Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # 2014/03/17 09:32:43.965539, 10, pid=13950, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug)
- # Security token SIDs (14):
- # SID[ 0]: S-1-5-21-890223132-2736486974-2306675836-500
- # SID[ 1]: S-1-5-21-890223132-2736486974-2306675836-513
- # SID[ 2]: S-1-5-21-890223132-2736486974-2306675836-520
- # SID[ 3]: S-1-5-21-890223132-2736486974-2306675836-572
- # SID[ 4]: S-1-5-21-890223132-2736486974-2306675836-519
- # SID[ 5]: S-1-5-21-890223132-2736486974-2306675836-518
- # SID[ 6]: S-1-5-21-890223132-2736486974-2306675836-512
- # SID[ 7]: S-1-5-21-890223132-2736486974-2306675836-1144
- # SID[ 8]: S-1-1-0
- # SID[ 9]: S-1-5-2
- # SID[ 10]: S-1-5-11
- # SID[ 11]: S-1-5-32-544
- # SID[ 12]: S-1-5-32-545
- # SID[ 13]: S-1-5-32-554
- # Privileges (0x 1FFFFF80):
- # Privilege[ 0]: SeTakeOwnershipPrivilege
- # Privilege[ 1]: SeBackupPrivilege
- # Privilege[ 2]: SeRestorePrivilege
- # Privilege[ 3]: SeRemoteShutdownPrivilege
- # Privilege[ 4]: SeDiskOperatorPrivilege
- # Privilege[ 5]: SeSecurityPrivilege
- # Privilege[ 6]: SeSystemtimePrivilege
- # Privilege[ 7]: SeShutdownPrivilege
- # Privilege[ 8]: SeDebugPrivilege
- # Privilege[ 9]: SeSystemEnvironmentPrivilege
- # Privilege[ 10]: SeSystemProfilePrivilege
- # Privilege[ 11]: SeProfileSingleProcessPrivilege
- # Privilege[ 12]: SeIncreaseBasePriorityPrivilege
- # Privilege[ 13]: SeLoadDriverPrivilege
- # Privilege[ 14]: SeCreatePagefilePrivilege
- # Privilege[ 15]: SeIncreaseQuotaPrivilege
- # Privilege[ 16]: SeChangeNotifyPrivilege
- # Privilege[ 17]: SeUndockPrivilege
- # Privilege[ 18]: SeManageVolumePrivilege
- # Privilege[ 19]: SeImpersonatePrivilege
- # Privilege[ 20]: SeCreateGlobalPrivilege
- # Privilege[ 21]: SeEnableDelegationPrivilege
- # Rights (0x 403):
- # Right[ 0]: SeInteractiveLogonRight
- # Right[ 1]: SeNetworkLogonRight
- # Right[ 2]: SeRemoteInteractiveLogonRight
- # [2014/03/17 09:32:43.966003, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/auth/gensec/gensec_gssapi.c:1407(gensec_gssapi_session_info)
- # gensec_gssapi: delegated credentials supplied by client
- # [2014/03/17 09:32:43.966328, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 234
- # [2014/03/17 09:32:43.966599, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.966643, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.966833, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 80
- # [2014/03/17 09:32:43.967014, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.967055, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.967238, 5, pid=13950, effective(0, 0), real(0, 0)] ../auth/credentials/credentials_krb5.c:544(cli_credentials_get_client_gss_creds)
- # GSSAPI credentials for administrator@domain.LOCAL will expire in 34722 secs
- # [2014/03/17 09:32:43.967401, 10, pid=13950, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:149(tstream_npa_connect_send)
- # [2014/03/17 09:32:43.967430, 1, pid=13950, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- # &state->auth_req: struct named_pipe_auth_req
- # length : 0x00000000 (0)
- # magic : NULL
- # level : 0x00000004 (4)
- # info : union named_pipe_auth_req_info(case 4)
- # info4: struct named_pipe_auth_req_info4
- # client_name : *
- # client_name : '10.200.0.7'
- # client_addr : *
- # client_addr : '10.200.0.7'
- # client_port : 0x01bd (445)
- # server_name : *
- # server_name : '10.200.0.20'
- # server_addr : *
- # server_addr : '10.200.0.20'
