From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Jan 31 00:00:00 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 970C1BE0 for ; Fri, 31 Jan 2014 00:00:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6ED981323 for ; Fri, 31 Jan 2014 00:00:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s0V000UP073681 for ; Fri, 31 Jan 2014 00:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s0V000FC073678; Fri, 31 Jan 2014 00:00:00 GMT (envelope-from gnats) Resent-Date: Fri, 31 Jan 2014 00:00:00 GMT Resent-Message-Id: <201401310000.s0V000FC073678@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Pascal Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A67B3BBC for ; Thu, 30 Jan 2014 23:58:05 +0000 (UTC) Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 919841310 for ; Thu, 30 Jan 2014 23:58:05 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id s0UNw5IM096303 for ; Thu, 30 Jan 2014 23:58:05 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id s0UNw513096302; Thu, 30 Jan 2014 23:58:05 GMT (envelope-from nobody) Message-Id: <201401302358.s0UNw513096302@oldred.freebsd.org> Date: Thu, 30 Jan 2014 23:58:05 GMT From: Pascal To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/186287: samba36: looping detected inside krb5_get_in_tkt on 10.0-RELEASE X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jan 2014 00:00:00 -0000 >Number: 186287 >Category: ports >Synopsis: samba36: looping detected inside krb5_get_in_tkt on 10.0-RELEASE >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 31 00:00:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Pascal >Release: 10.0-RELEASE >Organization: >Environment: FreeBSD 10.0-RELEASE #0 r260789 amd64 >Description: Unable to join samba domain via "net ads join -U ". Problem is 100% repeatable with 10.0-RELEASE and samba36 from ports. 9.2-RELEASE works fine with exactly the same configuration. To further test I have tried both a freebsd-update from 9.2 -> 10.0 and also a clean install of 10.0 - same behavior each time on 10.0. kinit works fine and net ads info is able to display correct looking information on both 9.2 and 10.0, it's just net ads join that is not working. Attached is debug output of the failing net ads join trace (debug level 10). >How-To-Repeat: Run net ads join -U on 10.0-RELEASE using samba36 compiled from ports with appropriate active directory config parameters. >Fix: Not known. Patch attached with submission follows: INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf" Processing section "[global]" doing parameter workgroup = PV doing parameter security = ADS doing parameter realm = PV.LOCAL doing parameter encrypt passwords = yes doing parameter max protocol = SMB2 doing parameter idmap config *:backend = tdb doing parameter idmap config *:range = 100000-299999 doing parameter idmap config PV:range = 10000-99999 doing parameter winbind trusted domains only = no doing parameter winbind use default domain = yes doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter client use spnego principal = yes doing parameter send spnego principal = yes pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_MEMBER Substituting charset 'US-ASCII' for LOCALE Netbios name list:- my_netbios_names[0]="FREEBSD10NAS" added interface em0 ip=192.168.100.51 bcast=192.168.100.255 netmask=255.255.255.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'FREEBSD10NAS' domain_name : * domain_name : 'PV.LOCAL' account_ou : NULL admin_account : 'cybersecure' machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) Opening cache file at /var/db/samba/gencache.tdb Opening cache file at /var/db/samba/gencache_notrans.tdb sitename_fetch: Returning sitename for PV.LOCAL: "Default-First-Site-Name" dsgetdcname_internal: domain_name: PV.LOCAL, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40001011 debug_dsdcinfo_flags: 0x40001011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME dsgetdcname_rediscover ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed pv-sbs.pv.local [0, 100, 389] LDAP ping to pv-sbs.pv.local &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000033fd (13309) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 269e9f83-49b6-4463-a718-f407184f382d forest : 'pv.local' dns_domain : 'pv.local' pdc_dns_name : 'PV-SBS.pv.local' domain_name : 'PV' pdc_name : 'PV-SBS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) Adding cache entry with key = DSGETDCNAME/DOMAIN/PV and timeout = Fri Jan 31 11:05:28 2014 (900 seconds ahead) sitename_store: realm = [PV], sitename = [Default-First-Site-Name], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/PV and timeout = Tue Jan 19 14:14:07 2038 (756357819 seconds ahead) Adding cache entry with key = DSGETDCNAME/DOMAIN/PV.LOCAL and timeout = Fri Jan 31 11:05:28 2014 (900 seconds ahead) sitename_store: realm = [pv.local], sitename = [Default-First-Site-Name], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/PV.LOCAL and timeout = Tue Jan 19 14:14:07 2038 (756357819 seconds ahead) Connecting to host=PV-SBS.pv.local sitename_fetch: Returning sitename for PV.LOCAL: "Default-First-Site-Name" internal_resolve_name: looking up PV-SBS.pv.local#20 (sitename Default-First-Site-Name) name PV-SBS.pv.local#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Running timed event "tevent_req_timedout" 0x80682fae0 Connecting to 192.168.100.11 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 4 Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 33304 SO_RCVBUF = 66608 SO_SNDLOWAT = 2048 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Substituting charset 'US-ASCII' for LOCALE Doing spnego session setup (blob length=136) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0002 (2) DomainNameMaxLen : 0x0002 (2) DomainName : * DomainName : 'PV' WorkstationLen : 0x000c (12) WorkstationMaxLen : 0x000c (12) Workstation : * Workstation : 'FREEBSD10NAS' challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0004 (4) TargetNameMaxLen : 0x0004 (4) TargetName : * TargetName : 'PV' NegotiateFlags : 0x62898215 (1653178901) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : 45f0293b94aa16dc Reserved : 0000000000000000 TargetInfoLen : 0x0072 (114) TargetNameInfoMaxLen : 0x0072 (114) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'PV' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PV-SBS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'pv.local' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'PV-SBS.pv.local' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'pv.local' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Fri Jan 31 10:51:27 2014 EST pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x1db1 (7601) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 30c162ad0b3c9b6020c1ed79b1ed07480daf910922a60885 NtChallengeResponseLen : 0x009e (158) NtChallengeResponseMaxLen: 0x009e (158) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 158) v2: struct NTLMv2_RESPONSE Response : 01f4c32c7364d16b1c10706145ebf84b Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Fri Jan 31 10:50:28 2014 EST ChallengeFromClient : bb6d86f3830cae23 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'PV' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PV-SBS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'pv.local' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'PV-SBS.pv.local' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'pv.local' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Fri Jan 31 10:51:27 2014 EST pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x0016 (22) UserNameMaxLen : 0x0016 (22) UserName : * UserName : 'cybersecure' WorkstationLen : 0x0018 (24) WorkstationMaxLen : 0x0018 (24) Workstation : * Workstation : 'FREEBSD10NAS' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] BD 4D 79 7B AE 4F D9 54 E9 E7 1B BB B2 C2 EA 89 .My{.O.T ........ NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH cli_init_creds: user cybersecure domain Bind RPC Pipe: host PV-SBS.pv.local auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00004728 (18216) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine PV-SBS.pv.local and bound anonymously. lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 54 DA 88 1E DF 9C BF 44 85 2D 5C 4D ....T... ...D.