[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
Russell Ault
russell at auksnest.ca
Tue Jul 19 05:04:34 UTC 2016
Hi all!
I had originally been using a DHCP-assigned address. I have now switched to a static IP, but that didn't solve the problem (same error message).
I'm attaching my resolv.conf, nsswitch.conf and krb5.conf files. I have not manually altered either of them, although krb5.conf appears to have been updated by some tool somewhere along the way because my domain is listed as the default_realm. The output of "net ads join -UAdministrator -d10" was attached to my first e-mail (and at over 1000 lines long I don't want to litter people's inboxes with a second copy, to say nothing of the time it takes to sanitize that much output) and the output of the "-S domain-controller.domain.local" version of the command produces an apparently identical output, so I haven't included it either.
root at host:~# cat /etc/resolv.conf
domain my-domain.local
search my-domain.local
nameserver 192.168.0.34
root at host:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
root at host:~# cat /etc/krb5.conf
[libdefaults]
default_realm = MY-DOMAIN.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = kerberos.andrew.cmu.edu
kdc = kerberos2.andrew.cmu.edu
kdc = kerberos3.andrew.cmu.edu
admin_server = kerberos.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementix.org
kdc = kerberos2.dementix.org
admin_server = kerberos.dementix.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
master_kdc = krb5auth1.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
UTORONTO.CA = {
kdc = kerberos1.utoronto.ca
kdc = kerberos2.utoronto.ca
kdc = kerberos3.utoronto.ca
admin_server = kerberos1.utoronto.ca
default_domain = utoronto.ca
}
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
.toronto.edu = UTORONTO.CA
.utoronto.ca = UTORONTO.CA
[login]
krb4_convert = true
krb4_get_tickets = false
I agree that the join is reaching AD before failing, which is why I'm beginning to suspect that there's a configuration issue with the domain itself that is preventing the Samba join, but if there is such a problem, it hasn't caused any issues when joining Windows clients. Are there certain specific configuration requirements of a Windows Server-based AD that are required to join a Samba client? I've already given all my users (including the administrator user I'm using to try the net ads join command with) RFC2307 UID and GID numbers. Is there anything else I have to do?
Thanks!
Sincerely,
Russell Ault
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle
Sent: July 18, 2016 02:26
To: samba at lists.samba.org
Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The object name is not found."
I'll bet static ip, with correct resolv.conf hosts and nsswitch.conf and krb5.conf.
This must be the clue...
> Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
So the join reaches the AD but here something happens.
Russelt, can you try again with debug 10 and post both logs.
net ads join -UAdministrator
and
net ads join -UAdministratos -S YOUR_ADDC.domain.tld.
Or if i may say mail them to Rowland.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: maandag 18 juli 2016 9:57
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Debian Jessie joining AD as member fails with "The
> object name is not found."
>
> On 18/07/16 06:08, Russell Ault wrote:
> > Hi all!
> >
> > To clarify, it must have been removed from the copy-pasta, but “net ads
> join -U” did produce a password prompt as expected.
> >
> > The dig command produced the following:
> >
> > root at host:~$ dig -t SRV _ldap._tcp.domain.local
> >
> > ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4000
> > ;; QUESTION SECTION:
> > ;_ldap._tcp.domain.local. IN SRV
> >
> > ;; ANSWER SECTION:
> > _ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-
> controller.domain.local.
> >
> > ;; ADDITIONAL SECTION:
> > domain-controller.domain.local. 3600 IN A 192.168.0.34
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 192.168.0.34#53(192.168.0.34)
> > ;; WHEN: Sun Jul 17 23:23:47 MDT 2016
> > ;; MSG SIZE rcvd: 107
> >
> > And "kinit administrator" gave me a valid ticket according to klist.
> >
> > When I ran "net ads join -k" I got the same error: "Failed to join
> domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is
> not found." The -d10 output looks pretty much like the one I posted in my
> first e-mail message.
> >
> > Any thoughts? Is there something in my domain that could be
> misconfigured? What does "The object name is not found." even mean?
> >
> > Thanks!
> >
> > Sincerely,
> >
> > Russell Ault
> >
> > From: mathias dufresne [mailto:infractory at gmail.com]
> > Sent: July 11, 2016 06:53
> > To: Russell Ault
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The
> object name is not found."
