[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
Rowland penny
rpenny at samba.org
Mon Jul 18 07:57:07 UTC 2016
On 18/07/16 06:08, Russell Ault wrote:
> Hi all!
>
> To clarify, it must have been removed from the copy-pasta, but “net ads join -U” did produce a password prompt as expected.
>
> The dig command produced the following:
>
> root at host:~$ dig -t SRV _ldap._tcp.domain.local
>
> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;_ldap._tcp.domain.local. IN SRV
>
> ;; ANSWER SECTION:
> _ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-controller.domain.local.
>
> ;; ADDITIONAL SECTION:
> domain-controller.domain.local. 3600 IN A 192.168.0.34
>
> ;; Query time: 0 msec
> ;; SERVER: 192.168.0.34#53(192.168.0.34)
> ;; WHEN: Sun Jul 17 23:23:47 MDT 2016
> ;; MSG SIZE rcvd: 107
>
> And "kinit administrator" gave me a valid ticket according to klist.
>
> When I ran "net ads join -k" I got the same error: "Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." The -d10 output looks pretty much like the one I posted in my first e-mail message.
>
> Any thoughts? Is there something in my domain that could be misconfigured? What does "The object name is not found." even mean?
>
> Thanks!
>
> Sincerely,
>
> Russell Ault
>
> From: mathias dufresne [mailto:infractory at gmail.com]
> Sent: July 11, 2016 06:53
> To: Russell Ault
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The object name is not found."
>
> I found strange to not see password prompt right after your "net ads join" command. As you did used -U a password should have been asked, at least that's what I believe.
> Before joining AD your Linux must be well configured. DNS and Kerberos are the first points.
> DNS:
> dig -t SRV _ldap._tcp.<your>.<domain>.<tld>
> must work.
> Kerberos:
> kinit administartor
> must also work.
> Then once these commands worked you should have a valid kerberos ticket (generated during kinit). You can verify Kerbreos ticket status with "klist", if you have one valid you can retry net ads join using kerberos auth:
> net ads join -k
>
> 2016-07-10 8:32 GMT+02:00 Russell Ault <russell at auksnest.ca>:
> Hi all!
>
> I'm trying to join Debian Jessie to an existing AD domain as a member server (AD DC is Server 2012R2) to run it as a file server. I installed acl, samba, winbind, libnss-winbind, and krb5-user using APT, and configured /etc/samba/smb.conf according to the Samba wiki article.
>
> The error the join command is producing is " Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." which isn't an error message that appeared in any of my searching, so I'm pretty stumped. I've attached my smb.conf and -d10 command output. Any thoughts?
>
> Thanks!
>
> Sincerely,
>
> Russell Ault
>
>
> Here is my (sanitized) smb.conf:
>
> [global]
> netbios name = HOSTNAME
> security = ADS
> workgroup = DOMAIN
> realm = DOMAIN.LOCAL
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
>
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000-99999
>
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /home/%U
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> [storage]
> path = /path
> read only = no
> admin users = "@DOMAIN\Domain Admins"
>
>
> Here's the (sanitized) output of trying to join the domain:
> root at hostname:~# net ads join -U administrator -d10
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> lp_load_ex: refreshing parameters
> Initialising global parameters
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> Processing section "[global]"
> doing parameter netbios name = HOSTNAME
> doing parameter security = ADS
> doing parameter workgroup = DOMAIN
> doing parameter realm = DOMAIN.LOCAL
> doing parameter idmap config *:backend = tdb
> doing parameter idmap config *:range = 2000-9999
> doing parameter idmap config DOMAIN:backend = ad
> doing parameter idmap config DOMAIN:schema_mode = rfc2307
> doing parameter idmap config DOMAIN:range = 10000-99999
> doing parameter winbind nss info = template
> doing parameter template shell = /bin/bash
> doing parameter template homedir = /home/%U
> doing parameter vfs objects = acl_xattr
> doing parameter map acl inherit = yes
> doing parameter store dos attributes = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> Netbios name list:-
> my_netbios_names[0]="HOSTNAME"
> added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> Enter administrator's password:
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'HOSTNAME'
> domain_name : *
> domain_name : 'DOMAIN.LOCAL'
> account_ou : NULL
> admin_account : 'administrator'
> admin_domain : NULL
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> use_kerberos : 0x00 (0)
> secure_channel_type : SEC_CHAN_WKSTA (2)
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
> dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40001011
> debug_dsdcinfo_flags: 0x40001011
> DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
> dsgetdcname_rediscover
> ads_dns_lookup_srv: 1 records returned in the answer section.
> ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 389]
> LDAP ping to domain-controller.domain.local (192.168.0.34)
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x0000f3fd (62461)
> 1: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 1: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 1: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
> forest : 'domain.local'
> dns_domain : 'domain.local'
> pdc_dns_name : 'domain-controller.domain.local'
> domain_name : 'DOMAIN'
> pdc_name : 'DOMAIN-CONTROLLER'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
> Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it
> sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name], expire = [2085923199]
> Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it
> Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got it
> sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2085923199]
> Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got it
> sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
> internal_resolve_name: looking up domain-controller.domain.local#20 (sitename Default-First-Site-Name)
> Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the past)
> no entry for domain-controller.domain.local#20 found.
> resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> resolve_hosts: Attempting host lookup for name domain-controller.domain.local<0x20>
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> namecache_store: storing 1 address for domain-controller.domain.local#20: 192.168.0.34
> Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead)
> internal_resolve_name: returning 1 addresses: 192.168.0.34:0
> Connecting to 192.168.0.34 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 87040
> SO_RCVBUF = 372480
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> Doing spnego session setup (blob length=120)
> got OID=1.3.6.1.4.1.311.2.2.30
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.2.840.113554.1.2.2.3
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism ntlmssp
> negotiate: struct NEGOTIATE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmNegotiate (1)
> NegotiateFlags : 0x62088215 (1644724757)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 0: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> 1: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> DomainNameLen : 0x0000 (0)
> DomainNameMaxLen : 0x0000 (0)
> DomainName : *
> DomainName : ''
> WorkstationLen : 0x0000 (0)
> WorkstationMaxLen : 0x0000 (0)
> Workstation : *
> Workstation : ''
> Version: struct ntlmssp_VERSION
> ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
> ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
> ProductBuild : 0x0000 (0)
> Reserved: ARRAY(3)
> [0] : 0x00 (0)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> ntlmssp_check_packet: NTLMSSP signature OK !
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> signed SMB2 message
> signed SMB2 message
> cli_init_creds: user administrator domain
> signed SMB2 message
> Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_BIND (11)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0048 (72)
> auth_length : 0x0000 (0)
> call_id : 0x00000001 (1)
> u : union dcerpc_payload(case 11)
> bind: struct dcerpc_bind
> max_xmit_frag : 0x10b8 (4280)
> max_recv_frag : 0x10b8 (4280)
> assoc_group_id : 0x00000000 (0)
> num_contexts : 0x01 (1)
> ctx_list: ARRAY(1)
> ctx_list: struct dcerpc_ctx_list
> context_id : 0x0000 (0)
> num_transfer_syntaxes : 0x01 (1)
> abstract_syntax: struct ndr_syntax_id
> uuid : 12345778-1234-abcd-ef00-0123456789ab
> if_version : 0x00000000 (0)
> transfer_syntaxes: ARRAY(1)
> transfer_syntaxes: struct ndr_syntax_id
> uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
> if_version : 0x00000002 (2)
> auth_info : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 52
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_BIND_ACK (12)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0044 (68)
> auth_length : 0x0000 (0)
> call_id : 0x00000001 (1)
> u : union dcerpc_payload(case 12)
> bind_ack: struct dcerpc_bind_ack
> max_xmit_frag : 0x10b8 (4280)
> max_recv_frag : 0x10b8 (4280)
> assoc_group_id : 0x0012e7d2 (1238994)
> secondary_address_size : 0x000c (12)
> secondary_address : '\pipe\lsass'
> _pad1 : DATA_BLOB length=2
> [0000] 00 00 ..