- # server_port : 0xc052 (49234)
- # session_info : *
- # session_info: struct auth_session_info_transport
- # session_info : *
- # session_info: struct auth_session_info
- # security_token : *
- # security_token: struct security_token
- # num_sids : 0x0000000e (14)
- # sids: ARRAY(14)
- # sids : S-1-5-21-890223132-2736486974-2306675836-500
- # sids : S-1-5-21-890223132-2736486974-2306675836-513
- # sids : S-1-5-21-890223132-2736486974-2306675836-520
- # sids : S-1-5-21-890223132-2736486974-2306675836-572
- # sids : S-1-5-21-890223132-2736486974-2306675836-519
- # sids : S-1-5-21-890223132-2736486974-2306675836-518
- # sids : S-1-5-21-890223132-2736486974-2306675836-512
- # sids : S-1-5-21-890223132-2736486974-2306675836-1144
- # sids : S-1-1-0
- # sids : S-1-5-2
- # sids : S-1-5-11
- # sids : S-1-5-32-544
- # sids : S-1-5-32-545
- # sids : S-1-5-32-554
- # privilege_mask : 0x000000001fffff80 (536870784)
- # 0: SEC_PRIV_MACHINE_ACCOUNT_BIT
- # 0: SEC_PRIV_PRINT_OPERATOR_BIT
- # 0: SEC_PRIV_ADD_USERS_BIT
- # 1: SEC_PRIV_DISK_OPERATOR_BIT
- # 1: SEC_PRIV_REMOTE_SHUTDOWN_BIT
- # 1: SEC_PRIV_BACKUP_BIT
- # 1: SEC_PRIV_RESTORE_BIT
- # 1: SEC_PRIV_TAKE_OWNERSHIP_BIT
- # 1: SEC_PRIV_INCREASE_QUOTA_BIT
- # 1: SEC_PRIV_SECURITY_BIT
- # 1: SEC_PRIV_LOAD_DRIVER_BIT
- # 1: SEC_PRIV_SYSTEM_PROFILE_BIT
- # 1: SEC_PRIV_SYSTEMTIME_BIT
- # 1: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT
- # 1: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT
- # 1: SEC_PRIV_CREATE_PAGEFILE_BIT
- # 1: SEC_PRIV_SHUTDOWN_BIT
- # 1: SEC_PRIV_DEBUG_BIT
- # 1: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT
- # 1: SEC_PRIV_CHANGE_NOTIFY_BIT
- # 1: SEC_PRIV_UNDOCK_BIT
- # 1: SEC_PRIV_ENABLE_DELEGATION_BIT
- # 1: SEC_PRIV_MANAGE_VOLUME_BIT
- # 1: SEC_PRIV_IMPERSONATE_BIT
- # 1: SEC_PRIV_CREATE_GLOBAL_BIT
- # rights_mask : 0x00000403 (1027)
- # 1: LSA_POLICY_MODE_INTERACTIVE
- # 1: LSA_POLICY_MODE_NETWORK
- # 0: LSA_POLICY_MODE_BATCH
- # 0: LSA_POLICY_MODE_SERVICE
- # 0: LSA_POLICY_MODE_PROXY
- # 0: LSA_POLICY_MODE_DENY_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_NETWORK
- # 0: LSA_POLICY_MODE_DENY_BATCH
- # 0: LSA_POLICY_MODE_DENY_SERVICE
- # 1: LSA_POLICY_MODE_REMOTE_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE
- # 0x403: LSA_POLICY_MODE_ALL (1027)
- # 0x03: LSA_POLICY_MODE_ALL_NT4 (3)
- # unix_token : NULL
- # info : *
- # info: struct auth_user_info
- # account_name : *
- # account_name : 'Administrator'
- # domain_name : *
- # domain_name : 'domain'
- # full_name : *
- # full_name : ''
- # logon_script : *
- # logon_script : ''
- # profile_path : *
- # profile_path : ''
- # home_directory : *
- # home_directory : ''
- # home_drive : *
- # home_drive : ''
- # logon_server : *
- # logon_server : 'VDC01'
- # last_logon : NTTIME(0)
- # last_logoff : Wed Sep 13 22:48:05 30828 EDT
- # acct_expiry : Wed Sep 13 22:48:05 30828 EDT
- # last_password_change : Mon Feb 10 14:55:20 2014 EST
- # allow_password_change : Tue Feb 11 14:55:20 2014 EST
- # force_password_change : Wed Sep 13 22:48:05 30828 EDT
- # logon_count : 0x0000 (0)
- # bad_password_count : 0x0000 (0)
- # acct_flags : 0x00000210 (528)
- # authenticated : 0x01 (1)
- # unix_info : NULL
- # torture : *
- # credentials : *
- # [2014/03/17 09:32:43.969715, 10, pid=13936, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:1245(tstream_npa_accept_existing_reply)
- # Received packet of length 1994