> >
> > I found strange to not see password prompt right after your "net ads
> join" command. As you did used -U a password should have been asked, at
> least that's what I believe.
> > Before joining AD your Linux must be well configured. DNS and Kerberos
> are the first points.
> > DNS:
> > dig -t SRV _ldap._tcp.<your>.<domain>.<tld>
> > must work.
> > Kerberos:
> > kinit administartor
> > must also work.
> > Then once these commands worked you should have a valid kerberos ticket
> (generated during kinit). You can verify Kerbreos ticket status with
> "klist", if you have one valid you can retry net ads join using kerberos
> auth:
> > net ads join -k
> >
> > 2016-07-10 8:32 GMT+02:00 Russell Ault <russell at auksnest.ca>:
> > Hi all!
> >
> > I'm trying to join Debian Jessie to an existing AD domain as a member
> server (AD DC is Server 2012R2) to run it as a file server. I installed
> acl, samba, winbind, libnss-winbind, and krb5-user using APT, and
> configured /etc/samba/smb.conf according to the Samba wiki article.
> >
> > The error the join command is producing is " Failed to join domain:
> failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not
> found." which isn't an error message that appeared in any of my searching,
> so I'm pretty stumped. I've attached my smb.conf and -d10 command output.
> Any thoughts?
> >
> > Thanks!
> >
> > Sincerely,
> >
> > Russell Ault
> >
> >
> > Here is my (sanitized) smb.conf:
> >
> > [global]
> > netbios name = HOSTNAME
> > security = ADS
> > workgroup = DOMAIN
> > realm = DOMAIN.LOCAL
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 2000-9999
> >
> > idmap config DOMAIN:backend = ad
> > idmap config DOMAIN:schema_mode = rfc2307
> > idmap config DOMAIN:range = 10000-99999
> >
> > winbind nss info = template
> > template shell = /bin/bash
> > template homedir = /home/%U
> >
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > store dos attributes = yes
> >
> > [storage]
> > path = /path
> > read only = no
> > admin users = "@DOMAIN\Domain Admins"
> >
> >
> > Here's the (sanitized) output of trying to join the domain:
> > root at hostname:~# net ads join -U administrator -d10
> > INFO: Current debug levels:
> > all: 10
> > tdb: 10
> > printdrivers: 10
> > lanman: 10
> > smb: 10
> > rpc_parse: 10
> > rpc_srv: 10
> > rpc_cli: 10
> > passdb: 10
> > sam: 10
> > auth: 10
> > winbind: 10
> > vfs: 10
> > idmap: 10
> > quota: 10
> > acls: 10
> > locking: 10
> > msdfs: 10
> > dmapi: 10
> > registry: 10
> > scavenger: 10
> > dns: 10
> > ldb: 10
> > lp_load_ex: refreshing parameters
> > Initialising global parameters
> > INFO: Current debug levels:
> > all: 10
> > tdb: 10
> > printdrivers: 10
> > lanman: 10
> > smb: 10
> > rpc_parse: 10
> > rpc_srv: 10
> > rpc_cli: 10
> > passdb: 10
> > sam: 10
> > auth: 10
> > winbind: 10
> > vfs: 10
> > idmap: 10
> > quota: 10
> > acls: 10
> > locking: 10
> > msdfs: 10
> > dmapi: 10
> > registry: 10
> > scavenger: 10
> > dns: 10
> > ldb: 10
> > Processing section "[global]"
> > doing parameter netbios name = HOSTNAME
> > doing parameter security = ADS
> > doing parameter workgroup = DOMAIN
> > doing parameter realm = DOMAIN.LOCAL
> > doing parameter idmap config *:backend = tdb
> > doing parameter idmap config *:range = 2000-9999
> > doing parameter idmap config DOMAIN:backend = ad
> > doing parameter idmap config DOMAIN:schema_mode = rfc2307
> > doing parameter idmap config DOMAIN:range = 10000-99999
> > doing parameter winbind nss info = template
> > doing parameter template shell = /bin/bash
> > doing parameter template homedir = /home/%U
> > doing parameter vfs objects = acl_xattr
> > doing parameter map acl inherit = yes
> > doing parameter store dos attributes = yes
> > pm_process() returned Yes
> > lp_servicenumber: couldn't find homes
> > Netbios name list:-
> > my_netbios_names[0]="HOSTNAME"
> > added interface eth0 ip=192.168.0.37 bcast=192.168.0.255
> netmask=255.255.255.0
> > Registering messaging pointer for type 2 - private_data=(nil)
