETLOGON_SUBAUTH_SESSION_KEY
0: NETLOGON_SERVER_TRUST_ACCOUNT
1: NETLOGON_NTLMV2_ENABLED
0: NETLOGON_RESOURCE_GROUPS
0: NETLOGON_PROFILE_PATH_RETURNED
0: NETLOGON_GRACE_LOGON
key: struct netr_UserSessionKey
key :
c73132f40b086cb5640f5931f4121d03
logon_server: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'Dc1'
domain: struct lsa_StringLarge
length : 0x0008 (8)
size : 0x000a (10)
string : *
string : 'DOM1'
domain_sid : *
domain_sid :
S-1-5-21-1990026935-2596783597-541854901
LMSessKey: struct netr_LMSessionKey
key :
c73132f40b086cb5
acct_flags : 0x00000210 (528)
0: ACB_DISABLED
0: ACB_HOMDIRREQ
0: ACB_PWNOTREQ
0: ACB_TEMPDUP
1: ACB_NORMAL
0: ACB_MNS
0: ACB_DOMTRUST
0: ACB_WSTRUST
0: ACB_SVRTRUST
1: ACB_PWNOEXP
0: ACB_AUTOLOCK
0: ACB_ENC_TXT_PWD_ALLOWED
0: ACB_SMARTCARD_REQUIRED
0: ACB_TRUSTED_FOR_DELEGATION
0: ACB_NOT_DELEGATED
0: ACB_USE_DES_KEY_ONLY
0: ACB_DONT_REQUIRE_PREAUTH
0: ACB_PW_EXPIRED
0:
ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
0: ACB_NO_AUTH_DATA_REQD
0: ACB_PARTIAL_SECRETS_ACCOUNT
0: ACB_USE_AES_KEYS
unknown: ARRAY(7)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
sidcount : 0x00000000 (0)
sids : NULL
dns_domainname: struct lsa_String
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'dom1.com'
principle: struct lsa_String
length : 0x001c (28)
size : 0x001c (28)
string : *
string : 'usera at dom1.com
'
unknown4: ARRAY(20)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
unknown4 : 0x00000000 (0)
authoritative : *
authoritative : 0x01 (1)
flags : *
flags : 0x00000000 (0)
result : NT_STATUS_OK
I am able to list these group SID information with "winfo -r" command as
well.
# wbinfo -r usera | xargs -L1 wbinfo -G
S-1-5-21-1990026935-2596783597-541854901-513
S-1-5-21-1990026935-2596783597-541854901-2360
S-1-5-21-1990026935-2596783597-541854901-2359
S-1-5-21-1990026935-2596783597-541854901-2358
S-1-5-21-1990026935-2596783597-541854901-2357
S-1-5-32-545
This is what I was looking for. Will check with customer about this
information.
Thanks Volker and Richard for the help.
Thanks,
Hemanth.
On Mon, Jun 9, 2014 at 7:26 PM, Richard Sharpe <realrichardsharpe at gmail.com>
wrote:
> On Mon, Jun 9, 2014 at 6:28 AM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
> > On Mon, Jun 9, 2014 at 12:49 AM, Hemanth Thummala
> > <hemanth.thummala at gmail.com> wrote:
> >> I haven't found the corresponding log messages in either log.wb-* or
> smbd
> >> logs.
> >
> > Then possibly it is not going through that path ... what was the
> > message that Volker said should be printed? Is it in the source?
>
> Hmmm, in libsmb/samlogon_cache.c in the 3.6.x sources I have I find things
> like:
>
> DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
>
> >> In dcerpc_binding_handle_call_send() , I found this..
> >>
> >> if (h->ops->do_ndr_print) {
> >> h->ops->do_ndr_print(h, NDR_IN | NDR_SET_VALUES,
> >> state->r_ptr, state->call);
> >> }
> >>
> >> I think this is where we try to log the request contents. Same stuff is
> >> there in recv call as well. But the contents not getting printed any
> where.
> >> Also I found that dcerpc_bh_do_ndr_print() is defined in source4 path.
> I am
> >> not sure if this can be used in samba 3.6.12+ stack. If not then there
> >> could definitely be some problem in printing these request and
> responses.
> >>
> >> Also I would like to know if there is a way to disable the encryption in
> >> DCE-RPC communication, so that we can check the content from packet
> capture
> >> it self.
> >
> > It a secure channel connection. The DC will likely not talk to you if
> > you do not negotiate encryption.
> >
> > --
> > Regards,
> > Richard Sharpe
> > (何以解憂?唯有杜康。--曹操)
>
>
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
>