- # [2014/03/17 09:32:43.970517, 10, pid=13936, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:1272(tstream_npa_accept_existing_reply)
- # [2014/03/17 09:32:43.970547, 1, pid=13936, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- # pipe_request: struct named_pipe_auth_req
- # length : 0x000007c6 (1990)
- # magic : 'NPAM'
- # level : 0x00000004 (4)
- # info : union named_pipe_auth_req_info(case 4)
- # info4: struct named_pipe_auth_req_info4
- # client_name : *
- # client_name : '10.200.0.7'
- # client_addr : *
- # client_addr : '10.200.0.7'
- # client_port : 0x01bd (445)
- # server_name : *
- # server_name : '10.200.0.20'
- # server_addr : *
- # server_addr : '10.200.0.20'
- # server_port : 0xc052 (49234)
- # session_info : *
- # session_info: struct auth_session_info_transport
- # session_info : *
- # session_info: struct auth_session_info
- # security_token : *
- # security_token: struct security_token
- # num_sids : 0x0000000e (14)
- # sids: ARRAY(14)
- # sids : S-1-5-21-890223132-2736486974-2306675836-500
- # sids : S-1-5-21-890223132-2736486974-2306675836-513
- # sids : S-1-5-21-890223132-2736486974-2306675836-520
- # sids : S-1-5-21-890223132-2736486974-2306675836-572
- # sids : S-1-5-21-890223132-2736486974-2306675836-519
- # sids : S-1-5-21-890223132-2736486974-2306675836-518
- # sids : S-1-5-21-890223132-2736486974-2306675836-512
- # sids : S-1-5-21-890223132-2736486974-2306675836-1144
- # sids : S-1-1-0
- # sids : S-1-5-2
- # sids : S-1-5-11
- # sids : S-1-5-32-544
- # sids : S-1-5-32-545
- # sids : S-1-5-32-554
- # privilege_mask : 0x000000001fffff80 (536870784)
- # 0: SEC_PRIV_MACHINE_ACCOUNT_BIT
- # 0: SEC_PRIV_PRINT_OPERATOR_BIT
- # 0: SEC_PRIV_ADD_USERS_BIT
- # 1: SEC_PRIV_DISK_OPERATOR_BIT
- # 1: SEC_PRIV_REMOTE_SHUTDOWN_BIT
- # 1: SEC_PRIV_BACKUP_BIT
- # 1: SEC_PRIV_RESTORE_BIT
- # 1: SEC_PRIV_TAKE_OWNERSHIP_BIT
- # 1: SEC_PRIV_INCREASE_QUOTA_BIT
- # 1: SEC_PRIV_SECURITY_BIT
- # 1: SEC_PRIV_LOAD_DRIVER_BIT
- # 1: SEC_PRIV_SYSTEM_PROFILE_BIT
- # 1: SEC_PRIV_SYSTEMTIME_BIT
- # 1: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT
- # 1: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT
- # 1: SEC_PRIV_CREATE_PAGEFILE_BIT
- # 1: SEC_PRIV_SHUTDOWN_BIT
- # 1: SEC_PRIV_DEBUG_BIT
- # 1: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT
- # 1: SEC_PRIV_CHANGE_NOTIFY_BIT
- # 1: SEC_PRIV_UNDOCK_BIT
- # 1: SEC_PRIV_ENABLE_DELEGATION_BIT
- # 1: SEC_PRIV_MANAGE_VOLUME_BIT
- # 1: SEC_PRIV_IMPERSONATE_BIT
- # 1: SEC_PRIV_CREATE_GLOBAL_BIT
- # rights_mask : 0x00000403 (1027)
- # 1: LSA_POLICY_MODE_INTERACTIVE
- # 1: LSA_POLICY_MODE_NETWORK
- # 0: LSA_POLICY_MODE_BATCH
- # 0: LSA_POLICY_MODE_SERVICE
- # 0: LSA_POLICY_MODE_PROXY
- # 0: LSA_POLICY_MODE_DENY_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_NETWORK
- # 0: LSA_POLICY_MODE_DENY_BATCH
- # 0: LSA_POLICY_MODE_DENY_SERVICE
- # 1: LSA_POLICY_MODE_REMOTE_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE
- # 0x403: LSA_POLICY_MODE_ALL (1027)
- # 0x03: LSA_POLICY_MODE_ALL_NT4 (3)
- # unix_token : NULL
- # info : *
- # info: struct auth_user_info
- # account_name : *
- # account_name : 'Administrator'
- # domain_name : *
- # domain_name : 'domain'
- # full_name : *
- # full_name : ''
- # logon_script : *
- # logon_script : ''
- # profile_path : *
- # profile_path : ''
- # home_directory : *
- # home_directory : ''
- # home_drive : *
- # home_drive : ''
- # logon_server : *
- # logon_server : 'VDC01'
- # last_logon : NTTIME(0)
- # last_logoff : Wed Sep 13 22:48:05 30828 EDT
- # acct_expiry : Wed Sep 13 22:48:05 30828 EDT
- # last_password_change : Mon Feb 10 14:55:20 2014 EST
- # allow_password_change : Tue Feb 11 14:55:20 2014 EST
- # force_password_change : Wed Sep 13 22:48:05 30828 EDT
- # logon_count : 0x0000 (0)
- # bad_password_count : 0x0000 (0)
- # acct_flags : 0x00000210 (528)
- # authenticated : 0x01 (1)
- # unix_info : NULL
- # torture : NULL
- # credentials : NULL
- # [2014/03/17 09:32:43.972095, 10, pid=13936, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:1343(tstream_npa_accept_existing_reply)
- # named_pipe_auth reply[36]
- # [2014/03/17 09:32:43.972142, 10, pid=13936, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:1346(tstream_npa_accept_existing_reply)
- # [2014/03/17 09:32:43.972159, 1, pid=13936, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- # &pipe_reply: struct named_pipe_auth_rep
- # length : 0x00000000 (0)
- # magic : NULL
- # level : 0x00000004 (4)
- # info : union named_pipe_auth_rep_info(case 4)
- # info4: struct named_pipe_auth_rep_info4
- # file_type : 0x0002 (2)
- # device_state : 0x05ff (1535)
- # allocation_size : 0x0000000000001000 (4096)
- # status : NT_STATUS_OK
- # [2014/03/17 09:32:43.972346, 10, pid=13936, effective(0, 0), real(0, 0)] ../source4/smbd/service_named_pipe.c:126(named_pipe_accept_done)
- # Accepted npa connection from unix:. Client: 10.200.0.7 (ipv4:10.200.0.7:445). Server: 10.200.0.20 (ipv4:10.200.0.20:49234)
- # [2014/03/17 09:32:43.972414, 10, pid=13936, effective(0, 0), real(0, 0)] ../source4/auth/session.c:215(auth_session_info_from_transport)
- # Delegated credentials supplied by client
- # [2014/03/17 09:32:43.973217, 10, pid=13950, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:331(tstream_npa_connect_readv_done)
- # name_pipe_auth_rep(client)[36]
- # [2014/03/17 09:32:43.973283, 10, pid=13950, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:346(tstream_npa_connect_readv_done)
- # [2014/03/17 09:32:43.973304, 1, pid=13950, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- # &state->auth_rep: struct named_pipe_auth_rep
- # length : 0x00000020 (32)
- # magic : 'NPAM'
- # level : 0x00000004 (4)
- # info : union named_pipe_auth_rep_info(case 4)
- # info4: struct named_pipe_auth_rep_info4
- # file_type : 0x0002 (2)
- # device_state : 0x05ff (1535)
- # allocation_size : 0x0000000000001000 (4096)
- # status : NT_STATUS_OK
- # [2014/03/17 09:32:43.973492, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 153
- # [2014/03/17 09:32:43.974154, 10, pid=13936, effective(0, 0), real(0, 0)] ../source4/smbd/service_named_pipe.c:144(named_pipe_accept_done)
- # named pipe connection [rpc] established
- # [2014/03/17 09:32:43.974201, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.974236, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.974322, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 96
- # [2014/03/17 09:32:43.974519, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.974559, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.974669, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 81
- # [2014/03/17 09:32:43.974844, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.974885, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.975230, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 148
- # [2014/03/17 09:32:43.975411, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.975453, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.975694, 1, pid=13936, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- # wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo
- # in: struct wkssvc_NetWkstaGetInfo
- # server_name : *
- # server_name : '\\vdc01'
- # level : 0x00000064 (100)
- # [2014/03/17 09:32:43.975850, 1, pid=13936, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- # wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo
- # out: struct wkssvc_NetWkstaGetInfo
- # info : *
- # info : union wkssvc_NetWkstaInfo(case 100)
- # info100 : *
- # info100: struct wkssvc_NetWkstaInfo100
- # platform_id : PLATFORM_ID_NT (500)
- # server_name : *
- # server_name : 'VDC01'
- # domain_name : *
- # domain_name : 'domain'
- # version_major : 0x00000005 (5)
- # version_minor : 0x00000002 (2)
- # result : WERR_OK
- # [2014/03/17 09:32:43.976235, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 220
- # [2014/03/17 09:32:43.976415, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.976456, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.976516, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 73
- # [2014/03/17 09:32:43.976805, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.976845, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:43.976923, 5, pid=13950, effective(0, 0), real(0, 0)] ../auth/credentials/credentials_krb5.c:544(cli_credentials_get_client_gss_creds)
- # GSSAPI credentials for administrator@domain.LOCAL will expire in 34722 secs
- # [2014/03/17 09:32:43.976990, 10, pid=13950, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:149(tstream_npa_connect_send)
- # [2014/03/17 09:32:43.977012, 1, pid=13950, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- # &state->auth_req: struct named_pipe_auth_req
- # length : 0x00000000 (0)
- # magic : NULL
- # level : 0x00000004 (4)
- # info : union named_pipe_auth_req_info(case 4)
- # info4: struct named_pipe_auth_req_info4
- # client_name : *
- # client_name : '10.200.0.7'
- # client_addr : *
- # client_addr : '10.200.0.7'
- # client_port : 0x01bd (445)
- # server_name : *
- # server_name : '10.200.0.20'
- # server_addr : *
- # server_addr : '10.200.0.20'
- # server_port : 0xc052 (49234)
- # session_info : *
- # session_info: struct auth_session_info_transport
- # session_info : *
- # session_info: struct auth_session_info
- # security_token : *
- # security_token: struct security_token
- # num_sids : 0x0000000e (14)
- # sids: ARRAY(14)
- # sids : S-1-5-21-890223132-2736486974-2306675836-500
- # sids : S-1-5-21-890223132-2736486974-2306675836-513
- # sids : S-1-5-21-890223132-2736486974-2306675836-520
- # sids : S-1-5-21-890223132-2736486974-2306675836-572
- # sids : S-1-5-21-890223132-2736486974-2306675836-519
- # sids : S-1-5-21-890223132-2736486974-2306675836-518
- # sids : S-1-5-21-890223132-2736486974-2306675836-512
- # sids : S-1-5-21-890223132-2736486974-2306675836-1144
- # sids : S-1-1-0
- # sids : S-1-5-2
- # sids : S-1-5-11
- # sids : S-1-5-32-544
- # sids : S-1-5-32-545
- # sids : S-1-5-32-554
- # privilege_mask : 0x000000001fffff80 (536870784)
- # 0: SEC_PRIV_MACHINE_ACCOUNT_BIT
- # 0: SEC_PRIV_PRINT_OPERATOR_BIT
- # 0: SEC_PRIV_ADD_USERS_BIT
- # 1: SEC_PRIV_DISK_OPERATOR_BIT
- # 1: SEC_PRIV_REMOTE_SHUTDOWN_BIT
- # 1: SEC_PRIV_BACKUP_BIT
- # 1: SEC_PRIV_RESTORE_BIT
- # 1: SEC_PRIV_TAKE_OWNERSHIP_BIT
- # 1: SEC_PRIV_INCREASE_QUOTA_BIT
- # 1: SEC_PRIV_SECURITY_BIT
- # 1: SEC_PRIV_LOAD_DRIVER_BIT
- # 1: SEC_PRIV_SYSTEM_PROFILE_BIT
- # 1: SEC_PRIV_SYSTEMTIME_BIT
- # 1: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT
- # 1: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT
- # 1: SEC_PRIV_CREATE_PAGEFILE_BIT
- # 1: SEC_PRIV_SHUTDOWN_BIT
- # 1: SEC_PRIV_DEBUG_BIT
- # 1: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT
- # 1: SEC_PRIV_CHANGE_NOTIFY_BIT
- # 1: SEC_PRIV_UNDOCK_BIT
- # 1: SEC_PRIV_ENABLE_DELEGATION_BIT
- # 1: SEC_PRIV_MANAGE_VOLUME_BIT
- # 1: SEC_PRIV_IMPERSONATE_BIT
- # 1: SEC_PRIV_CREATE_GLOBAL_BIT
- # rights_mask : 0x00000403 (1027)
- # 1: LSA_POLICY_MODE_INTERACTIVE
- # 1: LSA_POLICY_MODE_NETWORK
- # 0: LSA_POLICY_MODE_BATCH
- # 0: LSA_POLICY_MODE_SERVICE
- # 0: LSA_POLICY_MODE_PROXY
- # 0: LSA_POLICY_MODE_DENY_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_NETWORK
- # 0: LSA_POLICY_MODE_DENY_BATCH
- # 0: LSA_POLICY_MODE_DENY_SERVICE
- # 1: LSA_POLICY_MODE_REMOTE_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE
- # 0x403: LSA_POLICY_MODE_ALL (1027)
- # 0x03: LSA_POLICY_MODE_ALL_NT4 (3)
- # unix_token : NULL
- # info : *
- # info: struct auth_user_info
- # account_name : *
- # account_name : 'Administrator'
- # domain_name : *
- # domain_name : 'domain'
- # full_name : *
- # full_name : ''
- # logon_script : *
- # logon_script : ''
- # profile_path : *
- # profile_path : ''
- # home_directory : *
- # home_directory : ''
- # home_drive : *
- # home_drive : ''
- # logon_server : *
- # logon_server : 'VDC01'
- # last_logon : NTTIME(0)
- # last_logoff : Wed Sep 13 22:48:05 30828 EDT
- # acct_expiry : Wed Sep 13 22:48:05 30828 EDT
- # last_password_change : Mon Feb 10 14:55:20 2014 EST
- # allow_password_change : Tue Feb 11 14:55:20 2014 EST
- # force_password_change : Wed Sep 13 22:48:05 30828 EDT
- # logon_count : 0x0000 (0)
- # bad_password_count : 0x0000 (0)
- # acct_flags : 0x00000210 (528)
- # authenticated : 0x01 (1)
- # unix_info : NULL
- # torture : *
- # credentials : *
- # [2014/03/17 09:32:43.978440, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 73
- # [2014/03/17 09:32:44.008110, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:44.008218, 10, pid=13950, effective(0, 0), real(0, 0)] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
- # smbsrv_recv
- # [2014/03/17 09:32:44.008352, 5, pid=13950, effective(0, 0), real(0, 0)] ../auth/credentials/credentials_krb5.c:544(cli_credentials_get_client_gss_creds)
- # GSSAPI credentials for administrator@domain.LOCAL will expire in 34721 secs
- # [2014/03/17 09:32:44.008441, 10, pid=13950, effective(0, 0), real(0, 0)] ../libcli/named_pipe_auth/npa_tstream.c:149(tstream_npa_connect_send)
- # [2014/03/17 09:32:44.008464, 1, pid=13950, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
- # &state->auth_req: struct named_pipe_auth_req
- # length : 0x00000000 (0)
- # magic : NULL
- # level : 0x00000004 (4)
- # info : union named_pipe_auth_req_info(case 4)
- # info4: struct named_pipe_auth_req_info4
- # client_name : *
- # client_name : '10.200.0.7'
- # client_addr : *
- # client_addr : '10.200.0.7'
- # client_port : 0x01bd (445)
- # server_name : *
- # server_name : '10.200.0.20'
- # server_addr : *
- # server_addr : '10.200.0.20'
- # server_port : 0xc052 (49234)
- # session_info : *
- # session_info: struct auth_session_info_transport
- # session_info : *
- # session_info: struct auth_session_info
- # security_token : *
- # security_token: struct security_token
- # num_sids : 0x0000000e (14)
- # sids: ARRAY(14)
- # sids : S-1-5-21-890223132-2736486974-2306675836-500