> > Registering messaging pointer for type 9 - private_data=(nil)
> > Registered MSG_REQ_POOL_USAGE
> > Registering messaging pointer for type 11 - private_data=(nil)
> > Registering messaging pointer for type 12 - private_data=(nil)
> > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > Registering messaging pointer for type 1 - private_data=(nil)
> > Registering messaging pointer for type 5 - private_data=(nil)
> > Enter administrator's password:
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > in: struct libnet_JoinCtx
> > dc_name : NULL
> > machine_name : 'HOSTNAME'
> > domain_name : *
> > domain_name : 'DOMAIN.LOCAL'
> > account_ou : NULL
> > admin_account : 'administrator'
> > admin_domain : NULL
> > machine_password : NULL
> > join_flags : 0x00000023 (35)
> > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> > os_version : NULL
> > os_name : NULL
> > create_upn : 0x00 (0)
> > upn : NULL
> > modify_config : 0x00 (0)
> > ads : NULL
> > debug : 0x01 (1)
> > use_kerberos : 0x00 (0)
> > secure_channel_type : SEC_CHAN_WKSTA (2)
> > Opening cache file at /var/cache/samba/gencache.tdb
> > Opening cache file at /var/run/samba/gencache_notrans.tdb
> > sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-
> Site-Name"
> > dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null),
> site_name: Default-First-Site-Name, flags: 0x40001011
> > debug_dsdcinfo_flags: 0x40001011
> > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED
> DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
> > dsgetdcname_rediscover
> > ads_dns_lookup_srv: 1 records returned in the answer section.
> > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100,
> 389]
> > LDAP ping to domain-controller.domain.local (192.168.0.34)
> > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> > command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> > sbz : 0x0000 (0)
> > server_type : 0x0000f3fd (62461)
> > 1: NBT_SERVER_PDC
> > 1: NBT_SERVER_GC
> > 1: NBT_SERVER_LDAP
> > 1: NBT_SERVER_DS
> > 1: NBT_SERVER_KDC
> > 1: NBT_SERVER_TIMESERV
> > 1: NBT_SERVER_CLOSEST
> > 1: NBT_SERVER_WRITABLE
> > 1: NBT_SERVER_GOOD_TIMESERV
> > 0: NBT_SERVER_NDNC
> > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> > 1: NBT_SERVER_ADS_WEB_SERVICE
> > 0: NBT_SERVER_HAS_DNS_NAME
> > 0: NBT_SERVER_IS_DEFAULT_NC
> > 0: NBT_SERVER_FOREST_ROOT
> > domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
> > forest : 'domain.local'
> > dns_domain : 'domain.local'
> > pdc_dns_name : 'domain-controller.domain.local'
> > domain_name : 'DOMAIN'
> > pdc_name : 'DOMAIN-CONTROLLER'
> > user_name : ''
> > server_site : 'Default-First-Site-Name'
> > client_site : 'Default-First-Site-Name'
> > sockaddr_size : 0x00 (0)
> > sockaddr: struct nbt_sockaddr
> > sockaddr_family : 0x00000000 (0)
> > pdc_ip : (null)
> > remaining : DATA_BLOB length=0
> > next_closest_site : NULL
> > nt_version : 0x00000005 (5)
> > 1: NETLOGON_NT_VERSION_1
> > 0: NETLOGON_NT_VERSION_5
> > 1: NETLOGON_NT_VERSION_5EX
> > 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> > 0: NETLOGON_NT_VERSION_PDC
> > 0: NETLOGON_NT_VERSION_IP
> > 0: NETLOGON_NT_VERSION_LOCAL
> > 0: NETLOGON_NT_VERSION_GC
> > lmnt_token : 0xffff (65535)
> > lm20_token : 0xffff (65535)
> > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it
> > sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name],
> expire = [2085923199]
> > Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it
> > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got
> it
> > sitename_store: realm = [domain.local], sitename = [Default-First-Site-
> Name], expire = [2085923199]
> > Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got
> it
> > sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-
> Site-Name"
> > internal_resolve_name: looking up domain-controller.domain.local#20
> (sitename Default-First-Site-Name)
> > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and
> timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the
> past)
> > no entry for domain-controller.domain.local#20 found.