> num_results : 0x01 (1)
> ctx_list: ARRAY(1)
> ctx_list: struct dcerpc_ack_ctx
> result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
> reason : union dcerpc_bind_ack_reason(case 0)
> value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
> syntax: struct ndr_syntax_id
> uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
> if_version : 0x00000002 (2)
> auth_info : DATA_BLOB length=0
> rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
> check_bind_response: accepted!
> cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-controller.domain.local and bound anonymously.
> lsa_OpenPolicy: struct lsa_OpenPolicy
> in: struct lsa_OpenPolicy
> system_name : *
> system_name : 0x005c (92)
> attr : *
> attr: struct lsa_ObjectAttribute
> len : 0x00000018 (24)
> root_dir : NULL
> object_name : NULL
> attributes : 0x00000000 (0)
> sec_desc : NULL
> sec_qos : *
> sec_qos: struct lsa_QosInfo
> len : 0x0000000c (12)
> impersonation_level : 0x0002 (2)
> context_mode : 0x01 (1)
> effective_only : 0x00 (0)
> access_mask : 0x02000000 (33554432)
> 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
> 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
> 0: LSA_POLICY_GET_PRIVATE_INFORMATION
> 0: LSA_POLICY_TRUST_ADMIN
> 0: LSA_POLICY_CREATE_ACCOUNT
> 0: LSA_POLICY_CREATE_SECRET
> 0: LSA_POLICY_CREATE_PRIVILEGE
> 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
> 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
> 0: LSA_POLICY_AUDIT_LOG_ADMIN
> 0: LSA_POLICY_SERVER_ADMIN
> 0: LSA_POLICY_LOOKUP_NAMES
> 0: LSA_POLICY_NOTIFICATION
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000002 (2)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x0000002c (44)
> context_id : 0x0000 (0)
> opnum : 0x0006 (6)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 32
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0030 (48)
> auth_length : 0x0000 (0)
> call_id : 0x00000002 (2)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000018 (24)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=24
> [0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u. 3.. at ...]
> [0010] 01 EA 3F 01 00 00 00 00 ..?.....
> Got pdu len 48, data_len 24
> rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> lsa_OpenPolicy: struct lsa_OpenPolicy
> out: struct lsa_OpenPolicy
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
> result : NT_STATUS_OK
> lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> in: struct lsa_QueryInfoPolicy2
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
> level : LSA_POLICY_INFO_DNS (12)
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000003 (3)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x00000016 (22)
> context_id : 0x0000 (0)
> opnum : 0x002e (46)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 176
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x00c0 (192)
> auth_length : 0x0000 (0)
> call_id : 0x00000003 (3)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x000000a8 (168)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=168
>
> <redacted>
>
> Got pdu len 192, data_len 168
> rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 168 bytes.
> lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> out: struct lsa_QueryInfoPolicy2
> info : *
> info : *
> info : union lsa_PolicyInformation(case 12)
> dns: struct lsa_DnsDomainInfo
> name: struct lsa_StringLarge
> length : 0x0006 (6)
> size : 0x0008 (8)
> string : *
> string : 'DOMAIN'
> dns_domain: struct lsa_StringLarge
> length : 0x0012 (18)
> size : 0x0014 (20)
> string : *
> string : 'domain.local'
> dns_forest: struct lsa_StringLarge
> length : 0x0012 (18)
> size : 0x0014 (20)
> string : *
> string : 'domain.local'
> domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470
> sid : *
> sid : S-1-5-21-<redacted>-<redacted>-<redacted>
> result : NT_STATUS_OK
> lsa_Close: struct lsa_Close
> in: struct lsa_Close
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000004 (4)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x00000014 (20)
> context_id : 0x0000 (0)
> opnum : 0x0000 (0)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 32
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0030 (48)
> auth_length : 0x0000 (0)
> call_id : 0x00000004 (4)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000018 (24)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=24
> [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
> [0010] 00 00 00 00 00 00 00 00 ........