- # sids : S-1-5-21-890223132-2736486974-2306675836-513
- # sids : S-1-5-21-890223132-2736486974-2306675836-520
- # sids : S-1-5-21-890223132-2736486974-2306675836-572
- # sids : S-1-5-21-890223132-2736486974-2306675836-519
- # sids : S-1-5-21-890223132-2736486974-2306675836-518
- # sids : S-1-5-21-890223132-2736486974-2306675836-512
- # sids : S-1-5-21-890223132-2736486974-2306675836-1144
- # sids : S-1-1-0
- # sids : S-1-5-2
- # sids : S-1-5-11
- # sids : S-1-5-32-544
- # sids : S-1-5-32-545
- # sids : S-1-5-32-554
- # privilege_mask : 0x000000001fffff80 (536870784)
- # 0: SEC_PRIV_MACHINE_ACCOUNT_BIT
- # 0: SEC_PRIV_PRINT_OPERATOR_BIT
- # 0: SEC_PRIV_ADD_USERS_BIT
- # 1: SEC_PRIV_DISK_OPERATOR_BIT
- # 1: SEC_PRIV_REMOTE_SHUTDOWN_BIT
- # 1: SEC_PRIV_BACKUP_BIT
- # 1: SEC_PRIV_RESTORE_BIT
- # 1: SEC_PRIV_TAKE_OWNERSHIP_BIT
- # 1: SEC_PRIV_INCREASE_QUOTA_BIT
- # 1: SEC_PRIV_SECURITY_BIT
- # 1: SEC_PRIV_LOAD_DRIVER_BIT
- # 1: SEC_PRIV_SYSTEM_PROFILE_BIT
- # 1: SEC_PRIV_SYSTEMTIME_BIT
- # 1: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT
- # 1: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT
- # 1: SEC_PRIV_CREATE_PAGEFILE_BIT
- # 1: SEC_PRIV_SHUTDOWN_BIT
- # 1: SEC_PRIV_DEBUG_BIT
- # 1: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT
- # 1: SEC_PRIV_CHANGE_NOTIFY_BIT
- # 1: SEC_PRIV_UNDOCK_BIT
- # 1: SEC_PRIV_ENABLE_DELEGATION_BIT
- # 1: SEC_PRIV_MANAGE_VOLUME_BIT
- # 1: SEC_PRIV_IMPERSONATE_BIT
- # 1: SEC_PRIV_CREATE_GLOBAL_BIT
- # rights_mask : 0x00000403 (1027)
- # 1: LSA_POLICY_MODE_INTERACTIVE
- # 1: LSA_POLICY_MODE_NETWORK
- # 0: LSA_POLICY_MODE_BATCH
- # 0: LSA_POLICY_MODE_SERVICE
- # 0: LSA_POLICY_MODE_PROXY
- # 0: LSA_POLICY_MODE_DENY_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_NETWORK
- # 0: LSA_POLICY_MODE_DENY_BATCH
- # 0: LSA_POLICY_MODE_DENY_SERVICE
- # 1: LSA_POLICY_MODE_REMOTE_INTERACTIVE
- # 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE
- # 0x403: LSA_POLICY_MODE_ALL (1027)
- # 0x03: LSA_POLICY_MODE_ALL_NT4 (3)
- # unix_token : NULL
- # info : *
- # info: struct auth_user_info
- # account_name : *
- # account_name : 'Administrator'
- # domain_name : *
- # domain_name : 'domain'
- # full_name : *
- # full_name : ''
- # logon_script : *
- # logon_script : ''
- # profile_path : *
- # profile_path : ''
- # home_directory : *
- # home_directory : ''
- # home_drive : *
- # home_drive : ''
- # logon_server : *
- # logon_server : 'VDC01'
- # last_logon : NTTIME(0)
- # last_logoff : Wed Sep 13 22:48:05 30828 EDT
- # acct_expiry : Wed Sep 13 22:48:05 30828 EDT
- # last_password_change : Mon Feb 10 14:55:20 2014 EST
- # allow_password_change : Tue Feb 11 14:55:20 2014 EST
- # force_password_change : Wed Sep 13 22:48:05 30828 EDT
- # logon_count : 0x0000 (0)
- # bad_password_count : 0x0000 (0)
- # acct_flags : 0x00000210 (528)
- # authenticated : 0x01 (1)
- # unix_info : NULL
- # torture : *
- # credentials : *
- # [2014/03/17 09:32:44.009944, 5, pid=13950, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:66(smb2_sign_message)
- # signed SMB2 message of size 73
- # [2014/03/17 09:32:44.133110, 10, pid=13942, effective(0, 0), real(0, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:72(ldb_wrap_debug)
- # ldb: ldb_trace_request: SEARCH
- # dn: DC=ForestDnsZones,DC=domain,DC=local
- # scope: base
- # expr: (|(objectClass=*)(distinguishedName=*))
- # attr: repsTo
- # control: <NONE>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