> > resolve_lmhosts: Attempting lmhosts lookup for name domain-
> controller.domain.local<0x20>
> > resolve_lmhosts: Attempting lmhosts lookup for name domain-
> controller.domain.local<0x20>
> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> > resolve_wins: WINS server resolution selected and no WINS servers
> listed.
> > resolve_hosts: Attempting host lookup for name domain-
> controller.domain.local<0x20>
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > namecache_store: storing 1 address for domain-
> controller.domain.local#20: 192.168.0.34
> > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and
> timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead)
> > internal_resolve_name: returning 1 addresses: 192.168.0.34:0
> > Connecting to 192.168.0.34 at port 445
> > Socket options:
> > SO_KEEPALIVE = 0
> > SO_REUSEADDR = 0
> > SO_BROADCAST = 0
> > TCP_NODELAY = 1
> > TCP_KEEPCNT = 9
> > TCP_KEEPIDLE = 7200
> > TCP_KEEPINTVL = 75
> > IPTOS_LOWDELAY = 0
> > IPTOS_THROUGHPUT = 0
> > SO_REUSEPORT = 0
> > SO_SNDBUF = 87040
> > SO_RCVBUF = 372480
> > SO_SNDLOWAT = 1
> > SO_RCVLOWAT = 1
> > SO_SNDTIMEO = 0
> > SO_RCVTIMEO = 0
> > TCP_QUICKACK = 1
> > TCP_DEFER_ACCEPT = 0
> > Doing spnego session setup (blob length=120)
> > got OID=1.3.6.1.4.1.311.2.2.30
> > got OID=1.2.840.48018.1.2.2
> > got OID=1.2.840.113554.1.2.2
> > got OID=1.2.840.113554.1.2.2.3
> > got OID=1.3.6.1.4.1.311.2.2.10
> > got principal=not_defined_in_RFC4178 at please_ignore
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'ntlmssp_resume_ccache' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > Starting GENSEC mechanism spnego
> > Starting GENSEC submechanism ntlmssp
> > negotiate: struct NEGOTIATE_MESSAGE
> > Signature : 'NTLMSSP'
> > MessageType : NtLmNegotiate (1)
> > NegotiateFlags : 0x62088215 (1644724757)
> > 1: NTLMSSP_NEGOTIATE_UNICODE
> > 0: NTLMSSP_NEGOTIATE_OEM
> > 1: NTLMSSP_REQUEST_TARGET
> > 1: NTLMSSP_NEGOTIATE_SIGN
> > 0: NTLMSSP_NEGOTIATE_SEAL
> > 0: NTLMSSP_NEGOTIATE_DATAGRAM
> > 0: NTLMSSP_NEGOTIATE_LM_KEY
> > 0: NTLMSSP_NEGOTIATE_NETWARE
> > 1: NTLMSSP_NEGOTIATE_NTLM
> > 0: NTLMSSP_NEGOTIATE_NT_ONLY
> > 0: NTLMSSP_ANONYMOUS
> > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > 0: NTLMSSP_TARGET_TYPE_DOMAIN
> > 0: NTLMSSP_TARGET_TYPE_SERVER
> > 0: NTLMSSP_TARGET_TYPE_SHARE
> > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > 0: NTLMSSP_NEGOTIATE_IDENTIFY
> > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> > 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> > 1: NTLMSSP_NEGOTIATE_VERSION
> > 1: NTLMSSP_NEGOTIATE_128
> > 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> > 0: NTLMSSP_NEGOTIATE_56
> > DomainNameLen : 0x0000 (0)
> > DomainNameMaxLen : 0x0000 (0)
> > DomainName : *
> > DomainName : ''
> > WorkstationLen : 0x0000 (0)
> > WorkstationMaxLen : 0x0000 (0)
> > Workstation : *
> > Workstation : ''
> > Version: struct ntlmssp_VERSION
> > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6
> (6)
> > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1
> (1)
> > ProductBuild : 0x0000 (0)
> > Reserved: ARRAY(3)
> > [0] : 0x00 (0)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
> > Got challenge flags:
> > Got NTLMSSP neg_flags=0x62898215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_TARGET_TYPE_DOMAIN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_TARGET_INFO
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > NTLMSSP: Set final flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > ntlmssp_check_packet: NTLMSSP signature OK !
