diff -Nuar samba.0/log.wb-AR32I8 samba.1/log.wb-AR32I8 --- samba.0/log.wb-AR32I8 2013-11-05 17:30:42.288000000 +0100 +++ samba.1/log.wb-AR32I8 2013-11-05 17:30:45.616000000 +0100 @@ -2069,3 +2069,1017 @@ Finished processing child request 20 [2013/11/05 17:30:35.893043, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1358(child_handler) Writing 3555 bytes to parent +[2013/11/05 17:30:42.312053, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:71(child_read_request) + Need to read 56 extra bytes +[2013/11/05 17:30:42.312124, 4, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1333(child_handler) + child daemon request 59 +[2013/11/05 17:30:42.312168, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:458(child_process_request) + child_process_request: request fn NDRCMD +[2013/11/05 17:30:42.312289, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) + winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (AR32I8) +[2013/11/05 17:30:42.312398, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + wbint_LookupName: struct wbint_LookupName + in: struct wbint_LookupName + domain : * + domain : 'ARW2008R2' + name : * + name : 'ADMINISTRATOR' + flags : 0x00000000 (0) +[2013/11/05 17:30:42.312642, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:420(wcache_fetch_seqnum) + wcache_fetch_seqnum: AR32I8 not found +[2013/11/05 17:30:42.312694, 3, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:852(msrpc_sequence_number) + msrpc_sequence_number: fetch sequence_number for AR32I8 +[2013/11/05 17:30:42.315206, 5, pid=7366, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) + Starting GENSEC mechanism spnego +[2013/11/05 17:30:42.315300, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1581(rpc_pipe_bind_send) + Bind RPC Pipe: host BACKUP41 auth_type 9, auth_level 6 +[2013/11/05 17:30:42.315352, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:995(create_generic_auth_rpc_bind_req) + create_generic_auth_rpc_bind_req: generate first token +[2013/11/05 17:30:42.315411, 5, pid=7366, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:649(gensec_start_mech) + Starting GENSEC submechanism ntlmssp3_client +[2013/11/05 17:30:42.315570, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + negotiate: struct NEGOTIATE_MESSAGE + Signature : 'NTLMSSP' + MessageType : NtLmNegotiate (1) + NegotiateFlags : 0x60088235 (1611170357) + 1: NTLMSSP_NEGOTIATE_UNICODE + 0: NTLMSSP_NEGOTIATE_OEM + 1: NTLMSSP_REQUEST_TARGET + 1: NTLMSSP_NEGOTIATE_SIGN + 1: NTLMSSP_NEGOTIATE_SEAL + 0: NTLMSSP_NEGOTIATE_DATAGRAM + 0: NTLMSSP_NEGOTIATE_LM_KEY + 0: NTLMSSP_NEGOTIATE_NETWARE + 1: NTLMSSP_NEGOTIATE_NTLM + 0: NTLMSSP_NEGOTIATE_NT_ONLY + 0: NTLMSSP_ANONYMOUS + 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED + 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED + 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL + 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN + 0: NTLMSSP_TARGET_TYPE_DOMAIN + 0: NTLMSSP_TARGET_TYPE_SERVER + 0: NTLMSSP_TARGET_TYPE_SHARE + 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY + 0: NTLMSSP_NEGOTIATE_IDENTIFY + 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY + 0: NTLMSSP_NEGOTIATE_TARGET_INFO + 0: NTLMSSP_NEGOTIATE_VERSION + 1: NTLMSSP_NEGOTIATE_128 + 1: NTLMSSP_NEGOTIATE_KEY_EXCH + 0: NTLMSSP_NEGOTIATE_56 + DomainNameLen : 0x0006 (6) + DomainNameMaxLen : 0x0006 (6) + DomainName : * + DomainName : 'AR32I8' + WorkstationLen : 0x0008 (8) + WorkstationMaxLen : 0x0008 (8) + Workstation : * + Workstation : 'MEMBER43' +[2013/11/05 17:30:42.316472, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x00 (0) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=80 + [0000] 60 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E `N..+... ...D0B.. + [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 0...+... ..7....0 + [0020] 04 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 ..NTLMSS P.....5. + [0030] 08 60 06 00 06 00 20 00 00 00 08 00 08 00 26 00 .`.... . ......&. + [0040] 00 00 41 52 33 32 49 38 4D 45 4D 42 45 52 34 33 ..AR32I8 MEMBER43 +[2013/11/05 17:30:42.316814, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND (11) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a0 (160) + auth_length : 0x0050 (80) + call_id : 0x0000000c (12) + u : union dcerpc_payload(case 11) + bind: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345778-1234-abcd-ef00-0123456789ac + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=88 + [0000] 09 06 00 00 01 00 00 00 60 4E 06 06 2B 06 01 05 ........ `N..+... + [0010] 05 02 A0 44 30 42 A0 0E 30 0C 06 0A 2B 06 01 04 ...D0B.. 0...+... + [0020] 01 82 37 02 02 0A A2 30 04 2E 4E 54 4C 4D 53 53 ..7....0 ..NTLMSS + [0030] 50 00 01 00 00 00 35 82 08 60 06 00 06 00 20 00 P.....5. .`.... . + [0040] 00 00 08 00 08 00 26 00 00 00 41 52 33 32 49 38 ......&. ..AR32I8 + [0050] 4D 45 4D 42 45 52 34 33 MEMBER43 +[2013/11/05 17:30:42.317659, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:741(rpc_api_pipe_send) + rpc_api_pipe: host BACKUP41 +[2013/11/05 17:30:42.317739, 10, pid=7366, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) + num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=160, this_data=160, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 +[2013/11/05 17:30:42.319200, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) + rpc_read_send: data_to_read: 253 +[2013/11/05 17:30:42.319331, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_BIND_ACK (12) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x010d (269) + auth_length : 0x00c1 (193) + call_id : 0x0000000c (12) + u : union dcerpc_payload(case 12) + bind_ack: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x000b (11) + secondary_address : '\PIPE\samr' + _pad1 : DATA_BLOB length=3 + [0000] 00 00 00 ... + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=201 + [0000] 09 06 00 00 01 00 00 00 A1 81 BE 30 81 BB A0 03 ........ ...0.... + [0010] 0A 01 01 A1 0C 06 0A 2B 06 01 04 01 82 37 02 02 .......+ .....7.. + [0020] 0A A2 81 A5 04 81 A2 4E 54 4C 4D 53 53 50 00 02 .......N TLMSSP.. + [0030] 00 00 00 0C 00 0C 00 30 00 00 00 35 82 89 60 FC .......0 ...5..`. + [0040] C1 7F EB 69 73 97 77 00 00 00 00 00 00 00 00 66 ...is.w. .......f + [0050] 00 66 00 3C 00 00 00 41 00 52 00 33 00 32 00 49 .f.<...A .R.3.2.I + [0060] 00 38 00 02 00 0C 00 41 00 52 00 33 00 32 00 49 .8.....A .R.3.2.I + [0070] 00 38 00 01 00 10 00 42 00 41 00 43 00 4B 00 55 .8.....B .A.C.K.U + [0080] 00 50 00 34 00 31 00 04 00 12 00 61 00 72 00 33 .P.4.1.. ...a.r.3 + [0090] 00 32 00 69 00 38 00 2E 00 71 00 61 00 03 00 24 .2.i.8.. .q.a...$ + [00A0] 00 62 00 61 00 63 00 6B 00 75 00 70 00 34 00 31 .b.a.c.k .u.p.4.1 + [00B0] 00 2E 00 61 00 72 00 33 00 32 00 69 00 38 00 2E ...a.r.3 .2.i.8.. + [00C0] 00 71 00 61 00 00 00 00 00 .q.a.... . +[2013/11/05 17:30:42.320363, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:885(rpc_api_pipe_got_pdu) + rpc_api_pipe: got frag len of 269 at offset 0: NT_STATUS_OK +[2013/11/05 17:30:42.320435, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:940(rpc_api_pipe_got_pdu) + rpc_api_pipe: host BACKUP41 returned 269 bytes. +[2013/11/05 17:30:42.320483, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1447(check_bind_response) + check_bind_response: accepted! +[2013/11/05 17:30:42.320527, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x00 (0) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=193 + [0000] A1 81 BE 30 81 BB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ + [0010] 06 01 04 01 82 37 02 02 0A A2 81 A5 04 81 A2 4E .....7.. .......N + [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 + [0030] 00 00 00 35 82 89 60 FC C1 7F EB 69 73 97 77 00 ...5..`. ...is.w. + [0040] 00 00 00 00 00 00 00 66 00 66 00 3C 00 00 00 41 .......f .f.<...A + [0050] 00 52 00 33 00 32 00 49 00 38 00 02 00 0C 00 41 .R.3.2.I .8.....A + [0060] 00 52 00 33 00 32 00 49 00 38 00 01 00 10 00 42 .R.3.2.I .8.....B + [0070] 00 41 00 43 00 4B 00 55 00 50 00 34 00 31 00 04 .A.C.K.U .P.4.1.. + [0080] 00 12 00 61 00 72 00 33 00 32 00 69 00 38 00 2E ...a.r.3 .2.i.8.. + [0090] 00 71 00 61 00 03 00 24 00 62 00 61 00 63 00 6B .q.a...$ .b.a.c.k + [00A0] 00 75 00 70 00 34 00 31 00 2E 00 61 00 72 00 33 .u.p.4.1 ...a.r.3 + [00B0] 00 32 00 69 00 38 00 2E 00 71 00 61 00 00 00 00 .2.i.8.. .q.a.... + [00C0] 00 . +[2013/11/05 17:30:42.321161, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + challenge: struct CHALLENGE_MESSAGE + Signature : 'NTLMSSP' + MessageType : NtLmChallenge (0x2) + TargetNameLen : 0x000c (12) + TargetNameMaxLen : 0x000c (12) + TargetName : * + TargetName : 'AR32I8' + NegotiateFlags : 0x60898235 (1619624501) + 1: NTLMSSP_NEGOTIATE_UNICODE + 0: NTLMSSP_NEGOTIATE_OEM + 1: NTLMSSP_REQUEST_TARGET + 1: NTLMSSP_NEGOTIATE_SIGN + 1: NTLMSSP_NEGOTIATE_SEAL + 0: NTLMSSP_NEGOTIATE_DATAGRAM + 0: NTLMSSP_NEGOTIATE_LM_KEY + 0: NTLMSSP_NEGOTIATE_NETWARE + 1: NTLMSSP_NEGOTIATE_NTLM + 0: NTLMSSP_NEGOTIATE_NT_ONLY + 0: NTLMSSP_ANONYMOUS + 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED + 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED + 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL + 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN + 1: NTLMSSP_TARGET_TYPE_DOMAIN + 0: NTLMSSP_TARGET_TYPE_SERVER + 0: NTLMSSP_TARGET_TYPE_SHARE + 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY + 0: NTLMSSP_NEGOTIATE_IDENTIFY + 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY + 1: NTLMSSP_NEGOTIATE_TARGET_INFO + 0: NTLMSSP_NEGOTIATE_VERSION + 1: NTLMSSP_NEGOTIATE_128 + 1: NTLMSSP_NEGOTIATE_KEY_EXCH + 0: NTLMSSP_NEGOTIATE_56 + ServerChallenge : fcc17feb69739777 + Reserved : 0000000000000000 + TargetInfoLen : 0x0066 (102) + TargetNameInfoMaxLen : 0x0066 (102) + TargetInfo : * + TargetInfo: struct AV_PAIR_LIST + count : 0x00000005 (5) + pair: ARRAY(5) + pair: struct AV_PAIR + AvId : MsvAvNbDomainName (0x2) + AvLen : 0x000c (12) + Value : union ntlmssp_AvValue(case 0x2) + AvNbDomainName : 'AR32I8' + pair: struct AV_PAIR + AvId : MsvAvNbComputerName (0x1) + AvLen : 0x0010 (16) + Value : union ntlmssp_AvValue(case 0x1) + AvNbComputerName : 'BACKUP41' + pair: struct AV_PAIR + AvId : MsvAvDnsDomainName (0x4) + AvLen : 0x0012 (18) + Value : union ntlmssp_AvValue(case 0x4) + AvDnsDomainName : 'ar32i8.qa' + pair: struct AV_PAIR + AvId : MsvAvDnsComputerName (0x3) + AvLen : 0x0024 (36) + Value : union ntlmssp_AvValue(case 0x3) + AvDnsComputerName : 'backup41.ar32i8.qa' + pair: struct AV_PAIR + AvId : MsvAvEOL (0x0) + AvLen : 0x0000 (0) + Value : union ntlmssp_AvValue(case 0x0) +[2013/11/05 17:30:42.322618, 3, pid=7366, effective(0, 0), real(0, 0)] ../source3/libsmb/ntlmssp.c:455(ntlmssp3_client_challenge) + Got challenge flags: +[2013/11/05 17:30:42.322667, 3, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags) + Got NTLMSSP neg_flags=0x60898235 + NTLMSSP_NEGOTIATE_UNICODE + NTLMSSP_REQUEST_TARGET + NTLMSSP_NEGOTIATE_SIGN + NTLMSSP_NEGOTIATE_SEAL + NTLMSSP_NEGOTIATE_NTLM + NTLMSSP_NEGOTIATE_ALWAYS_SIGN + NTLMSSP_NEGOTIATE_NTLM2 + NTLMSSP_NEGOTIATE_TARGET_INFO + NTLMSSP_NEGOTIATE_128 + NTLMSSP_NEGOTIATE_KEY_EXCH +[2013/11/05 17:30:42.322843, 3, pid=7366, effective(0, 0), real(0, 0)] ../source3/libsmb/ntlmssp.c:477(ntlmssp3_client_challenge) + NTLMSSP: Set final flags: +[2013/11/05 17:30:42.322882, 3, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags) + Got NTLMSSP neg_flags=0x60088235 + NTLMSSP_NEGOTIATE_UNICODE + NTLMSSP_REQUEST_TARGET + NTLMSSP_NEGOTIATE_SIGN + NTLMSSP_NEGOTIATE_SEAL + NTLMSSP_NEGOTIATE_NTLM + NTLMSSP_NEGOTIATE_ALWAYS_SIGN + NTLMSSP_NEGOTIATE_NTLM2 + NTLMSSP_NEGOTIATE_128 + NTLMSSP_NEGOTIATE_KEY_EXCH +[2013/11/05 17:30:42.323121, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + authenticate: struct AUTHENTICATE_MESSAGE + Signature : 'NTLMSSP' + MessageType : NtLmAuthenticate (3) + LmChallengeResponseLen : 0x0018 (24) + LmChallengeResponseMaxLen: 0x0018 (24) + LmChallengeResponse : * + LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) + v1: struct LM_RESPONSE + Response : f23945481a2b6b0c6ff4ca699206ae59c64c062f4998b05b + NtChallengeResponseLen : 0x0092 (146) + NtChallengeResponseMaxLen: 0x0092 (146) + NtChallengeResponse : * + NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 146) + v2: struct NTLMv2_RESPONSE + Response : e482084ec9c8b9fb928b4701f3aa23cc + Challenge: struct NTLMv2_CLIENT_CHALLENGE + RespType : 0x01 (1) + HiRespType : 0x01 (1) + Reserved1 : 0x0000 (0) + Reserved2 : 0x00000000 (0) + TimeStamp : Di Nov 5 17:30:42 2013 CET + ChallengeFromClient : 3462b6f76c568e0e + Reserved3 : 0x00000000 (0) + AvPairs: struct AV_PAIR_LIST + count : 0x00000005 (5) + pair: ARRAY(5) + pair: struct AV_PAIR + AvId : MsvAvNbDomainName (0x2) + AvLen : 0x000c (12) + Value : union ntlmssp_AvValue(case 0x2) + AvNbDomainName : 'AR32I8' + pair: struct AV_PAIR + AvId : MsvAvNbComputerName (0x1) + AvLen : 0x0010 (16) + Value : union ntlmssp_AvValue(case 0x1) + AvNbComputerName : 'BACKUP41' + pair: struct AV_PAIR + AvId : MsvAvDnsDomainName (0x4) + AvLen : 0x0012 (18) + Value : union ntlmssp_AvValue(case 0x4) + AvDnsDomainName : 'ar32i8.qa' + pair: struct AV_PAIR + AvId : MsvAvDnsComputerName (0x3) + AvLen : 0x0024 (36) + Value : union ntlmssp_AvValue(case 0x3) + AvDnsComputerName : 'backup41.ar32i8.qa' + pair: struct AV_PAIR + AvId : MsvAvEOL (0x0) + AvLen : 0x0000 (0) + Value : union ntlmssp_AvValue(case 0x0) + DomainNameLen : 0x000c (12) + DomainNameMaxLen : 0x000c (12) + DomainName : * + DomainName : 'AR32I8' + UserNameLen : 0x0012 (18) + UserNameMaxLen : 0x0012 (18) + UserName : * + UserName : 'MEMBER43$' + WorkstationLen : 0x0010 (16) + WorkstationMaxLen : 0x0010 (16) + Workstation : * + Workstation : 'MEMBER43' + EncryptedRandomSessionKeyLen: 0x0010 (16) + EncryptedRandomSessionKeyMaxLen: 0x0010 (16) + EncryptedRandomSessionKey: * + EncryptedRandomSessionKey: DATA_BLOB length=16 + [0000] 95 EC 7C CF 87 CD F8 F3 88 D4 8B 04 FB CE EF 38 ..|..... .......8 + NegotiateFlags : 0x60088235 (1611170357) + 1: NTLMSSP_NEGOTIATE_UNICODE + 0: NTLMSSP_NEGOTIATE_OEM + 1: NTLMSSP_REQUEST_TARGET + 1: NTLMSSP_NEGOTIATE_SIGN + 1: NTLMSSP_NEGOTIATE_SEAL + 0: NTLMSSP_NEGOTIATE_DATAGRAM + 0: NTLMSSP_NEGOTIATE_LM_KEY + 0: NTLMSSP_NEGOTIATE_NETWARE + 1: NTLMSSP_NEGOTIATE_NTLM + 0: NTLMSSP_NEGOTIATE_NT_ONLY + 0: NTLMSSP_ANONYMOUS + 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED + 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED + 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL + 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN + 0: NTLMSSP_TARGET_TYPE_DOMAIN + 0: NTLMSSP_TARGET_TYPE_SERVER + 0: NTLMSSP_TARGET_TYPE_SHARE + 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY + 0: NTLMSSP_NEGOTIATE_IDENTIFY + 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY + 0: NTLMSSP_NEGOTIATE_TARGET_INFO + 0: NTLMSSP_NEGOTIATE_VERSION + 1: NTLMSSP_NEGOTIATE_128 + 1: NTLMSSP_NEGOTIATE_KEY_EXCH + 0: NTLMSSP_NEGOTIATE_56 +[2013/11/05 17:30:42.324829, 3, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init) + NTLMSSP Sign/Seal - Initialising with flags: +[2013/11/05 17:30:42.324907, 3, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags) + Got NTLMSSP neg_flags=0x60088235 + NTLMSSP_NEGOTIATE_UNICODE + NTLMSSP_REQUEST_TARGET + NTLMSSP_NEGOTIATE_SIGN + NTLMSSP_NEGOTIATE_SEAL + NTLMSSP_NEGOTIATE_NTLM + NTLMSSP_NEGOTIATE_ALWAYS_SIGN + NTLMSSP_NEGOTIATE_NTLM2 + NTLMSSP_NEGOTIATE_128 + NTLMSSP_NEGOTIATE_KEY_EXCH +[2013/11/05 17:30:42.325101, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x00 (0) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=312 + [0000] A1 82 01 34 30 82 01 30 A2 82 01 2C 04 82 01 28 ...40..0 ...,...( + [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ + [0020] 40 00 00 00 92 00 92 00 58 00 00 00 0C 00 0C 00 @....... X....... + [0030] EA 00 00 00 12 00 12 00 F6 00 00 00 10 00 10 00 ........ ........ + [0040] 08 01 00 00 10 00 10 00 18 01 00 00 35 82 08 60 ........ ....5..` + [0050] F2 39 45 48 1A 2B 6B 0C 6F F4 CA 69 92 06 AE 59 .9EH.+k. o..i...Y + [0060] C6 4C 06 2F 49 98 B0 5B E4 82 08 4E C9 C8 B9 FB .L./I..[ ...N.... + [0070] 92 8B 47 01 F3 AA 23 CC 01 01 00 00 00 00 00 00 ..G...#. ........ + [0080] 00 65 98 5E 44 DA CE 01 34 62 B6 F7 6C 56 8E 0E .e.^D... 4b..lV.. + [0090] 00 00 00 00 02 00 0C 00 41 00 52 00 33 00 32 00 ........ A.R.3.2. + [00A0] 49 00 38 00 01 00 10 00 42 00 41 00 43 00 4B 00 I.8..... B.A.C.K. + [00B0] 55 00 50 00 34 00 31 00 04 00 12 00 61 00 72 00 U.P.4.1. ....a.r. + [00C0] 33 00 32 00 69 00 38 00 2E 00 71 00 61 00 03 00 3.2.i.8. ..q.a... + [00D0] 24 00 62 00 61 00 63 00 6B 00 75 00 70 00 34 00 $.b.a.c. k.u.p.4. + [00E0] 31 00 2E 00 61 00 72 00 33 00 32 00 69 00 38 00 1...a.r. 3.2.i.8. + [00F0] 2E 00 71 00 61 00 00 00 00 00 41 00 52 00 33 00 ..q.a... ..A.R.3. + [0100] 32 00 49 00 38 00 4D 00 45 00 4D 00 42 00 45 00 2.I.8.M. E.M.B.E. + [0110] 52 00 34 00 33 00 24 00 4D 00 45 00 4D 00 42 00 R.4.3.$. M.E.M.B. + [0120] 45 00 52 00 34 00 33 00 95 EC 7C CF 87 CD F8 F3 E.R.4.3. ..|..... + [0130] 88 D4 8B 04 FB CE EF 38 .......8 +[2013/11/05 17:30:42.326006, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_ALTER (14) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0188 (392) + auth_length : 0x0138 (312) + call_id : 0x0000000c (12) + u : union dcerpc_payload(case 14) + alter: struct dcerpc_bind + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x00000000 (0) + num_contexts : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ctx_list + context_id : 0x0000 (0) + num_transfer_syntaxes : 0x01 (1) + abstract_syntax: struct ndr_syntax_id + uuid : 12345778-1234-abcd-ef00-0123456789ac + if_version : 0x00000001 (1) + transfer_syntaxes: ARRAY(1) + transfer_syntaxes: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=320 + [0000] 09 06 00 00 01 00 00 00 A1 82 01 34 30 82 01 30 ........ ...40..0 + [0010] A2 82 01 2C 04 82 01 28 4E 54 4C 4D 53 53 50 00 ...,...( NTLMSSP. + [0020] 03 00 00 00 18 00 18 00 40 00 00 00 92 00 92 00 ........ @....... + [0030] 58 00 00 00 0C 00 0C 00 EA 00 00 00 12 00 12 00 X....... ........ + [0040] F6 00 00 00 10 00 10 00 08 01 00 00 10 00 10 00 ........ ........ + [0050] 18 01 00 00 35 82 08 60 F2 39 45 48 1A 2B 6B 0C ....5..` .9EH.+k. + [0060] 6F F4 CA 69 92 06 AE 59 C6 4C 06 2F 49 98 B0 5B o..i...Y .L./I..[ + [0070] E4 82 08 4E C9 C8 B9 FB 92 8B 47 01 F3 AA 23 CC ...N.... ..G...#. + [0080] 01 01 00 00 00 00 00 00 00 65 98 5E 44 DA CE 01 ........ .e.^D... + [0090] 34 62 B6 F7 6C 56 8E 0E 00 00 00 00 02 00 0C 00 4b..lV.. ........ + [00A0] 41 00 52 00 33 00 32 00 49 00 38 00 01 00 10 00 A.R.3.2. I.8..... + [00B0] 42 00 41 00 43 00 4B 00 55 00 50 00 34 00 31 00 B.A.C.K. U.P.4.1. + [00C0] 04 00 12 00 61 00 72 00 33 00 32 00 69 00 38 00 ....a.r. 3.2.i.8. + [00D0] 2E 00 71 00 61 00 03 00 24 00 62 00 61 00 63 00 ..q.a... $.b.a.c. + [00E0] 6B 00 75 00 70 00 34 00 31 00 2E 00 61 00 72 00 k.u.p.4. 1...a.r. + [00F0] 33 00 32 00 69 00 38 00 2E 00 71 00 61 00 00 00 3.2.i.8. ..q.a... + [0100] 00 00 41 00 52 00 33 00 32 00 49 00 38 00 4D 00 ..A.R.3. 2.I.8.M. + [0110] 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 24 00 E.M.B.E. R.4.3.$. + [0120] 4D 00 45 00 4D 00 42 00 45 00 52 00 34 00 33 00 M.E.M.B. E.R.4.3. + [0130] 95 EC 7C CF 87 CD F8 F3 88 D4 8B 04 FB CE EF 38 ..|..... .......8 +[2013/11/05 17:30:42.327281, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:741(rpc_api_pipe_send) + rpc_api_pipe: host BACKUP41 +[2013/11/05 17:30:42.327347, 10, pid=7366, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) + num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=392, this_data=392, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 +[2013/11/05 17:30:42.352525, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) + rpc_read_send: data_to_read: 57 +[2013/11/05 17:30:42.352936, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_ALTER_RESP (15) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0049 (73) + auth_length : 0x0009 (9) + call_id : 0x0000000c (12) + u : union dcerpc_payload(case 15) + alter_resp: struct dcerpc_bind_ack + max_xmit_frag : 0x10b8 (4280) + max_recv_frag : 0x10b8 (4280) + assoc_group_id : 0x000053f0 (21488) + secondary_address_size : 0x0001 (1) + secondary_address : '' + _pad1 : DATA_BLOB length=1 + [0000] 00 . + num_results : 0x01 (1) + ctx_list: ARRAY(1) + ctx_list: struct dcerpc_ack_ctx + result : 0x0000 (0) + reason : 0x0000 (0) + syntax: struct ndr_syntax_id + uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 + if_version : 0x00000002 (2) + auth_info : DATA_BLOB length=17 + [0000] 09 06 00 00 01 00 00 00 A1 07 30 05 A0 03 0A 01 ........ ..0..... + [0010] 00 . +[2013/11/05 17:30:42.354708, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:885(rpc_api_pipe_got_pdu) + rpc_api_pipe: got frag len of 73 at offset 0: NT_STATUS_OK +[2013/11/05 17:30:42.354834, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:940(rpc_api_pipe_got_pdu) + rpc_api_pipe: host BACKUP41 returned 73 bytes. +[2013/11/05 17:30:42.354951, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1447(check_bind_response) + check_bind_response: accepted! +[2013/11/05 17:30:42.355056, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x00 (0) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=9 + [0000] A1 07 30 05 A0 03 0A 01 00 ..0..... . +[2013/11/05 17:30:42.355551, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:3107(cli_rpc_pipe_open_spnego) + cli_rpc_pipe_open_spnego: opened pipe samr to machine BACKUP41. +[2013/11/05 17:30:42.355660, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2323(cm_connect_sam) + cm_connect_sam: connected to SAMR pipe for domain AR32I8 using NTLMSSP authenticated pipe: user AR32I8\MEMBER43$ +[2013/11/05 17:30:42.355944, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + samr_Connect2: struct samr_Connect2 + in: struct samr_Connect2 + system_name : * + system_name : 'BACKUP41' + access_mask : 0x02000000 (33554432) + 0: SAMR_ACCESS_CONNECT_TO_SERVER + 0: SAMR_ACCESS_SHUTDOWN_SERVER + 0: SAMR_ACCESS_INITIALIZE_SERVER + 0: SAMR_ACCESS_CREATE_DOMAIN + 0: SAMR_ACCESS_ENUM_DOMAINS + 0: SAMR_ACCESS_LOOKUP_DOMAIN +[2013/11/05 17:30:42.356583, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0018 (24) + auth_length : 0x0010 (16) + call_id : 0x0000000d (13) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000028 (40) + context_id : 0x0000 (0) + opnum : 0x0039 (57) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=0 +[2013/11/05 17:30:42.357692, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x00 (0) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=0 +[2013/11/05 17:30:42.358212, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) + ntlmssp_seal_data: seal +[2013/11/05 17:30:42.358341, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:741(rpc_api_pipe_send) + rpc_api_pipe: host BACKUP41 +[2013/11/05 17:30:42.358493, 10, pid=7366, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) + num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=88, this_data=88, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 +[2013/11/05 17:30:42.359793, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) + rpc_read_send: data_to_read: 56 +[2013/11/05 17:30:42.360036, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0048 (72) + auth_length : 0x0010 (16) + call_id : 0x0000000d (13) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=1 + [0000] 00 . + stub_and_verifier : DATA_BLOB length=48 + [0000] 14 84 EB 4A 88 21 93 6F 8E C0 80 27 16 2A DB 4F ...J.!.o ...'.*.O + [0010] FF 13 7E 90 72 67 CD 45 09 06 00 00 01 00 00 00 ..~.rg.E ........ + [0020] 01 00 00 00 D1 8A 99 F2 1F 8C 97 D9 00 00 00 00 ........ ........ +[2013/11/05 17:30:42.361281, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:652(dcerpc_check_auth) + Requested Privacy. +[2013/11/05 17:30:42.361470, 6, pid=7366, effective(0, 0), real(0, 0)] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer) + ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0 +[2013/11/05 17:30:42.361577, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:713(dcerpc_check_auth) + GENSEC auth +[2013/11/05 17:30:42.361680, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) + ntlmssp_unseal_packet: seal +[2013/11/05 17:30:42.361792, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) + ntlmssp_check_packet: NTLMSSP signature OK ! +[2013/11/05 17:30:42.361894, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:440(cli_pipe_validate_current_pdu) + Got pdu len 72, data_len 24, ss_len 0 +[2013/11/05 17:30:42.361993, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:885(rpc_api_pipe_got_pdu) + rpc_api_pipe: got frag len of 72 at offset 0: NT_STATUS_OK +[2013/11/05 17:30:42.362091, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:940(rpc_api_pipe_got_pdu) + rpc_api_pipe: host BACKUP41 returned 24 bytes. +[2013/11/05 17:30:42.362257, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + samr_Connect2: struct samr_Connect2 + out: struct samr_Connect2 + connect_handle : * + connect_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000010-0000-0000-7952-6b1dae1f0000 + result : NT_STATUS_OK +[2013/11/05 17:30:42.362723, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + samr_OpenDomain: struct samr_OpenDomain + in: struct samr_OpenDomain + connect_handle : * + connect_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000010-0000-0000-7952-6b1dae1f0000 + access_mask : 0x02000000 (33554432) + 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 + 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 + 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 + 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 + 0: SAMR_DOMAIN_ACCESS_CREATE_USER + 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP + 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS + 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS + 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS + 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT + 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 + sid : * + sid : S-1-5-21-1376953716-2413384141-3399758289 +[2013/11/05 17:30:42.363793, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0018 (24) + auth_length : 0x0010 (16) + call_id : 0x0000000e (14) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000034 (52) + context_id : 0x0000 (0) + opnum : 0x0007 (7) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=0 +[2013/11/05 17:30:42.364767, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x04 (4) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=0 +[2013/11/05 17:30:42.365122, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) + ntlmssp_seal_data: seal +[2013/11/05 17:30:42.365239, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:741(rpc_api_pipe_send) + rpc_api_pipe: host BACKUP41 +[2013/11/05 17:30:42.365504, 10, pid=7366, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) + num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=104, this_data=104, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 +[2013/11/05 17:30:42.367200, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) + rpc_read_send: data_to_read: 56 +[2013/11/05 17:30:42.367443, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0048 (72) + auth_length : 0x0010 (16) + call_id : 0x0000000e (14) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000018 (24) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=1 + [0000] 00 . + stub_and_verifier : DATA_BLOB length=48 + [0000] 81 C8 4E 2F 26 3E 62 D2 3C E2 D4 23 80 6F 02 DC ..N/&>b. <..#.o.. + [0010] D8 04 AD 6A F6 6F E9 F8 09 06 00 00 01 00 00 00 ...j.o.. ........ + [0020] 01 00 00 00 0A 20 D3 C4 7A F3 D6 0A 01 00 00 00 ..... .. z....... +[2013/11/05 17:30:42.368682, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:652(dcerpc_check_auth) + Requested Privacy. +[2013/11/05 17:30:42.368785, 6, pid=7366, effective(0, 0), real(0, 0)] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer) + ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0 +[2013/11/05 17:30:42.368882, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:713(dcerpc_check_auth) + GENSEC auth +[2013/11/05 17:30:42.368981, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) + ntlmssp_unseal_packet: seal +[2013/11/05 17:30:42.369087, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) + ntlmssp_check_packet: NTLMSSP signature OK ! +[2013/11/05 17:30:42.369186, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:440(cli_pipe_validate_current_pdu) + Got pdu len 72, data_len 24, ss_len 0 +[2013/11/05 17:30:42.369283, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:885(rpc_api_pipe_got_pdu) + rpc_api_pipe: got frag len of 72 at offset 0: NT_STATUS_OK +[2013/11/05 17:30:42.369465, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:940(rpc_api_pipe_got_pdu) + rpc_api_pipe: host BACKUP41 returned 24 bytes. +[2013/11/05 17:30:42.369607, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + samr_OpenDomain: struct samr_OpenDomain + out: struct samr_OpenDomain + domain_handle : * + domain_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000011-0000-0000-7952-6b1dae1f0000 + result : NT_STATUS_OK +[2013/11/05 17:30:42.370053, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + samr_QueryDomainInfo: struct samr_QueryDomainInfo + in: struct samr_QueryDomainInfo + domain_handle : * + domain_handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 00000011-0000-0000-7952-6b1dae1f0000 + level : DomainModifiedInformation (8) +[2013/11/05 17:30:42.370525, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0018 (24) + auth_length : 0x0010 (16) + call_id : 0x0000000f (15) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000016 (22) + context_id : 0x0000 (0) + opnum : 0x0008 (8) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=0 +[2013/11/05 17:30:42.371483, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x02 (2) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=0 +[2013/11/05 17:30:42.371849, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) + ntlmssp_seal_data: seal +[2013/11/05 17:30:42.371897, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:741(rpc_api_pipe_send) + rpc_api_pipe: host BACKUP41 +[2013/11/05 17:30:42.371955, 10, pid=7366, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) + num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 +[2013/11/05 17:30:42.372703, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) + rpc_read_send: data_to_read: 64 +[2013/11/05 17:30:42.372800, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0050 (80) + auth_length : 0x0010 (16) + call_id : 0x0000000f (15) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x0000001c (28) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=1 + [0000] 00 . + stub_and_verifier : DATA_BLOB length=56 + [0000] 8B E4 15 66 A6 2C 1D 34 F3 17 15 39 18 08 F0 FD ...f.,.4 ...9.... + [0010] C4 AC E1 9E DE 05 5D 34 19 A5 22 61 BC A3 C1 09 ......]4 .."a.... + [0020] 09 06 04 00 01 00 00 00 01 00 00 00 91 A1 35 1D ........ ......5. + [0030] 92 C9 35 D4 02 00 00 00 ..5..... +[2013/11/05 17:30:42.373308, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:652(dcerpc_check_auth) + Requested Privacy. +[2013/11/05 17:30:42.373398, 6, pid=7366, effective(0, 0), real(0, 0)] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer) + ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4 +[2013/11/05 17:30:42.373442, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:713(dcerpc_check_auth) + GENSEC auth +[2013/11/05 17:30:42.373482, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) + ntlmssp_unseal_packet: seal +[2013/11/05 17:30:42.373526, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) + ntlmssp_check_packet: NTLMSSP signature OK ! +[2013/11/05 17:30:42.373565, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:440(cli_pipe_validate_current_pdu) + Got pdu len 80, data_len 28, ss_len 4 +[2013/11/05 17:30:42.373604, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:885(rpc_api_pipe_got_pdu) + rpc_api_pipe: got frag len of 80 at offset 0: NT_STATUS_OK +[2013/11/05 17:30:42.373644, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:940(rpc_api_pipe_got_pdu) + rpc_api_pipe: host BACKUP41 returned 28 bytes. +[2013/11/05 17:30:42.373714, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + samr_QueryDomainInfo: struct samr_QueryDomainInfo + out: struct samr_QueryDomainInfo + info : * + info : * + info : union samr_DomainInfo(case 8) + info8: struct samr_DomInfo8 + sequence_num : 0x0000000052791d6b (1383669099) + domain_create_time : NTTIME(0) + result : NT_STATUS_OK +[2013/11/05 17:30:42.373949, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_rpc.c:949(rpc_sequence_number) + domain_sequence_number: for domain AR32I8 is 1383669099 +[2013/11/05 17:30:42.374073, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:496(wcache_store_seqnum) + wcache_store_seqnum: success [AR32I8][1383669099 @ 1383669042] +[2013/11/05 17:30:42.374118, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:583(refresh_sequence_number) + refresh_sequence_number: AR32I8 seq number is now 1383669099 +[2013/11/05 17:30:42.374222, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1869(name_to_sid) + name_to_sid: [Cached] - doing backend query for name for domain AR32I8 +[2013/11/05 17:30:42.374269, 3, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) + msrpc_name_to_sid: name=ARW2008R2\ADMINISTRATOR +[2013/11/05 17:30:42.374322, 3, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) + name_to_sid [rpc] ARW2008R2\ADMINISTRATOR for domain ARW2008R2 +[2013/11/05 17:30:42.374426, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + lsa_LookupNames: struct lsa_LookupNames + in: struct lsa_LookupNames + handle : * + handle: struct policy_handle + handle_type : 0x00000000 (0) + uuid : 0000000f-0000-0000-7952-651dae1f0000 + num_names : 0x00000001 (1) + names: ARRAY(1) + names: struct lsa_String + length : 0x002e (46) + size : 0x002e (46) + string : * + string : 'ARW2008R2\ADMINISTRATOR' + sids : * + sids: struct lsa_TransSidArray + count : 0x00000000 (0) + sids : NULL + level : LSA_LOOKUP_NAMES_ALL (1) + count : * + count : 0x00000000 (0) +[2013/11/05 17:30:42.374874, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_REQUEST (0) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x0018 (24) + auth_length : 0x0010 (16) + call_id : 0x00000010 (16) + u : union dcerpc_payload(case 0) + request: struct dcerpc_request + alloc_hint : 0x00000070 (112) + context_id : 0x0000 (0) + opnum : 0x000e (14) + object : union dcerpc_object(case 0) + empty: struct dcerpc_empty + _pad : DATA_BLOB length=0 + stub_and_verifier : DATA_BLOB length=0 +[2013/11/05 17:30:42.375260, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + &r: struct dcerpc_auth + auth_type : DCERPC_AUTH_TYPE_SPNEGO (9) + auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) + auth_pad_length : 0x00 (0) + auth_reserved : 0x00 (0) + auth_context_id : 0x00000001 (1) + credentials : DATA_BLOB length=0 +[2013/11/05 17:30:42.375401, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) + ntlmssp_seal_data: seal +[2013/11/05 17:30:42.375449, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:741(rpc_api_pipe_send) + rpc_api_pipe: host BACKUP41 +[2013/11/05 17:30:42.375507, 10, pid=7366, effective(0, 0), real(0, 0)] ../libcli/smb/smb1cli_trans.c:334(smb1cli_trans_format) + num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=160, this_data=160, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 +[2013/11/05 17:30:45.601091, 5, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:100(rpc_read_send) + rpc_read_send: data_to_read: 152 +[2013/11/05 17:30:45.601618, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) + r: struct ncacn_packet + rpc_vers : 0x05 (5) + rpc_vers_minor : 0x00 (0) + ptype : DCERPC_PKT_RESPONSE (2) + pfc_flags : 0x03 (3) + drep: ARRAY(4) + [0] : 0x10 (16) + [1] : 0x00 (0) + [2] : 0x00 (0) + [3] : 0x00 (0) + frag_length : 0x00a8 (168) + auth_length : 0x0010 (16) + call_id : 0x00000010 (16) + u : union dcerpc_payload(case 2) + response: struct dcerpc_response + alloc_hint : 0x00000074 (116) + context_id : 0x0000 (0) + cancel_count : 0x00 (0) + _pad : DATA_BLOB length=1 + [0000] 00 . + stub_and_verifier : DATA_BLOB length=144 + [0000] 2F 65 ED A9 19 0F 39 CB A9 99 E9 B3 9D A1 3A C1 /e....9. ......:. + [0010] 9C 98 A3 27 13 18 0D B7 4F 9C AE D8 07 D0 B9 7C ...'.... O......| + [0020] 06 E1 19 96 F1 62 6C 25 7B 75 CA 6F CE D5 19 B6 .....bl% {u.o.... + [0030] 36 43 5E D5 C3 96 76 B4 EA 15 87 31 D4 F8 31 64 6C^...v. ...1..1d + [0040] 7B 57 B6 AD B0 F8 7D AA 7E 95 6D 81 DB F4 62 03 {W....}. ~.m...b. + [0050] 63 48 68 F4 AD DF 3B 51 1F 03 CB 1F D9 5D CC 7E cHh...;Q .....].~ + [0060] 24 E9 DE 02 7C 01 14 4B 49 04 F5 58 90 6D E1 EE $...|..K I..X.m.. + [0070] 92 B3 E3 EB 60 5A 7A 43 09 06 04 00 01 00 00 00 ....`ZzC ........ + [0080] 01 00 00 00 79 67 DE C2 2A A6 51 75 02 00 00 00 ....yg.. *.Qu.... +[2013/11/05 17:30:45.603540, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:652(dcerpc_check_auth) + Requested Privacy. +[2013/11/05 17:30:45.603650, 6, pid=7366, effective(0, 0), real(0, 0)] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer) + ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4 +[2013/11/05 17:30:45.603790, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:713(dcerpc_check_auth) + GENSEC auth +[2013/11/05 17:30:45.603898, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) + ntlmssp_unseal_packet: seal +[2013/11/05 17:30:45.604020, 10, pid=7366, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) + ntlmssp_check_packet: NTLMSSP signature OK ! +[2013/11/05 17:30:45.604121, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:440(cli_pipe_validate_current_pdu) + Got pdu len 168, data_len 116, ss_len 4 +[2013/11/05 17:30:45.604224, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:885(rpc_api_pipe_got_pdu) + rpc_api_pipe: got frag len of 168 at offset 0: NT_STATUS_OK +[2013/11/05 17:30:45.604324, 10, pid=7366, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:940(rpc_api_pipe_got_pdu) + rpc_api_pipe: host BACKUP41 returned 116 bytes. +[2013/11/05 17:30:45.604558, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + lsa_LookupNames: struct lsa_LookupNames + out: struct lsa_LookupNames + domains : * + domains : * + domains: struct lsa_RefDomainList + count : 0x00000001 (1) + domains : * + domains: ARRAY(1) + domains: struct lsa_DomainInfo + name: struct lsa_StringLarge + length : 0x000c (12) + size : 0x000e (14) + string : * + string : 'AR32I8' + sid : * + sid : S-1-5-21-1376953716-2413384141-3399758289 + max_size : 0x00000020 (32) + sids : * + sids: struct lsa_TransSidArray + count : 0x00000001 (1) + sids : * + sids: ARRAY(1) + sids: struct lsa_TranslatedSid + sid_type : SID_NAME_USER (1) + rid : 0x000001f4 (500) + sid_index : 0x00000000 (0) + count : * + count : 0x00000001 (1) + result : NT_STATUS_OK +[2013/11/05 17:30:45.606165, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:538(refresh_sequence_number) + refresh_sequence_number: AR32I8 time ok +[2013/11/05 17:30:45.606298, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:583(refresh_sequence_number) + refresh_sequence_number: AR32I8 seq number is now 1383669099 +[2013/11/05 17:30:45.606534, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:961(wcache_save_name_to_sid) + wcache_save_name_to_sid: ARW2008R2\ADMINISTRATOR -> S-1-5-21-1376953716-2413384141-3399758289-500 (NT_STATUS_OK) +[2013/11/05 17:30:45.606778, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:991(wcache_save_sid_to_name) + wcache_save_sid_to_name: S-1-5-21-1376953716-2413384141-3399758289-500 -> ARW2008R2\administrator (NT_STATUS_OK) +[2013/11/05 17:30:45.606893, 1, pid=7366, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + wbint_LookupName: struct wbint_LookupName + out: struct wbint_LookupName + type : * + type : SID_NAME_USER (1) + sid : * + sid : S-1-5-21-1376953716-2413384141-3399758289-500 + result : NT_STATUS_OK +[2013/11/05 17:30:45.607392, 4, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1341(child_handler) + Finished processing child request 59 +[2013/11/05 17:30:45.607497, 10, pid=7366, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1358(child_handler) + Writing 3532 bytes to parent diff -Nuar samba.0/log.winbindd samba.1/log.winbindd --- samba.0/log.winbindd 2013-11-05 17:30:42.292000000 +0100 +++ samba.1/log.winbindd 2013-11-05 17:30:45.616000000 +0100 @@ -1294,3 +1294,77 @@ set_dc_type_and_flags_connect: domain AR32I8 is NOT running active directory. [2013/11/05 17:30:39.589630, 5, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:525(winbind_child_died) Already reaped child 7367 died +[2013/11/05 17:30:42.306082, 6, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:870(new_connection) + accepted socket 22 +[2013/11/05 17:30:42.306587, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn INTERFACE_VERSION +[2013/11/05 17:30:42.306718, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version) + [ 7369]: request interface version +[2013/11/05 17:30:42.306877, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:INTERFACE_VERSION]: delivered response to client +[2013/11/05 17:30:42.307099, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn WINBINDD_PRIV_PIPE_DIR +[2013/11/05 17:30:42.307208, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir) + [ 7369]: request location of privileged pipe +[2013/11/05 17:30:42.307373, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:WINBINDD_PRIV_PIPE_DIR]: delivered response to client +[2013/11/05 17:30:42.307606, 6, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:870(new_connection) + accepted socket 25 +[2013/11/05 17:30:42.308076, 6, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:918(winbind_client_request_read) + closing socket 22, client exited +[2013/11/05 17:30:42.308301, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn INTERFACE_VERSION +[2013/11/05 17:30:42.308407, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version) + [ 7369]: request interface version +[2013/11/05 17:30:42.308546, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:INTERFACE_VERSION]: delivered response to client +[2013/11/05 17:30:42.308802, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn INFO +[2013/11/05 17:30:42.308917, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:383(winbindd_info) + [ 7369]: request misc info +[2013/11/05 17:30:42.309095, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:INFO]: delivered response to client +[2013/11/05 17:30:42.309316, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn NETBIOS_NAME +[2013/11/05 17:30:42.309518, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:416(winbindd_netbios_name) + [ 7369]: request netbios name +[2013/11/05 17:30:42.309667, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:NETBIOS_NAME]: delivered response to client +[2013/11/05 17:30:42.309873, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn DOMAIN_NAME +[2013/11/05 17:30:42.309978, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name) + [ 7369]: request domain name +[2013/11/05 17:30:42.310119, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:DOMAIN_NAME]: delivered response to client +[2013/11/05 17:30:42.310340, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:720(process_request) + process_request: request fn DOMAIN_INFO +[2013/11/05 17:30:42.310446, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info) + [ 7369]: domain_info [AR32I8] +[2013/11/05 17:30:42.310629, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:DOMAIN_INFO]: delivered response to client +[2013/11/05 17:30:42.310902, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:693(process_request) + process_request: Handling async request 7369:LOOKUPNAME +[2013/11/05 17:30:42.311083, 3, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send) + lookupname ARW2008R2+Administrator +[2013/11/05 17:30:42.311407, 1, pid=7364, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + wbint_LookupName: struct wbint_LookupName + in: struct wbint_LookupName + domain : * + domain : 'ARW2008R2' + name : * + name : 'ADMINISTRATOR' + flags : 0x00000000 (0) +[2013/11/05 17:30:45.607986, 1, pid=7364, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) + wbint_LookupName: struct wbint_LookupName + out: struct wbint_LookupName + type : * + type : SID_NAME_USER (1) + sid : * + sid : S-1-5-21-1376953716-2413384141-3399758289-500 + result : NT_STATUS_OK +[2013/11/05 17:30:45.608538, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done) + wb_request_done[7369:LOOKUPNAME]: NT_STATUS_OK +[2013/11/05 17:30:45.611909, 10, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) + winbind_client_response_written[7369:LOOKUPNAME]: delivered response to client +[2013/11/05 17:30:45.612297, 6, pid=7364, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:918(winbind_client_request_read) + closing socket 25, client exited