> Got pdu len 48, data_len 24
> rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> lsa_Close: struct lsa_Close
> out: struct lsa_Close
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 00000000-0000-0000-0000-000000000000
> result : NT_STATUS_OK
> signed SMB2 message
> create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain = DOMAIN
> saf_fetch: failed to find server for "domain.local" domain
> get_dc_list: preferred server list: ", *"
> internal_resolve_name: looking up domain.local#1c (sitename (null))
> no entry for domain.local#1C found.
> resolve_ads: Attempting to resolve KDCs for domain.local using DNS
> ads_dns_lookup_srv: 1 records returned in the answer section.
> ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88]
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> internal_resolve_name: returning 1 addresses: 192.168.0.34:88
> Adding 1 DC's from auto lookup
> check_negative_conn_cache returning result 0 for domain domain.local server 192.168.0.34
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 1 ip addresses in an ordered list
> get_dc_list: 192.168.0.34:88
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x0000f3fd (62461)
> 1: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 1: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 1: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
> forest : 'domain.local'
> dns_domain : 'domain.local'
> pdc_dns_name : 'domain-controller.domain.local'
> domain_name : 'DOMAIN'
> pdc_name : 'DOMAIN-CONTROLLER'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
> get_kdc_ip_string: Returning kdc = 192.168.0.34
>
> create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list = kdc = 192.168.0.34
>
> signed SMB2 message
> Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_BIND (11)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0048 (72)
> auth_length : 0x0000 (0)
> call_id : 0x00000005 (5)
> u : union dcerpc_payload(case 11)
> bind: struct dcerpc_bind
> max_xmit_frag : 0x10b8 (4280)
> max_recv_frag : 0x10b8 (4280)
> assoc_group_id : 0x00000000 (0)
> num_contexts : 0x01 (1)
> ctx_list: ARRAY(1)
> ctx_list: struct dcerpc_ctx_list
> context_id : 0x0000 (0)
> num_transfer_syntaxes : 0x01 (1)
> abstract_syntax: struct ndr_syntax_id
> uuid : 12345778-1234-abcd-ef00-0123456789ac
> if_version : 0x00000001 (1)
> transfer_syntaxes: ARRAY(1)
> transfer_syntaxes: struct ndr_syntax_id
> uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
> if_version : 0x00000002 (2)
> auth_info : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 52
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_BIND_ACK (12)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0044 (68)
> auth_length : 0x0000 (0)
> call_id : 0x00000005 (5)
> u : union dcerpc_payload(case 12)
> bind_ack: struct dcerpc_bind_ack
> max_xmit_frag : 0x10b8 (4280)
> max_recv_frag : 0x10b8 (4280)
> assoc_group_id : 0x0012e7d3 (1238995)
> secondary_address_size : 0x000c (12)
> secondary_address : '\pipe\lsass'
> _pad1 : DATA_BLOB length=2
> [0000] 02 00 ..
> num_results : 0x01 (1)
> ctx_list: ARRAY(1)
> ctx_list: struct dcerpc_ack_ctx
> result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
> reason : union dcerpc_bind_ack_reason(case 0)
> value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
> syntax: struct ndr_syntax_id
> uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
> if_version : 0x00000002 (2)
> auth_info : DATA_BLOB length=0
> rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
> check_bind_response: accepted!
> cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-controller.domain.local and bound anonymously.
> samr_Connect2: struct samr_Connect2
> in: struct samr_Connect2
> system_name : *
> system_name : 'domain-controller.domain.local'
> access_mask : 0x00000030 (48)
> 0: SAMR_ACCESS_CONNECT_TO_SERVER
> 0: SAMR_ACCESS_SHUTDOWN_SERVER
> 0: SAMR_ACCESS_INITIALIZE_SERVER
> 0: SAMR_ACCESS_CREATE_DOMAIN
> 1: SAMR_ACCESS_ENUM_DOMAINS
> 1: SAMR_ACCESS_LOOKUP_DOMAIN
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000006 (6)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x00000044 (68)
> context_id : 0x0000 (0)
> opnum : 0x0039 (57)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 32
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0030 (48)
> auth_length : 0x0000 (0)
> call_id : 0x00000006 (6)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000018 (24)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=24
> [0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y ...C.15.
> [0010] 6F DB 2D 8C 00 00 00 00 o.-.....
> Got pdu len 48, data_len 24
> rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> samr_Connect2: struct samr_Connect2
> out: struct samr_Connect2
> connect_handle : *
> connect_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : <redacted>
> result : NT_STATUS_OK
> samr_OpenDomain: struct samr_OpenDomain
> in: struct samr_OpenDomain
> connect_handle : *
> connect_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : <redacted>
> access_mask : 0x00000211 (529)
> 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
> 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
> 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
> 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
> 1: SAMR_DOMAIN_ACCESS_CREATE_USER
> 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
> 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
> 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
> 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
> 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
> 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
> sid : *
> sid : S-1-5-21-<redacted>-<redacted>-<redacted>
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000007 (7)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x00000034 (52)
> context_id : 0x0000 (0)
> opnum : 0x0007 (7)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 32
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0030 (48)
> auth_length : 0x0000 (0)
> call_id : 0x00000007 (7)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000018 (24)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=24
> [0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........ P..K.b~X
> [0010] ED BE BA 7D 00 00 00 00 ...}....
> Got pdu len 48, data_len 24
> rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> samr_OpenDomain: struct samr_OpenDomain
> out: struct samr_OpenDomain
> domain_handle : *
> domain_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : <redacted>
> result : NT_STATUS_OK
> Creating account with desired access mask: -536543056
> samr_CreateUser2: struct samr_CreateUser2
> in: struct samr_CreateUser2
> domain_handle : *
> domain_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : <redacted>
> account_name : *
> account_name: struct lsa_String
> length : 0x001c (28)
> size : 0x001c (28)
> string : *
> string : 'hostname$'
> acct_flags : 0x00000080 (128)
> 0: ACB_DISABLED
> 0: ACB_HOMDIRREQ
> 0: ACB_PWNOTREQ
> 0: ACB_TEMPDUP
> 0: ACB_NORMAL
> 0: ACB_MNS
> 0: ACB_DOMTRUST
> 1: ACB_WSTRUST
> 0: ACB_SVRTRUST
> 0: ACB_PWNOEXP
> 0: ACB_AUTOLOCK
> 0: ACB_ENC_TXT_PWD_ALLOWED
> 0: ACB_SMARTCARD_REQUIRED
> 0: ACB_TRUSTED_FOR_DELEGATION
> 0: ACB_NOT_DELEGATED
> 0: ACB_USE_DES_KEY_ONLY
> 0: ACB_DONT_REQUIRE_PREAUTH
> 0: ACB_PW_EXPIRED
> 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
> 0: ACB_NO_AUTH_DATA_REQD
> 0: ACB_PARTIAL_SECRETS_ACCOUNT
> 0: ACB_USE_AES_KEYS
> access_mask : 0xe00500b0 (3758424240)
> 0: SAMR_USER_ACCESS_GET_NAME_ETC
> 0: SAMR_USER_ACCESS_GET_LOCALE
> 0: SAMR_USER_ACCESS_SET_LOC_COM
> 0: SAMR_USER_ACCESS_GET_LOGONINFO
> 1: SAMR_USER_ACCESS_GET_ATTRIBUTES
> 1: SAMR_USER_ACCESS_SET_ATTRIBUTES
> 0: SAMR_USER_ACCESS_CHANGE_PASSWORD
> 1: SAMR_USER_ACCESS_SET_PASSWORD
> 0: SAMR_USER_ACCESS_GET_GROUPS
> 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
> 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000008 (8)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x0000004c (76)
> context_id : 0x0000 (0)
> opnum : 0x0032 (50)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 40
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0038 (56)
> auth_length : 0x0000 (0)
> call_id : 0x00000008 (8)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000020 (32)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=32
> [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
> [0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........ d...4...
> Got pdu len 56, data_len 32
> rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 32 bytes.
> samr_CreateUser2: struct samr_CreateUser2
> out: struct samr_CreateUser2
> user_handle : *
> user_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 00000000-0000-0000-0000-000000000000
> access_granted : *
> access_granted : 0x00000000 (0)
> rid : *
> rid : 0x00000664 (1636)
> result : NT_STATUS_OBJECT_NAME_NOT_FOUND
> Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> samr_Close: struct samr_Close
> in: struct samr_Close
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : <redacted>
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x00000009 (9)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x00000014 (20)
> context_id : 0x0000 (0)
> opnum : 0x0001 (1)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 32
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0030 (48)
> auth_length : 0x0000 (0)
> call_id : 0x00000009 (9)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000018 (24)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=24
> [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
> [0010] 00 00 00 00 00 00 00 00 ........
> Got pdu len 48, data_len 24
> rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> samr_Close: struct samr_Close
> out: struct samr_Close
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 00000000-0000-0000-0000-000000000000
> result : NT_STATUS_OK
> samr_Close: struct samr_Close
> in: struct samr_Close
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : <redacted>
> &r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_REQUEST (0)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0018 (24)
> auth_length : 0x0000 (0)
> call_id : 0x0000000a (10)
> u : union dcerpc_payload(case 0)
> request: struct dcerpc_request
> alloc_hint : 0x00000014 (20)
> context_id : 0x0000 (0)
> opnum : 0x0001 (1)
> object : union dcerpc_object(case 0)
> empty: struct dcerpc_empty
> _pad : DATA_BLOB length=0
> stub_and_verifier : DATA_BLOB length=0
> rpc_api_pipe: host domain-controller.domain.local
> signed SMB2 message
> rpc_read_send: data_to_read: 32
> r: struct ncacn_packet
> rpc_vers : 0x05 (5)
> rpc_vers_minor : 0x00 (0)
> ptype : DCERPC_PKT_RESPONSE (2)
> pfc_flags : 0x03 (3)
> 1: DCERPC_PFC_FLAG_FIRST
> 1: DCERPC_PFC_FLAG_LAST
> 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> 0: DCERPC_PFC_FLAG_CONC_MPX
> 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> 0: DCERPC_PFC_FLAG_MAYBE
> 0: DCERPC_PFC_FLAG_OBJECT_UUID
> drep: ARRAY(4)
> [0] : 0x10 (16)
> [1] : 0x00 (0)
> [2] : 0x00 (0)
> [3] : 0x00 (0)
> frag_length : 0x0030 (48)
> auth_length : 0x0000 (0)
> call_id : 0x0000000a (10)
> u : union dcerpc_payload(case 2)
> response: struct dcerpc_response
> alloc_hint : 0x00000018 (24)
> context_id : 0x0000 (0)
> cancel_count : 0x00 (0)
> _pad : DATA_BLOB length=1
> [0000] 00 .
> stub_and_verifier : DATA_BLOB length=24
> [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
> [0010] 00 00 00 00 00 00 00 00 ........
> Got pdu len 48, data_len 24
> rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> samr_Close: struct samr_Close
> out: struct samr_Close
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 00000000-0000-0000-0000-000000000000
> result : NT_STATUS_OK
> signed SMB2 message
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : 'DOMAIN'
> dns_domain_name : 'domain.local'
> forest_name : 'domain.local'
> dn : NULL
> domain_sid : *
> domain_sid : S-1-5-21-<redacted>-<redacted>-<redacted>
> modified_config : 0x00 (0)
> error_string : 'failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.'
> domain_is_ad : 0x01 (1)
> result : WERR_BADFILE
> Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.
> return code = -1
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Have you set up /etc/krb5.conf and if so, what does it contain ?
Does your /etc/resolv.conf point at the DC ?
Rowland
More information about the samba
mailing list