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > signed SMB2 message
> > signed SMB2 message
> > cli_init_creds: user administrator domain
> > signed SMB2 message
> > Bind RPC Pipe: host domain-controller.domain.local auth_type 0,
> auth_level 1
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND (11)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0048 (72)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000001 (1)
> > u : union dcerpc_payload(case 11)
> > bind: struct dcerpc_bind
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x00000000 (0)
> > num_contexts : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ctx_list
> > context_id : 0x0000 (0)
> > num_transfer_syntaxes : 0x01 (1)
> > abstract_syntax: struct ndr_syntax_id
> > uuid : 12345778-1234-abcd-
> ef00-0123456789ab
> > if_version : 0x00000000 (0)
> > transfer_syntaxes: ARRAY(1)
> > transfer_syntaxes: struct ndr_syntax_id
> > uuid : 8a885d04-1ceb-
> 11c9-9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 52
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND_ACK (12)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0044 (68)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000001 (1)
> > u : union dcerpc_payload(case 12)
> > bind_ack: struct dcerpc_bind_ack
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x0012e7d2 (1238994)
> > secondary_address_size : 0x000c (12)
> > secondary_address : '\pipe\lsass'
> > _pad1 : DATA_BLOB length=2
> > [0000] 00 00 ..
> > num_results : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ack_ctx
> > result :
> DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
> > reason : union
> dcerpc_bind_ack_reason(case 0)
> > value :
> DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
> > syntax: struct ndr_syntax_id
> > uuid : 8a885d04-1ceb-11c9-
> 9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
> > check_bind_response: accepted!
> > cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-
> controller.domain.local and bound anonymously.
> > lsa_OpenPolicy: struct lsa_OpenPolicy
> > in: struct lsa_OpenPolicy
> > system_name : *
> > system_name : 0x005c (92)
> > attr : *
> > attr: struct lsa_ObjectAttribute
> > len : 0x00000018 (24)
> > root_dir : NULL
> > object_name : NULL
> > attributes : 0x00000000 (0)
> > sec_desc : NULL
> > sec_qos : *
> > sec_qos: struct lsa_QosInfo
> > len : 0x0000000c (12)
> > impersonation_level : 0x0002 (2)
> > context_mode : 0x01 (1)
> > effective_only : 0x00 (0)
> > access_mask : 0x02000000 (33554432)
> > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
> > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
> > 0: LSA_POLICY_GET_PRIVATE_INFORMATION
> > 0: LSA_POLICY_TRUST_ADMIN
> > 0: LSA_POLICY_CREATE_ACCOUNT
> > 0: LSA_POLICY_CREATE_SECRET
> > 0: LSA_POLICY_CREATE_PRIVILEGE
> > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
> > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
> > 0: LSA_POLICY_AUDIT_LOG_ADMIN
> > 0: LSA_POLICY_SERVER_ADMIN
> > 0: LSA_POLICY_LOOKUP_NAMES
> > 0: LSA_POLICY_NOTIFICATION
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000002 (2)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x0000002c (44)
> > context_id : 0x0000 (0)
> > opnum : 0x0006 (6)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000002 (2)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u.
> 3.. at ...]
> > [0010] 01 EA 3F 01 00 00 00 00 ..?.....
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > lsa_OpenPolicy: struct lsa_OpenPolicy
> > out: struct lsa_OpenPolicy
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 20967512-1b33-400a-a0ce-
> c95d01ea3f01
> > result : NT_STATUS_OK
> > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> > in: struct lsa_QueryInfoPolicy2
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 20967512-1b33-400a-a0ce-
> c95d01ea3f01
> > level : LSA_POLICY_INFO_DNS (12)
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000003 (3)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000016 (22)
> > context_id : 0x0000 (0)
> > opnum : 0x002e (46)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 176
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x00c0 (192)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000003 (3)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x000000a8 (168)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=168
> >
> > <redacted>
> >
> > Got pdu len 192, data_len 168
> > rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 168 bytes.
> > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> > out: struct lsa_QueryInfoPolicy2
> > info : *
> > info : *
> > info : union
> lsa_PolicyInformation(case 12)
> > dns: struct lsa_DnsDomainInfo
> > name: struct lsa_StringLarge
> > length : 0x0006 (6)
> > size : 0x0008 (8)
> > string : *
> > string : 'DOMAIN'
> > dns_domain: struct lsa_StringLarge
> > length : 0x0012 (18)
> > size : 0x0014 (20)
> > string : *
> > string :
> 'domain.local'
> > dns_forest: struct lsa_StringLarge
> > length : 0x0012 (18)
> > size : 0x0014 (20)
> > string : *
> > string :
> 'domain.local'
> > domain_guid : 681ea09d-d921-4581-
> b653-8f8b8f4eb470
> > sid : *
> > sid : S-1-5-21-
> <redacted>-<redacted>-<redacted>
> > result : NT_STATUS_OK
> > lsa_Close: struct lsa_Close
> > in: struct lsa_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 20967512-1b33-400a-a0ce-
> c95d01ea3f01
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000004 (4)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000014 (20)
> > context_id : 0x0000 (0)
> > opnum : 0x0000 (0)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000004 (4)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 ........
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > lsa_Close: struct lsa_Close
> > out: struct lsa_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 00000000-0000-0000-0000-
> 000000000000
> > result : NT_STATUS_OK
> > signed SMB2 message
> > create_local_private_krb5_conf_for_domain: fname =
> /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain =
> DOMAIN
> > saf_fetch: failed to find server for "domain.local" domain
> > get_dc_list: preferred server list: ", *"
> > internal_resolve_name: looking up domain.local#1c (sitename (null))
> > no entry for domain.local#1C found.
> > resolve_ads: Attempting to resolve KDCs for domain.local using DNS
> > ads_dns_lookup_srv: 1 records returned in the answer section.
> > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88]
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > internal_resolve_name: returning 1 addresses: 192.168.0.34:88
> > Adding 1 DC's from auto lookup
> > check_negative_conn_cache returning result 0 for domain domain.local
> server 192.168.0.34
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > get_dc_list: returning 1 ip addresses in an ordered list
> > get_dc_list: 192.168.0.34:88
> > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> > command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> > sbz : 0x0000 (0)
> > server_type : 0x0000f3fd (62461)
> > 1: NBT_SERVER_PDC
> > 1: NBT_SERVER_GC
> > 1: NBT_SERVER_LDAP
> > 1: NBT_SERVER_DS
> > 1: NBT_SERVER_KDC
> > 1: NBT_SERVER_TIMESERV
> > 1: NBT_SERVER_CLOSEST
> > 1: NBT_SERVER_WRITABLE
> > 1: NBT_SERVER_GOOD_TIMESERV
> > 0: NBT_SERVER_NDNC
> > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> > 1: NBT_SERVER_ADS_WEB_SERVICE
> > 0: NBT_SERVER_HAS_DNS_NAME
> > 0: NBT_SERVER_IS_DEFAULT_NC
> > 0: NBT_SERVER_FOREST_ROOT
> > domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
> > forest : 'domain.local'
> > dns_domain : 'domain.local'
> > pdc_dns_name : 'domain-controller.domain.local'
> > domain_name : 'DOMAIN'
> > pdc_name : 'DOMAIN-CONTROLLER'
> > user_name : ''
> > server_site : 'Default-First-Site-Name'
> > client_site : 'Default-First-Site-Name'
> > sockaddr_size : 0x00 (0)
> > sockaddr: struct nbt_sockaddr
> > sockaddr_family : 0x00000000 (0)
> > pdc_ip : (null)
> > remaining : DATA_BLOB length=0
> > next_closest_site : NULL
> > nt_version : 0x00000005 (5)
> > 1: NETLOGON_NT_VERSION_1
> > 0: NETLOGON_NT_VERSION_5
> > 1: NETLOGON_NT_VERSION_5EX
> > 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> > 0: NETLOGON_NT_VERSION_PDC
> > 0: NETLOGON_NT_VERSION_IP
> > 0: NETLOGON_NT_VERSION_LOCAL
> > 0: NETLOGON_NT_VERSION_GC
> > lmnt_token : 0xffff (65535)
> > lm20_token : 0xffff (65535)
> > get_kdc_ip_string: Returning kdc = 192.168.0.34
> >
> > create_local_private_krb5_conf_for_domain: wrote file
> /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list
> = kdc = 192.168.0.34
> >
> > signed SMB2 message
> > Bind RPC Pipe: host domain-controller.domain.local auth_type 0,
> auth_level 1
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND (11)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0048 (72)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000005 (5)
> > u : union dcerpc_payload(case 11)
> > bind: struct dcerpc_bind
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x00000000 (0)
> > num_contexts : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ctx_list
> > context_id : 0x0000 (0)
> > num_transfer_syntaxes : 0x01 (1)
> > abstract_syntax: struct ndr_syntax_id
> > uuid : 12345778-1234-abcd-
> ef00-0123456789ac
> > if_version : 0x00000001 (1)
> > transfer_syntaxes: ARRAY(1)
> > transfer_syntaxes: struct ndr_syntax_id
> > uuid : 8a885d04-1ceb-
> 11c9-9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 52
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND_ACK (12)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0044 (68)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000005 (5)
> > u : union dcerpc_payload(case 12)
> > bind_ack: struct dcerpc_bind_ack
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x0012e7d3 (1238995)
> > secondary_address_size : 0x000c (12)
> > secondary_address : '\pipe\lsass'
> > _pad1 : DATA_BLOB length=2
> > [0000] 02 00 ..
> > num_results : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ack_ctx
> > result :
> DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
> > reason : union
> dcerpc_bind_ack_reason(case 0)
> > value :
> DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
> > syntax: struct ndr_syntax_id
> > uuid : 8a885d04-1ceb-11c9-
> 9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
> > check_bind_response: accepted!
> > cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-
> controller.domain.local and bound anonymously.
> > samr_Connect2: struct samr_Connect2
> > in: struct samr_Connect2
> > system_name : *
> > system_name : 'domain-
> controller.domain.local'
> > access_mask : 0x00000030 (48)
> > 0: SAMR_ACCESS_CONNECT_TO_SERVER
> > 0: SAMR_ACCESS_SHUTDOWN_SERVER
> > 0: SAMR_ACCESS_INITIALIZE_SERVER
> > 0: SAMR_ACCESS_CREATE_DOMAIN
> > 1: SAMR_ACCESS_ENUM_DOMAINS
> > 1: SAMR_ACCESS_LOOKUP_DOMAIN
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000006 (6)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000044 (68)
> > context_id : 0x0000 (0)
> > opnum : 0x0039 (57)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000006 (6)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y
> ...C.15.
> > [0010] 6F DB 2D 8C 00 00 00 00 o.-.....
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_Connect2: struct samr_Connect2
> > out: struct samr_Connect2
> > connect_handle : *
> > connect_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > result : NT_STATUS_OK
> > samr_OpenDomain: struct samr_OpenDomain
> > in: struct samr_OpenDomain
> > connect_handle : *
> > connect_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > access_mask : 0x00000211 (529)
> > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
> > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
> > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
> > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
> > 1: SAMR_DOMAIN_ACCESS_CREATE_USER
> > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
> > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
> > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
> > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
> > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
> > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
> > sid : *
> > sid : S-1-5-21-<redacted>-
> <redacted>-<redacted>
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000007 (7)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000034 (52)
> > context_id : 0x0000 (0)
> > opnum : 0x0007 (7)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000007 (7)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........
> P..K.b~X
> > [0010] ED BE BA 7D 00 00 00 00 ...}....
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_OpenDomain: struct samr_OpenDomain
> > out: struct samr_OpenDomain
> > domain_handle : *
> > domain_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > result : NT_STATUS_OK
> > Creating account with desired access mask: -536543056
> > samr_CreateUser2: struct samr_CreateUser2
> > in: struct samr_CreateUser2
> > domain_handle : *
> > domain_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > account_name : *
> > account_name: struct lsa_String
> > length : 0x001c (28)
> > size : 0x001c (28)
> > string : *
> > string : 'hostname$'
> > acct_flags : 0x00000080 (128)
> > 0: ACB_DISABLED
> > 0: ACB_HOMDIRREQ
> > 0: ACB_PWNOTREQ
> > 0: ACB_TEMPDUP
> > 0: ACB_NORMAL
> > 0: ACB_MNS
> > 0: ACB_DOMTRUST
> > 1: ACB_WSTRUST
> > 0: ACB_SVRTRUST
> > 0: ACB_PWNOEXP
> > 0: ACB_AUTOLOCK
> > 0: ACB_ENC_TXT_PWD_ALLOWED
> > 0: ACB_SMARTCARD_REQUIRED
> > 0: ACB_TRUSTED_FOR_DELEGATION
> > 0: ACB_NOT_DELEGATED
> > 0: ACB_USE_DES_KEY_ONLY
> > 0: ACB_DONT_REQUIRE_PREAUTH
> > 0: ACB_PW_EXPIRED
> > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
> > 0: ACB_NO_AUTH_DATA_REQD
> > 0: ACB_PARTIAL_SECRETS_ACCOUNT
> > 0: ACB_USE_AES_KEYS
> > access_mask : 0xe00500b0 (3758424240)
> > 0: SAMR_USER_ACCESS_GET_NAME_ETC
> > 0: SAMR_USER_ACCESS_GET_LOCALE
> > 0: SAMR_USER_ACCESS_SET_LOC_COM
> > 0: SAMR_USER_ACCESS_GET_LOGONINFO
> > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES
> > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES
> > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD
> > 1: SAMR_USER_ACCESS_SET_PASSWORD
> > 0: SAMR_USER_ACCESS_GET_GROUPS
> > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
> > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000008 (8)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x0000004c (76)
> > context_id : 0x0000 (0)
> > opnum : 0x0032 (50)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 40
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0038 (56)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000008 (8)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000020 (32)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=32
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........
> d...4...
> > Got pdu len 56, data_len 32
> > rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 32 bytes.
> > samr_CreateUser2: struct samr_CreateUser2
> > out: struct samr_CreateUser2
> > user_handle : *
> > user_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 00000000-0000-0000-0000-
> 000000000000
> > access_granted : *
> > access_granted : 0x00000000 (0)
> > rid : *
> > rid : 0x00000664 (1636)
> > result : NT_STATUS_OBJECT_NAME_NOT_FOUND
> > Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> > samr_Close: struct samr_Close
> > in: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000009 (9)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000014 (20)
> > context_id : 0x0000 (0)
> > opnum : 0x0001 (1)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000009 (9)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 ........
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_Close: struct samr_Close
> > out: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 00000000-0000-0000-0000-
> 000000000000
> > result : NT_STATUS_OK
> > samr_Close: struct samr_Close
> > in: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x0000000a (10)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000014 (20)
> > context_id : 0x0000 (0)
> > opnum : 0x0001 (1)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x0000000a (10)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 ........
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_Close: struct samr_Close
> > out: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : 00000000-0000-0000-0000-
> 000000000000
> > result : NT_STATUS_OK
> > signed SMB2 message
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > out: struct libnet_JoinCtx
> > account_name : NULL
> > netbios_domain_name : 'DOMAIN'
> > dns_domain_name : 'domain.local'
> > forest_name : 'domain.local'
> > dn : NULL
> > domain_sid : *
> > domain_sid : S-1-5-21-<redacted>-
> <redacted>-<redacted>
> > modified_config : 0x00 (0)
> > error_string : 'failed to join domain
> 'DOMAIN.LOCAL' over rpc: The object name is not found.'
> > domain_is_ad : 0x01 (1)
> > result : WERR_BADFILE
> > Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc:
> The object name is not found.
> > return code = -1
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
> Have you set up /etc/krb5.conf and if so, what does it contain ?
> Does your /etc/resolv.conf point at the DC ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list