-\M [0010] E4 87 7A 2F 00 00 00 00 ..z/.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1e88da54-9cdf-44bf-852d-5c4de4877a2f result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1e88da54-9cdf-44bf-852d-5c4de4877a2f level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 164 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00b4 (180) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000009c (156) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=156 [0000] 00 00 02 00 0C 00 00 00 04 00 06 00 04 00 02 00 ........ ........ [0010] 10 00 12 00 08 00 02 00 10 00 12 00 0C 00 02 00 ........ ........ [0020] 83 9F 9E 26 B6 49 63 44 A7 18 F4 07 18 4F 38 2D ...&.IcD .....O8- [0030] 10 00 02 00 03 00 00 00 00 00 00 00 02 00 00 00 ........ ........ [0040] 50 00 56 00 09 00 00 00 00 00 00 00 08 00 00 00 P.V..... ........ [0050] 70 00 76 00 2E 00 6C 00 6F 00 63 00 61 00 6C 00 p.v...l. o.c.a.l. [0060] 09 00 00 00 00 00 00 00 08 00 00 00 70 00 76 00 ........ ....p.v. [0070] 2E 00 6C 00 6F 00 63 00 61 00 6C 00 04 00 00 00 ..l.o.c. a.l..... [0080] 01 04 00 00 00 00 00 05 15 00 00 00 7D 63 2F 62 ........ ....}c/b [0090] E6 1F ED D7 6D 29 F5 61 00 00 00 00 ....m).a .... Got pdu len 180, data_len 156, ss_len 0 rpc_api_pipe: got frag len of 180 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 156 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x0004 (4) size : 0x0006 (6) string : * string : 'PV' dns_domain: struct lsa_StringLarge length : 0x0010 (16) size : 0x0012 (18) string : * string : 'pv.local' dns_forest: struct lsa_StringLarge length : 0x0010 (16) size : 0x0012 (18) string : * string : 'pv.local' domain_guid : 269e9f83-49b6-4463-a718-f407184f382d sid : * sid : S-1-5-21-1647272829-3622641638-1643456877 result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1e88da54-9cdf-44bf-852d-5c4de4877a2f &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK create_local_private_krb5_conf_for_domain: fname = /var/db/samba/smb_krb5/krb5.conf.PV, realm = pv.local, domain = PV saf_fetch[join]: Returning "PV-SBS.pv.local" for "pv.local" domain get_dc_list: preferred server list: "PV-SBS.pv.local, *" internal_resolve_name: looking up pv.local#1c (sitename (null)) no entry for pv.local#1C found. resolve_ads: Attempting to resolve KDCs for pv.local using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed pv-sbs.pv.local [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 192.168.100.11:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for PV.LOCAL: "Default-First-Site-Name" internal_resolve_name: looking up PV-SBS.pv.local#20 (sitename Default-First-Site-Name) name PV-SBS.pv.local#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain pv.local server 192.168.100.11 check_negative_conn_cache returning result 0 for domain pv.local server 192.168.100.11 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 2 ip addresses in an ordered list get_dc_list: 192.168.100.11:389 192.168.100.11:88 get_kdc_ip_string: Returning kdc = 192.168.100.11 create_local_private_krb5_conf_for_domain: wrote file /var/db/samba/smb_krb5/krb5.conf.PV with realm PV.LOCAL KDC list = kdc = 192.168.100.11 Bind RPC Pipe: host PV-SBS.pv.local auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ac if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00004729 (18217) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe \samr to machine PV-SBS.pv.local and bound anonymously. samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'PV-SBS.pv.local' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0039 (57) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 CF C2 0F B6 31 16 0E 45 BD 8F 83 80 ........ 1..E.... [0010] A2 09 6E 4D 00 00 00 00 ..nM.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : b60fc2cf-1631-450e-bd8f-8380a2096e4d result : NT_STATUS_OK samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : b60fc2cf-1631-450e-bd8f-8380a2096e4d access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-1647272829-3622641638-1643456877 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 14 29 26 19 1E 1A 2E 44 AA 29 F0 57 .....)&. ...D.).W [0010] 16 BA F8 75 00 00 00 00 ...u.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19262914-1a1e-442e-aa29-f05716baf875 result : NT_STATUS_OK Creating account with desired access mask: -536543056 samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19262914-1a1e-442e-aa29-f05716baf875 account_name : * account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'freebsd10nas$' acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x0032 (50) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=100, this_data=100, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 40 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 C0 ........ ....c... Got pdu len 56, data_len 32, ss_len 0 rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 32 bytes. samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000000 (0) result : NT_STATUS_USER_EXISTS samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19262914-1a1e-442e-aa29-f05716baf875 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'freebsd10nas$' &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000052 (82) context_id : 0x0000 (0) opnum : 0x0011 (17) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=106, this_data=106, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 44 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=36 [0000] 01 00 00 00 00 00 02 00 01 00 00 00 45 08 00 00 ........ ....E... [0010] 01 00 00 00 04 00 02 00 01 00 00 00 01 00 00 00 ........ ........ [0020] 00 00 00 00 .... Got pdu len 60, data_len 36, ss_len 0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 36 bytes. samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000845 (2117) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19262914-1a1e-442e-aa29-f05716baf875 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x00000845 (2117) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 B6 94 AD 8C 4F 79 D2 48 B1 A3 D1 BC ........ Oy.H.... [0010] B8 3F CE C6 00 00 00 00 .?...... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 8cad94b6-794f-48d2-b1a3-d1bcb83fcec6 result : NT_STATUS_OK samr_SetUserInfo: struct samr_SetUserInfo in: struct samr_SetUserInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 8cad94b6-794f-48d2-b1a3-d1bcb83fcec6 level : UserControlInformation (16) info : * info : union samr_UserInfo(case 16) info16: struct samr_UserInfo16 acct_flags : 0x00000280 (640) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0025 (37) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 12 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... Got pdu len 28, data_len 4, ss_len 0 rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 4 bytes. samr_SetUserInfo: struct samr_SetUserInfo out: struct samr_SetUserInfo result : NT_STATUS_OK samr_SetUserInfo2: struct samr_SetUserInfo2 in: struct samr_SetUserInfo2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 8cad94b6-794f-48d2-b1a3-d1bcb83fcec6 level : UserInternal5InformationNew (26) info : * info : union samr_UserInfo(case 26) info26: struct samr_UserInfo26 password: struct samr_CryptPasswordEx data : 4067afaf3d25cfd6e26f78117053115190c54a038ac487b172c8f5bc48f9f76739e90e09d80f4078a77e15baf66146dd4e59a07ae074f84462b08edef445e4af95d52820f0d95e1eb7c26192cd054f968b34615a6613dd82848680d9660f7b592dc27356bba84fac163a6dbb6c4decd0376bb422c748ca215a2a56338e415fff0c7ad7e86f875d0823b525d1235a99797fbb90b00967c040ae9bb642ba7a528150bbd93dbbdc60568ace5fcb983b0d42bce8c37eb0898763702986c41db636f61cdb496e4eb24c9629f88dd4d7734864fff35e6bfbdce5c1ae6c93883512043b5cd5676cf8bf20bf6abcfcae18a809ea03f04948f69a38ac1ca20bca9eab80bdb604214799a163711b23e129eb04895094dd7f630197743c44691fa1329aa95a81dc68e97dc80626ac9a03e91d90935a277808069d2146cb89c8633e580f2e163bc9597b435fd57de4c7ad9836adef1fb4bc511cd763f296c148ed071198ccc4a35506f39f928115ba546b0ddbfbfa658c09223dc2b5ff2ffc9f6494f35e89fac1bb8f7571f164be000c31c3b21800f3239f0c974bced4676e1a5b4e89d65df2f99986f6ae96f07537014e6b8c56474906293df6ea8c2f7207fa8118c1d389f1aa0949bf10a4de50de664cb1a3daeda06dc1597e878c13c8161 ac0ef41d54da165d86d13c16a +> e1980e505b2c246c173081dd9a30db8a3873a5889e71c38f3bed5cfb6a237bd5d5889a630c7fef2b2dbe907e8312 password_expired : 0x00 (0) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000022d (557) context_id : 0x0000 (0) opnum : 0x003a (58) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=581, this_data=581, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 12 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... Got pdu len 28, data_len 4, ss_len 0 rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 4 bytes. samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : b60fc2cf-1631-450e-bd8f-8380a2096e4d &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19262914-1a1e-442e-aa29-f05716baf875 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 8cad94b6-794f-48d2-b1a3-d1bcb83fcec6 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PV-SBS.pv.local num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PV-SBS.pv.local returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK Locking key 534543524554532F5349 Allocated locked data 0x0x806832560 Unlocking key 534543524554532F5349 Locking key 534543524554532F4D41 Allocated locked data 0x0x806860320 Unlocking key 534543524554532F4D41 Locking key 534543524554532F4D41 Allocated locked data 0x0x806860320 Unlocking key 534543524554532F4D41 Locking key 534543524554532F4D41 Allocated locked data 0x0x80682fa20 Unlocking key 534543524554532F4D41 Locking key 534543524554532F4D41 Allocated locked data 0x0x80682fa20 Unlocking key 534543524554532F4D41 saf_join_store: domain = [PV], server = [PV-SBS.pv.local], expire = [1391129428] Adding cache entry with key = SAFJOIN/DOMAIN/PV and timeout = Fri Jan 31 11:50:28 2014 (3600 seconds ahead) saf_join_store: domain = [pv.local], server = [PV-SBS.pv.local], expire = [1391129428] Adding cache entry with key = SAFJOIN/DOMAIN/PV.LOCAL and timeout = Fri Jan 31 11:50:28 2014 (3600 seconds ahead) sitename_fetch: Returning sitename for PV.LOCAL: "Default-First-Site-Name" internal_resolve_name: looking up PV-SBS.pv.local#20 (sitename Default-First-Site-Name) name PV-SBS.pv.local#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs ads_try_connect: sending CLDAP request to 192.168.100.11 (realm: pv.local) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000033fd (13309) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 269e9f83-49b6-4463-a718-f407184f382d forest : 'pv.local' dns_domain : 'pv.local' pdc_dns_name : 'PV-SBS.pv.local' domain_name : 'PV' pdc_name : 'PV-SBS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [PV], sitename = [Default-First-Site-Name], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/PV and timeout = Tue Jan 19 14:14:07 2038 (756357819 seconds ahead) sitename_store: realm = [pv.local], sitename = [Default-First-Site-Name], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/PV.LOCAL and timeout = Tue Jan 19 14:14:07 2038 (756357819 seconds ahead) Successfully contacted LDAP server 192.168.100.11 Opening connection to LDAP server 'PV-SBS.pv.local:389', timeout 15 seconds Connected to LDAP server 'PV-SBS.pv.local:389' Connected to LDAP server PV-SBS.pv.local ads_closest_dc: NBT_SERVER_CLOSEST flag set saf_store: domain = [PV], server = [PV-SBS.pv.local], expire = [1391126728] Adding cache entry with key = SAF/DOMAIN/PV and timeout = Fri Jan 31 11:05:28 2014 (900 seconds ahead) saf_store: domain = [pv.local], server = [PV-SBS.pv.local], expire = [1391126728] Adding cache entry with key = SAF/DOMAIN/PV.LOCAL and timeout = Fri Jan 31 11:05:28 2014 (900 seconds ahead) time offset is 59 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit kerberos_kinit_password: as cybersecure@PV.LOCAL using [MEMORY:net_ads] as ccache and config [/var/db/samba/smb_krb5/krb5.conf.PV] kerberos_kinit_password cybersecure@PV.LOCAL failed: Looping detected inside krb5_get_in_tkt libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'PV' dns_domain_name : 'pv.local' forest_name : 'pv.local' dn : NULL domain_sid : * domain_sid : S-1-5-21-1647272829-3622641638-1643456877 modified_config : 0x00 (0) error_string : 'failed to connect to AD: Looping detected inside krb5_get_in_tkt' domain_is_ad : 0x01 (1) result : WERR_GENERAL_FAILURE return code = -1 >Release-Note: >Audit-Trail: >Unformatted: