API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 25th, 2017
146
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 140.68 KB | None | 0 0
raw download clone embed print report
  1. 1: NBT_SERVER_LDAP
  2. 1: NBT_SERVER_DS
  3. 1: NBT_SERVER_KDC
  4. 1: NBT_SERVER_TIMESERV
  5. 1: NBT_SERVER_CLOSEST
  6. 1: NBT_SERVER_WRITABLE
  7. 1: NBT_SERVER_GOOD_TIMESERV
  8. 0: NBT_SERVER_NDNC
  9. 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
  10. 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
  11. 1: NBT_SERVER_ADS_WEB_SERVICE
  12. 0: NBT_SERVER_HAS_DNS_NAME
  13. 0: NBT_SERVER_IS_DEFAULT_NC
  14. 0: NBT_SERVER_FOREST_ROOT
  15. domain_uuid : 1438b128-8674-4c78-ae4f-c96610fdcab1
  16. forest : 'ednt.de'
  17. dns_domain : 'ednt.de'
  18. pdc_dns_name : 'SRV-DC01.ednt.de'
  19. domain_name : 'EDNT'
  20. pdc_name : 'SRV-DC01'
  21. user_name : ''
  22. server_site : 'Default-First-Site-Name'
  23. client_site : 'Default-First-Site-Name'
  24. sockaddr_size : 0x00 (0)
  25. sockaddr: struct nbt_sockaddr
  26. sockaddr_family : 0x00000000 (0)
  27. pdc_ip : (null)
  28. remaining : DATA_BLOB length=0
  29. next_closest_site : NULL
  30. nt_version : 0x00000005 (5)
  31. 1: NETLOGON_NT_VERSION_1
  32. 0: NETLOGON_NT_VERSION_5
  33. 1: NETLOGON_NT_VERSION_5EX
  34. 0: NETLOGON_NT_VERSION_5EX_WITH_IP
  35. 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
  36. 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
  37. 0: NETLOGON_NT_VERSION_PDC
  38. 0: NETLOGON_NT_VERSION_IP
  39. 0: NETLOGON_NT_VERSION_LOCAL
  40. 0: NETLOGON_NT_VERSION_GC
  41. lmnt_token : 0xffff (65535)
  42. lm20_token : 0xffff (65535)
  43. [2017/04/25 22:48:39.137535, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store)
  44. sitename_store: realm = [EDNT], sitename = [Default-First-Site-Name], expire = [2147483647]
  45. [2017/04/25 22:48:39.137562, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  46. Did not store value for AD_SITENAME/DOMAIN/EDNT, we already got it
  47. [2017/04/25 22:48:39.137579, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store)
  48. sitename_store: realm = [ednt.de], sitename = [Default-First-Site-Name], expire = [2147483647]
  49. [2017/04/25 22:48:39.137603, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  50. Did not store value for AD_SITENAME/DOMAIN/EDNT.DE, we already got it
  51. [2017/04/25 22:48:39.137622, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:541(ads_connect)
  52. Successfully contacted LDAP server 192.168.18.130
  53. [2017/04/25 22:48:39.137653, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:72(ldap_open_with_timeout)
  54. Opening connection to LDAP server '192.168.18.130:389', timeout 15 seconds
  55. [2017/04/25 22:48:39.137970, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:107(ldap_open_with_timeout)
  56. Initialized connection for LDAP server 'ldap://192.168.18.130:389'
  57. [2017/04/25 22:48:39.137994, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:584(ads_connect)
  58. Connected to LDAP server SRV-DC01.ednt.de
  59. [2017/04/25 22:48:39.138010, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:211(ads_closest_dc)
  60. ads_closest_dc: NBT_SERVER_CLOSEST flag set
  61. [2017/04/25 22:48:39.138039, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:87(saf_store)
  62. saf_store: domain = [EDNT], server = [SRV-DC01.ednt.de], expire = [1493154219]
  63. [2017/04/25 22:48:39.138066, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  64. Did not store value for SAF/DOMAIN/EDNT, we already got it
  65. [2017/04/25 22:48:39.138088, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:87(saf_store)
  66. saf_store: domain = [ednt.de], server = [SRV-DC01.ednt.de], expire = [1493154219]
  67. [2017/04/25 22:48:39.138111, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  68. Did not store value for SAF/DOMAIN/EDNT.DE, we already got it
  69. [2017/04/25 22:48:39.139516, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:2870(ads_current_time)
  70. KDC time offset is -1 seconds
  71. [2017/04/25 22:48:39.140214, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:1082(ads_sasl_bind)
  72. Found SASL mechanism GSS-SPNEGO
  73. [2017/04/25 22:48:39.142032, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  74. ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
  75. [2017/04/25 22:48:39.142083, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  76. ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
  77. [2017/04/25 22:48:39.142101, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  78. ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
  79. [2017/04/25 22:48:39.142117, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  80. ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
  81. [2017/04/25 22:48:39.142134, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  82. ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
  83. [2017/04/25 22:48:39.142455, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  84. Starting GENSEC mechanism spnego
  85. [2017/04/25 22:48:39.142514, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  86. Starting GENSEC submechanism gse_krb5
  87. [2017/04/25 22:48:39.155386, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/librpc/crypto/gse.c:264(gse_init_client)
  88. gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
  89. [2017/04/25 22:48:39.155551, 4, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:679(gensec_start_mech)
  90. Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
  91. [2017/04/25 22:48:39.155581, 10, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/spnego.c:672(gensec_spnego_create_negTokenInit)
  92. Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR
  93. [2017/04/25 22:48:39.155623, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:761(ads_sasl_spnego_bind)
  94. ads_sasl_spnego_gensec_bind(KRB5) failed with: An internal error occurred., calling kinit
  95. [2017/04/25 22:48:39.155731, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:219(kerberos_kinit_password_ext)
  96. kerberos_kinit_password: as FS2$@EDNT.DE using [MEMORY:winbind_ccache] as ccache and config [/var/run/samba/smb_krb5/krb5.conf.EDNT]
  97. [2017/04/25 22:48:39.196076, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  98. Starting GENSEC mechanism spnego
  99. [2017/04/25 22:48:39.196169, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  100. Starting GENSEC submechanism gse_krb5
  101. [2017/04/25 22:48:39.215800, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
  102. Search for (objectclass=*) in <> gave 1 replies
  103. [2017/04/25 22:48:39.215932, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:499(wcache_store_seqnum)
  104. wcache_store_seqnum: success [EDNT][6043364 @ 1493153319]
  105. [2017/04/25 22:48:39.215953, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  106. refresh_sequence_number: EDNT seq number is now 6043364
  107. [2017/04/25 22:48:39.215985, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1873(name_to_sid)
  108. name_to_sid: [Cached] - doing backend query for name for domain EDNT
  109. [2017/04/25 22:48:39.216009, 3, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
  110. msrpc_name_to_sid: name=EDNT\KK
  111. [2017/04/25 22:48:39.216027, 3, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
  112. name_to_sid [rpc] EDNT\KK for domain EDNT
  113. [2017/04/25 22:48:39.216047, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2666(cm_connect_lsa_tcp)
  114. cm_connect_lsa_tcp
  115. [2017/04/25 22:48:39.216104, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:636(open_socket_out_send)
  116. Connecting to 192.168.18.130 at port 135
  117. [2017/04/25 22:48:39.216562, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/util/util_net.c:1055(print_socket_options)
  118. Socket options:
  119. SO_KEEPALIVE = 0
  120. SO_REUSEADDR = 0
  121. SO_BROADCAST = 0
  122. TCP_NODELAY = 1
  123. TCP_KEEPCNT = 9
  124. TCP_KEEPIDLE = 7200
  125. TCP_KEEPINTVL = 75
  126. IPTOS_LOWDELAY = 0
  127. IPTOS_THROUGHPUT = 0
  128. SO_REUSEPORT = 0
  129. SO_SNDBUF = 20120
  130. SO_RCVBUF = 87380
  131. SO_SNDLOWAT = 1
  132. SO_RCVLOWAT = 1
  133. Could not test socket option SO_SNDTIMEO.
  134. Could not test socket option SO_RCVTIMEO.
  135. TCP_QUICKACK = 1
  136. TCP_DEFER_ACCEPT = 0
  137. [2017/04/25 22:48:39.216869, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1872(rpc_pipe_bind_send)
  138. Bind RPC Pipe: host SRV-DC01.ednt.de auth_type 0, auth_level 1
  139. [2017/04/25 22:48:39.216904, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  140. &r: struct ncacn_packet
  141. rpc_vers : 0x05 (5)
  142. rpc_vers_minor : 0x00 (0)
  143. ptype : DCERPC_PKT_BIND (11)
  144. pfc_flags : 0x03 (3)
  145. 1: DCERPC_PFC_FLAG_FIRST
  146. 1: DCERPC_PFC_FLAG_LAST
  147. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  148. 0: DCERPC_PFC_FLAG_CONC_MPX
  149. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  150. 0: DCERPC_PFC_FLAG_MAYBE
  151. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  152. drep: ARRAY(4)
  153. [0] : 0x10 (16)
  154. [1] : 0x00 (0)
  155. [2] : 0x00 (0)
  156. [3] : 0x00 (0)
  157. frag_length : 0x0048 (72)
  158. auth_length : 0x0000 (0)
  159. call_id : 0x0000000d (13)
  160. u : union dcerpc_payload(case 11)
  161. bind: struct dcerpc_bind
  162. max_xmit_frag : 0x10b8 (4280)
  163. max_recv_frag : 0x10b8 (4280)
  164. assoc_group_id : 0x00000000 (0)
  165. num_contexts : 0x01 (1)
  166. ctx_list: ARRAY(1)
  167. ctx_list: struct dcerpc_ctx_list
  168. context_id : 0x0000 (0)
  169. num_transfer_syntaxes : 0x01 (1)
  170. abstract_syntax: struct ndr_syntax_id
  171. uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa
  172. if_version : 0x00000003 (3)
  173. transfer_syntaxes: ARRAY(1)
  174. transfer_syntaxes: struct ndr_syntax_id
  175. uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
  176. if_version : 0x00000002 (2)
  177. auth_info : DATA_BLOB length=0
  178. [2017/04/25 22:48:39.217215, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:826(rpc_api_pipe_send)
  179. rpc_api_pipe: host SRV-DC01.ednt.de
  180. [2017/04/25 22:48:39.217234, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:178(rpc_write_send)
  181. rpc_write_send: data_to_write: 72
  182. [2017/04/25 22:48:39.217763, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:98(rpc_read_send)
  183. rpc_read_send: data_to_read: 44
  184. [2017/04/25 22:48:39.217815, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  185. r: struct ncacn_packet
  186. rpc_vers : 0x05 (5)
  187. rpc_vers_minor : 0x00 (0)
  188. ptype : DCERPC_PKT_BIND_ACK (12)
  189. pfc_flags : 0x03 (3)
  190. 1: DCERPC_PFC_FLAG_FIRST
  191. 1: DCERPC_PFC_FLAG_LAST
  192. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  193. 0: DCERPC_PFC_FLAG_CONC_MPX
  194. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  195. 0: DCERPC_PFC_FLAG_MAYBE
  196. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  197. drep: ARRAY(4)
  198. [0] : 0x10 (16)
  199. [1] : 0x00 (0)
  200. [2] : 0x00 (0)
  201. [3] : 0x00 (0)
  202. frag_length : 0x003c (60)
  203. auth_length : 0x0000 (0)
  204. call_id : 0x0000000d (13)
  205. u : union dcerpc_payload(case 12)
  206. bind_ack: struct dcerpc_bind_ack
  207. max_xmit_frag : 0x10b8 (4280)
  208. max_recv_frag : 0x10b8 (4280)
  209. assoc_group_id : 0x0000d1a1 (53665)
  210. secondary_address_size : 0x0004 (4)
  211. secondary_address : '135'
  212. _pad1 : DATA_BLOB length=2
  213. [0000] 00 00 ..
  214. num_results : 0x01 (1)
  215. ctx_list: ARRAY(1)
  216. ctx_list: struct dcerpc_ack_ctx
  217. result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
  218. reason : union dcerpc_bind_ack_reason(case 0)
  219. value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
  220. syntax: struct ndr_syntax_id
  221. uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
  222. if_version : 0x00000002 (2)
  223. auth_info : DATA_BLOB length=0
  224. [2017/04/25 22:48:39.218101, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  225. rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK
  226. [2017/04/25 22:48:39.218120, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
  227. rpc_api_pipe: host SRV-DC01.ednt.de returned 60 bytes.
  228. [2017/04/25 22:48:39.218140, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1745(check_bind_response)
  229. check_bind_response: accepted!
  230. [2017/04/25 22:48:39.218216, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  231. epm_Map: struct epm_Map
  232. in: struct epm_Map
  233. object : *
  234. object : 12345778-1234-abcd-ef00-0123456789ab
  235. map_tower : *
  236. map_tower: struct epm_twr_t
  237. tower_length : 0x0000004b (75)
  238. tower: struct epm_tower
  239. num_floors : 0x0005 (5)
  240. floors: ARRAY(5)
  241. floors: struct epm_floor
  242. lhs: struct epm_lhs
  243. protocol : EPM_PROTOCOL_UUID (13)
  244. lhs_data : DATA_BLOB length=18
  245. [0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
  246. [0010] 00 00 ..
  247. rhs : union epm_rhs(case 13)
  248. uuid: struct epm_rhs_uuid
  249. unknown : DATA_BLOB length=2
  250. [0000] 00 00 ..
  251. floors: struct epm_floor
  252. lhs: struct epm_lhs
  253. protocol : EPM_PROTOCOL_UUID (13)
  254. lhs_data : DATA_BLOB length=18
  255. [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
  256. [0010] 02 00 ..
  257. rhs : union epm_rhs(case 13)
  258. uuid: struct epm_rhs_uuid
  259. unknown : DATA_BLOB length=2
  260. [0000] 00 00 ..
  261. floors: struct epm_floor
  262. lhs: struct epm_lhs
  263. protocol : EPM_PROTOCOL_NCACN (11)
  264. lhs_data : DATA_BLOB length=0
  265. rhs : union epm_rhs(case 11)
  266. ncacn: struct epm_rhs_ncacn
  267. minor_version : 0x0000 (0)
  268. floors: struct epm_floor
  269. lhs: struct epm_lhs
  270. protocol : EPM_PROTOCOL_TCP (7)
  271. lhs_data : DATA_BLOB length=0
  272. rhs : union epm_rhs(case 7)
  273. tcp: struct epm_rhs_tcp
  274. port : 0x0087 (135)
  275. floors: struct epm_floor
  276. lhs: struct epm_lhs
  277. protocol : EPM_PROTOCOL_IP (9)
  278. lhs_data : DATA_BLOB length=0
  279. rhs : union epm_rhs(case 9)
  280. ip: struct epm_rhs_ip
  281. ipaddr : 0.0.0.0
  282. entry_handle : *
  283. entry_handle: struct policy_handle
  284. handle_type : 0x00000000 (0)
  285. uuid : 00000000-0000-0000-0000-000000000000
  286. max_towers : 0x00000001 (1)
  287. [2017/04/25 22:48:39.218836, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  288. &r: struct ncacn_packet
  289. rpc_vers : 0x05 (5)
  290. rpc_vers_minor : 0x00 (0)
  291. ptype : DCERPC_PKT_REQUEST (0)
  292. pfc_flags : 0x03 (3)
  293. 1: DCERPC_PFC_FLAG_FIRST
  294. 1: DCERPC_PFC_FLAG_LAST
  295. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  296. 0: DCERPC_PFC_FLAG_CONC_MPX
  297. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  298. 0: DCERPC_PFC_FLAG_MAYBE
  299. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  300. drep: ARRAY(4)
  301. [0] : 0x10 (16)
  302. [1] : 0x00 (0)
  303. [2] : 0x00 (0)
  304. [3] : 0x00 (0)
  305. frag_length : 0x0018 (24)
  306. auth_length : 0x0000 (0)
  307. call_id : 0x0000000e (14)
  308. u : union dcerpc_payload(case 0)
  309. request: struct dcerpc_request
  310. alloc_hint : 0x00000084 (132)
  311. context_id : 0x0000 (0)
  312. opnum : 0x0003 (3)
  313. object : union dcerpc_object(case 0)
  314. empty: struct dcerpc_empty
  315. _pad : DATA_BLOB length=0
  316. stub_and_verifier : DATA_BLOB length=0
  317. [2017/04/25 22:48:39.219045, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:826(rpc_api_pipe_send)
  318. rpc_api_pipe: host SRV-DC01.ednt.de
  319. [2017/04/25 22:48:39.219064, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:178(rpc_write_send)
  320. rpc_write_send: data_to_write: 156
  321. [2017/04/25 22:48:39.220087, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:98(rpc_read_send)
  322. rpc_read_send: data_to_read: 136
  323. [2017/04/25 22:48:39.220128, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  324. r: struct ncacn_packet
  325. rpc_vers : 0x05 (5)
  326. rpc_vers_minor : 0x00 (0)
  327. ptype : DCERPC_PKT_RESPONSE (2)
  328. pfc_flags : 0x03 (3)
  329. 1: DCERPC_PFC_FLAG_FIRST
  330. 1: DCERPC_PFC_FLAG_LAST
  331. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  332. 0: DCERPC_PFC_FLAG_CONC_MPX
  333. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  334. 0: DCERPC_PFC_FLAG_MAYBE
  335. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  336. drep: ARRAY(4)
  337. [0] : 0x10 (16)
  338. [1] : 0x00 (0)
  339. [2] : 0x00 (0)
  340. [3] : 0x00 (0)
  341. frag_length : 0x0098 (152)
  342. auth_length : 0x0000 (0)
  343. call_id : 0x0000000e (14)
  344. u : union dcerpc_payload(case 2)
  345. response: struct dcerpc_response
  346. alloc_hint : 0x00000080 (128)
  347. context_id : 0x0000 (0)
  348. cancel_count : 0x00 (0)
  349. _pad : DATA_BLOB length=1
  350. [0000] 00 .
  351. stub_and_verifier : DATA_BLOB length=128
  352. [0000] 00 00 00 00 A8 98 15 C8 F1 EA 59 45 B1 2D 65 F5 ........ ..YE.-e.
  353. [0010] 9F BF A8 4A 01 00 00 00 01 00 00 00 00 00 00 00 ...J.... ........
  354. [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
  355. [0030] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4......
  356. [0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......]
  357. [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
  358. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
  359. [0070] C0 06 01 00 09 04 00 C0 A8 12 82 00 00 00 00 00 ........ ........
  360. [2017/04/25 22:48:39.220580, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:525(cli_pipe_validate_current_pdu)
  361. Got pdu len 152, data_len 128
  362. [2017/04/25 22:48:39.220598, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  363. rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK
  364. [2017/04/25 22:48:39.220614, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
  365. rpc_api_pipe: host SRV-DC01.ednt.de returned 128 bytes.
  366. [2017/04/25 22:48:39.220681, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  367. epm_Map: struct epm_Map
  368. out: struct epm_Map
  369. entry_handle : *
  370. entry_handle: struct policy_handle
  371. handle_type : 0x00000000 (0)
  372. uuid : c81598a8-eaf1-4559-b12d-65f59fbfa84a
  373. num_towers : *
  374. num_towers : 0x00000001 (1)
  375. towers: ARRAY(1)
  376. towers: struct epm_twr_p_t
  377. twr : *
  378. twr: struct epm_twr_t
  379. tower_length : 0x0000004b (75)
  380. tower: struct epm_tower
  381. num_floors : 0x0005 (5)
  382. floors: ARRAY(5)
  383. floors: struct epm_floor
  384. lhs: struct epm_lhs
  385. protocol : EPM_PROTOCOL_UUID (13)
  386. lhs_data : DATA_BLOB length=18
  387. [0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
  388. [0010] 00 00 ..
  389. rhs : union epm_rhs(case 13)
  390. uuid: struct epm_rhs_uuid
  391. unknown : DATA_BLOB length=2
  392. [0000] 00 00 ..
  393. floors: struct epm_floor
  394. lhs: struct epm_lhs
  395. protocol : EPM_PROTOCOL_UUID (13)
  396. lhs_data : DATA_BLOB length=18
  397. [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
  398. [0010] 02 00 ..
  399. rhs : union epm_rhs(case 13)
  400. uuid: struct epm_rhs_uuid
  401. unknown : DATA_BLOB length=2
  402. [0000] 00 00 ..
  403. floors: struct epm_floor
  404. lhs: struct epm_lhs
  405. protocol : EPM_PROTOCOL_NCACN (11)
  406. lhs_data : DATA_BLOB length=0
  407. rhs : union epm_rhs(case 11)
  408. ncacn: struct epm_rhs_ncacn
  409. minor_version : 0x0000 (0)
  410. floors: struct epm_floor
  411. lhs: struct epm_lhs
  412. protocol : EPM_PROTOCOL_TCP (7)
  413. lhs_data : DATA_BLOB length=0
  414. rhs : union epm_rhs(case 7)
  415. tcp: struct epm_rhs_tcp
  416. port : 0xc006 (49158)
  417. floors: struct epm_floor
  418. lhs: struct epm_lhs
  419. protocol : EPM_PROTOCOL_IP (9)
  420. lhs_data : DATA_BLOB length=0
  421. rhs : union epm_rhs(case 9)
  422. ip: struct epm_rhs_ip
  423. ipaddr : 192.168.18.130
  424. result : 0x00000000 (0)
  425. [2017/04/25 22:48:39.221324, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:636(open_socket_out_send)
  426. Connecting to 192.168.18.130 at port 49158
  427. [2017/04/25 22:48:39.221764, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/util/util_net.c:1055(print_socket_options)
  428. Socket options:
  429. SO_KEEPALIVE = 0
  430. SO_REUSEADDR = 0
  431. SO_BROADCAST = 0
  432. TCP_NODELAY = 1
  433. TCP_KEEPCNT = 9
  434. TCP_KEEPIDLE = 7200
  435. TCP_KEEPINTVL = 75
  436. IPTOS_LOWDELAY = 0
  437. IPTOS_THROUGHPUT = 0
  438. SO_REUSEPORT = 0
  439. SO_SNDBUF = 20120
  440. SO_RCVBUF = 87380
  441. SO_SNDLOWAT = 1
  442. SO_RCVLOWAT = 1
  443. Could not test socket option SO_SNDTIMEO.
  444. Could not test socket option SO_RCVTIMEO.
  445. TCP_QUICKACK = 1
  446. TCP_DEFER_ACCEPT = 0
  447. [2017/04/25 22:48:39.221886, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
  448. check lock order 2 for /var/run/samba/g_lock.tdb
  449. [2017/04/25 22:48:39.221905, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order)
  450. lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
  451. [2017/04/25 22:48:39.221928, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:60(db_tdb_log_key)
  452. Locking key 434C495B4653322F4653
  453. [2017/04/25 22:48:39.221955, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:144(db_tdb_fetch_locked_internal)
  454. Allocated locked data 0x0xb9654010
  455. [2017/04/25 22:48:39.221997, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:60(db_tdb_log_key)
  456. Unlocking key 434C495B4653322F4653
  457. [2017/04/25 22:48:39.222017, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
  458. release lock order 2 for /var/run/samba/g_lock.tdb
  459. [2017/04/25 22:48:39.222033, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order)
  460. lock order: 1:<none> 2:<none> 3:<none>
  461. [2017/04/25 22:48:39.222248, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  462. Starting GENSEC mechanism schannel
  463. [2017/04/25 22:48:39.222273, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1872(rpc_pipe_bind_send)
  464. Bind RPC Pipe: host SRV-DC01.ednt.de auth_type 68, auth_level 6
  465. [2017/04/25 22:48:39.222292, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1139(create_generic_auth_rpc_bind_req)
  466. create_generic_auth_rpc_bind_req: generate first token
  467. [2017/04/25 22:48:39.222334, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  468. &r: struct dcerpc_auth
  469. auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
  470. auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
  471. auth_pad_length : 0x00 (0)
  472. auth_reserved : 0x00 (0)
  473. auth_context_id : 0x00000001 (1)
  474. credentials : DATA_BLOB length=17
  475. [0000] 00 00 00 00 03 00 00 00 45 44 4E 54 00 46 53 32 ........ EDNT.FS2
  476. [0010] 00 .
  477. [2017/04/25 22:48:39.222442, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  478. &r: struct ncacn_packet
  479. rpc_vers : 0x05 (5)
  480. rpc_vers_minor : 0x00 (0)
  481. ptype : DCERPC_PKT_BIND (11)
  482. pfc_flags : 0x07 (7)
  483. 1: DCERPC_PFC_FLAG_FIRST
  484. 1: DCERPC_PFC_FLAG_LAST
  485. 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  486. 0: DCERPC_PFC_FLAG_CONC_MPX
  487. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  488. 0: DCERPC_PFC_FLAG_MAYBE
  489. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  490. drep: ARRAY(4)
  491. [0] : 0x10 (16)
  492. [1] : 0x00 (0)
  493. [2] : 0x00 (0)
  494. [3] : 0x00 (0)
  495. frag_length : 0x0061 (97)
  496. auth_length : 0x0011 (17)
  497. call_id : 0x0000000f (15)
  498. u : union dcerpc_payload(case 11)
  499. bind: struct dcerpc_bind
  500. max_xmit_frag : 0x10b8 (4280)
  501. max_recv_frag : 0x10b8 (4280)
  502. assoc_group_id : 0x00000000 (0)
  503. num_contexts : 0x01 (1)
  504. ctx_list: ARRAY(1)
  505. ctx_list: struct dcerpc_ctx_list
  506. context_id : 0x0000 (0)
  507. num_transfer_syntaxes : 0x01 (1)
  508. abstract_syntax: struct ndr_syntax_id
  509. uuid : 12345778-1234-abcd-ef00-0123456789ab
  510. if_version : 0x00000000 (0)
  511. transfer_syntaxes: ARRAY(1)
  512. transfer_syntaxes: struct ndr_syntax_id
  513. uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
  514. if_version : 0x00000002 (2)
  515. auth_info : DATA_BLOB length=25
  516. [0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........
  517. [0010] 45 44 4E 54 00 46 53 32 00 EDNT.FS2 .
  518. [2017/04/25 22:48:39.222787, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:826(rpc_api_pipe_send)
  519. rpc_api_pipe: host SRV-DC01.ednt.de
  520. [2017/04/25 22:48:39.222805, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:178(rpc_write_send)
  521. rpc_write_send: data_to_write: 97
  522. [2017/04/25 22:48:39.223362, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:98(rpc_read_send)
  523. rpc_read_send: data_to_read: 64
  524. [2017/04/25 22:48:39.223403, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  525. r: struct ncacn_packet
  526. rpc_vers : 0x05 (5)
  527. rpc_vers_minor : 0x00 (0)
  528. ptype : DCERPC_PKT_BIND_ACK (12)
  529. pfc_flags : 0x07 (7)
  530. 1: DCERPC_PFC_FLAG_FIRST
  531. 1: DCERPC_PFC_FLAG_LAST
  532. 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  533. 0: DCERPC_PFC_FLAG_CONC_MPX
  534. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  535. 0: DCERPC_PFC_FLAG_MAYBE
  536. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  537. drep: ARRAY(4)
  538. [0] : 0x10 (16)
  539. [1] : 0x00 (0)
  540. [2] : 0x00 (0)
  541. [3] : 0x00 (0)
  542. frag_length : 0x0050 (80)
  543. auth_length : 0x000c (12)
  544. call_id : 0x0000000f (15)
  545. u : union dcerpc_payload(case 12)
  546. bind_ack: struct dcerpc_bind_ack
  547. max_xmit_frag : 0x10b8 (4280)
  548. max_recv_frag : 0x10b8 (4280)
  549. assoc_group_id : 0x000092e5 (37605)
  550. secondary_address_size : 0x0006 (6)
  551. secondary_address : '49158'
  552. _pad1 : DATA_BLOB length=0
  553. num_results : 0x01 (1)
  554. ctx_list: ARRAY(1)
  555. ctx_list: struct dcerpc_ack_ctx
  556. result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
  557. reason : union dcerpc_bind_ack_reason(case 0)
  558. value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
  559. syntax: struct ndr_syntax_id
  560. uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
  561. if_version : 0x00000002 (2)
  562. auth_info : DATA_BLOB length=20
  563. [0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........
  564. [0010] 00 00 00 00 ....
  565. [2017/04/25 22:48:39.223738, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  566. rpc_api_pipe: got frag len of 80 at offset 0: NT_STATUS_OK
  567. [2017/04/25 22:48:39.223756, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
  568. rpc_api_pipe: host SRV-DC01.ednt.de returned 80 bytes.
  569. [2017/04/25 22:48:39.223775, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1745(check_bind_response)
  570. check_bind_response: accepted!
  571. [2017/04/25 22:48:39.223808, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
  572. check lock order 2 for /var/run/samba/g_lock.tdb
  573. [2017/04/25 22:48:39.223826, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order)
  574. lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
  575. [2017/04/25 22:48:39.223846, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:60(db_tdb_log_key)
  576. Locking key 434C495B4653322F4653
  577. [2017/04/25 22:48:39.223867, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:144(db_tdb_fetch_locked_internal)
  578. Allocated locked data 0x0xb964fa30
  579. [2017/04/25 22:48:39.223905, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:60(db_tdb_log_key)
  580. Unlocking key 434C495B4653322F4653
  581. [2017/04/25 22:48:39.223925, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
  582. release lock order 2 for /var/run/samba/g_lock.tdb
  583. [2017/04/25 22:48:39.223941, 10, pid=3802, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order)
  584. lock order: 1:<none> 2:<none> 3:<none>
  585. [2017/04/25 22:48:39.223960, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:3234(cli_rpc_pipe_open_schannel_with_key)
  586. cli_rpc_pipe_open_schannel_with_key: opened pipe lsarpc to machine SRV-DC01.ednt.de for domain EDNT and bound using schannel.
  587. [2017/04/25 22:48:39.223995, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  588. lsa_LookupNames4: struct lsa_LookupNames4
  589. in: struct lsa_LookupNames4
  590. num_names : 0x00000001 (1)
  591. names: ARRAY(1)
  592. names: struct lsa_String
  593. length : 0x000e (14)
  594. size : 0x000e (14)
  595. string : *
  596. string : 'EDNT\KK'
  597. sids : *
  598. sids: struct lsa_TransSidArray3
  599. count : 0x00000000 (0)
  600. sids : NULL
  601. level : LSA_LOOKUP_NAMES_ALL (1)
  602. count : *
  603. count : 0x00000000 (0)
  604. lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
  605. client_revision : LSA_CLIENT_REVISION_2 (2)
  606. [2017/04/25 22:48:39.224199, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  607. t: struct dcerpc_sec_verification_trailer
  608. _pad : DATA_BLOB length=0
  609. magic : 0000000000000000
  610. count: struct dcerpc_sec_vt_count
  611. count : 0x0002 (2)
  612. commands: ARRAY(2)
  613. commands: struct dcerpc_sec_vt
  614. command : 0x0001 (1)
  615. 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
  616. 0: DCERPC_SEC_VT_COMMAND_END
  617. 0: DCERPC_SEC_VT_MUST_PROCESS
  618. u : union dcerpc_sec_vt_union(case 0x1)
  619. bitmask1 : 0x00000001 (1)
  620. 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
  621. commands: struct dcerpc_sec_vt
  622. command : 0x4002 (16386)
  623. 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
  624. 1: DCERPC_SEC_VT_COMMAND_END
  625. 0: DCERPC_SEC_VT_MUST_PROCESS
  626. u : union dcerpc_sec_vt_union(case 0x2)
  627. pcontext: struct dcerpc_sec_vt_pcontext
  628. abstract_syntax: struct ndr_syntax_id
  629. uuid : 12345778-1234-abcd-ef00-0123456789ab
  630. if_version : 0x00000000 (0)
  631. transfer_syntax: struct ndr_syntax_id
  632. uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
  633. if_version : 0x00000002 (2)
  634. [2017/04/25 22:48:39.224419, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  635. &r: struct ncacn_packet
  636. rpc_vers : 0x05 (5)
  637. rpc_vers_minor : 0x00 (0)
  638. ptype : DCERPC_PKT_REQUEST (0)
  639. pfc_flags : 0x03 (3)
  640. 1: DCERPC_PFC_FLAG_FIRST
  641. 1: DCERPC_PFC_FLAG_LAST
  642. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  643. 0: DCERPC_PFC_FLAG_CONC_MPX
  644. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  645. 0: DCERPC_PFC_FLAG_MAYBE
  646. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  647. drep: ARRAY(4)
  648. [0] : 0x10 (16)
  649. [1] : 0x00 (0)
  650. [2] : 0x00 (0)
  651. [3] : 0x00 (0)
  652. frag_length : 0x0018 (24)
  653. auth_length : 0x0038 (56)
  654. call_id : 0x00000010 (16)
  655. u : union dcerpc_payload(case 0)
  656. request: struct dcerpc_request
  657. alloc_hint : 0x00000080 (128)
  658. context_id : 0x0000 (0)
  659. opnum : 0x004d (77)
  660. object : union dcerpc_object(case 0)
  661. empty: struct dcerpc_empty
  662. _pad : DATA_BLOB length=0
  663. stub_and_verifier : DATA_BLOB length=0
  664. [2017/04/25 22:48:39.224620, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  665. &r: struct dcerpc_auth
  666. auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
  667. auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
  668. auth_pad_length : 0x00 (0)
  669. auth_reserved : 0x00 (0)
  670. auth_context_id : 0x00000001 (1)
  671. credentials : DATA_BLOB length=0
  672. [2017/04/25 22:48:39.224736, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:826(rpc_api_pipe_send)
  673. rpc_api_pipe: host SRV-DC01.ednt.de
  674. [2017/04/25 22:48:39.224755, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:178(rpc_write_send)
  675. rpc_write_send: data_to_write: 216
  676. [2017/04/25 22:48:39.225897, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:98(rpc_read_send)
  677. rpc_read_send: data_to_read: 232
  678. [2017/04/25 22:48:39.225945, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  679. r: struct ncacn_packet
  680. rpc_vers : 0x05 (5)
  681. rpc_vers_minor : 0x00 (0)
  682. ptype : DCERPC_PKT_RESPONSE (2)
  683. pfc_flags : 0x03 (3)
  684. 1: DCERPC_PFC_FLAG_FIRST
  685. 1: DCERPC_PFC_FLAG_LAST
  686. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  687. 0: DCERPC_PFC_FLAG_CONC_MPX
  688. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  689. 0: DCERPC_PFC_FLAG_MAYBE
  690. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  691. drep: ARRAY(4)
  692. [0] : 0x10 (16)
  693. [1] : 0x00 (0)
  694. [2] : 0x00 (0)
  695. [3] : 0x00 (0)
  696. frag_length : 0x00f8 (248)
  697. auth_length : 0x0038 (56)
  698. call_id : 0x00000010 (16)
  699. u : union dcerpc_payload(case 2)
  700. response: struct dcerpc_response
  701. alloc_hint : 0x00000094 (148)
  702. context_id : 0x0000 (0)
  703. cancel_count : 0x00 (0)
  704. _pad : DATA_BLOB length=1
  705. [0000] 00 .
  706. stub_and_verifier : DATA_BLOB length=224
  707. [0000] D7 AD 18 65 27 57 2C 1A FE 65 EB B5 07 F1 67 CE ...e'W,. .e....g.
  708. [0010] 8F 11 BD 94 70 B3 92 9E 3D 56 BF 35 F4 96 3D D2 ....p... =V.5..=.
  709. [0020] FD 1D 6C AB F5 AF AF AE 07 5E 5A 4E 09 59 07 9F ..l..... .^ZN.Y..
  710. [0030] FF 4E A6 2A B1 CA 38 15 3D BD F6 90 CE E9 4A A7 .N.*..8. =.....J.
  711. [0040] 62 78 A0 81 A0 A0 D3 58 27 6F FE 92 15 8F B3 47 bx.....X 'o.....G
  712. [0050] 28 52 50 E8 3D 12 F8 CD D1 10 D9 18 78 FA F4 BD (RP.=... ....x...
  713. [0060] D4 44 34 A0 29 DC A5 5F 84 5F 27 F2 46 53 D9 9F .D4.).._ ._'.FS..
  714. [0070] A1 DE C9 06 10 90 7C BF 6D 5E E3 D3 E4 D8 C8 36 ......|. m^.....6
  715. [0080] B5 28 EE E3 94 E9 61 4E 4B BE 84 10 F3 4B 24 C2 .(....aN K....K$.
  716. [0090] E9 B3 B1 62 C8 68 57 85 FC CE 9A 15 C7 05 96 7D ...b.hW. .......}
  717. [00A0] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........
  718. [00B0] 24 9E 92 21 91 34 72 4E A4 95 48 43 2E 86 9B A7 $..!.4rN ..HC....
  719. [00C0] BE DD 50 A1 07 5B 96 CD E3 A0 B4 94 F8 2D D0 51 ..P..[.. .....-.Q
  720. [00D0] B9 9D 70 9A 19 5D 84 DF 89 37 E3 7D C3 F3 64 97 ..p..].. .7.}..d.
  721. [2017/04/25 22:48:39.226588, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
  722. Requested Privacy.
  723. [2017/04/25 22:48:39.226607, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
  724. GENSEC auth
  725. [2017/04/25 22:48:39.226677, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:525(cli_pipe_validate_current_pdu)
  726. Got pdu len 248, data_len 148
  727. [2017/04/25 22:48:39.226694, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  728. rpc_api_pipe: got frag len of 248 at offset 0: NT_STATUS_OK
  729. [2017/04/25 22:48:39.226710, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
  730. rpc_api_pipe: host SRV-DC01.ednt.de returned 148 bytes.
  731. [2017/04/25 22:48:39.226748, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  732. lsa_LookupNames4: struct lsa_LookupNames4
  733. out: struct lsa_LookupNames4
  734. domains : *
  735. domains : *
  736. domains: struct lsa_RefDomainList
  737. count : 0x00000001 (1)
  738. domains : *
  739. domains: ARRAY(1)
  740. domains: struct lsa_DomainInfo
  741. name: struct lsa_StringLarge
  742. length : 0x0008 (8)
  743. size : 0x000a (10)
  744. string : *
  745. string : 'EDNT'
  746. sid : *
  747. sid : S-1-5-21-4001112740-1724199908-163113746
  748. max_size : 0x00000020 (32)
  749. sids : *
  750. sids: struct lsa_TransSidArray3
  751. count : 0x00000001 (1)
  752. sids : *
  753. sids: ARRAY(1)
  754. sids: struct lsa_TranslatedSid3
  755. sid_type : SID_NAME_USER (1)
  756. sid : *
  757. sid : S-1-5-21-4001112740-1724199908-163113746-1106
  758. sid_index : 0x00000000 (0)
  759. flags : 0x00000000 (0)
  760. count : *
  761. count : 0x00000001 (1)
  762. result : NT_STATUS_OK
  763. [2017/04/25 22:48:39.227019, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  764. refresh_sequence_number: EDNT time ok
  765. [2017/04/25 22:48:39.227037, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  766. refresh_sequence_number: EDNT seq number is now 6043364
  767. [2017/04/25 22:48:39.227086, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:965(wcache_save_name_to_sid)
  768. wcache_save_name_to_sid: EDNT\KK -> S-1-5-21-4001112740-1724199908-163113746-1106 (NT_STATUS_OK)
  769. [2017/04/25 22:48:39.227123, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  770. wcache_save_sid_to_name: S-1-5-21-4001112740-1724199908-163113746-1106 -> EDNT\kk (NT_STATUS_OK)
  771. [2017/04/25 22:48:39.227142, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  772. wbint_LookupName: struct wbint_LookupName
  773. out: struct wbint_LookupName
  774. type : *
  775. type : SID_NAME_USER (1)
  776. sid : *
  777. sid : S-1-5-21-4001112740-1724199908-163113746-1106
  778. result : NT_STATUS_OK
  779. [2017/04/25 22:48:39.227218, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  780. Finished processing child request 59
  781. [2017/04/25 22:48:39.227235, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  782. Writing 3532 bytes to parent
  783. [2017/04/25 22:48:39.227664, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  784. Need to read 28 extra bytes
  785. [2017/04/25 22:48:39.227693, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  786. child daemon request 59
  787. [2017/04/25 22:48:39.227713, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  788. child_process_request: request fn NDRCMD
  789. [2017/04/25 22:48:39.227730, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  790. winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (EDNT)
  791. [2017/04/25 22:48:39.227768, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  792. wbint_QueryUser: struct wbint_QueryUser
  793. in: struct wbint_QueryUser
  794. sid : *
  795. sid : S-1-5-21-4001112740-1724199908-163113746-1106
  796. [2017/04/25 22:48:39.227816, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  797. refresh_sequence_number: EDNT time ok
  798. [2017/04/25 22:48:39.227832, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  799. refresh_sequence_number: EDNT seq number is now 6043364
  800. [2017/04/25 22:48:39.227855, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
  801. query_user: [Cached] - doing backend query for info for domain EDNT
  802. [2017/04/25 22:48:39.227874, 3, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:623(query_user)
  803. ads: query_user
  804. [2017/04/25 22:48:39.227907, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/samlogon_cache.c:222(netsamlogon_cache_get)
  805. netsamlogon_cache_get: SID [S-1-5-21-4001112740-1724199908-163113746-1106]
  806. [2017/04/25 22:48:39.227982, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  807. &r: struct netsamlogoncache_entry
  808. timestamp : Di Apr 25 22:11:00 2017 CEST
  809. info3: struct netr_SamInfo3
  810. base: struct netr_SamBaseInfo
  811. logon_time : Di Apr 25 20:11:31 2017 CEST
  812. logoff_time : Di Jan 19 04:14:07 2038 CET
  813. kickoff_time : Di Jan 19 04:14:07 2038 CET
  814. last_password_change : Mi Apr 19 17:23:21 2017 CEST
  815. allow_password_change : Do Apr 20 17:23:21 2017 CEST
  816. force_password_change : Di Jan 19 04:14:07 2038 CET
  817. account_name: struct lsa_String
  818. length : 0x0004 (4)
  819. size : 0x0004 (4)
  820. string : *
  821. string : 'kk'
  822. full_name: struct lsa_String
  823. length : 0x0036 (54)
  824. size : 0x0036 (54)
  825. string : *
  826. string : 'Karlheinz Knapp | EDNT GmbH'
  827. logon_script: struct lsa_String
  828. length : 0x0000 (0)
  829. size : 0x0000 (0)
  830. string : NULL
  831. profile_path: struct lsa_String
  832. length : 0x0000 (0)
  833. size : 0x0000 (0)
  834. string : NULL
  835. home_directory: struct lsa_String
  836. length : 0x0000 (0)
  837. size : 0x0000 (0)
  838. string : NULL
  839. home_drive: struct lsa_String
  840. length : 0x0000 (0)
  841. size : 0x0000 (0)
  842. string : NULL
  843. logon_count : 0x07af (1967)
  844. bad_password_count : 0x0000 (0)
  845. rid : 0x00000452 (1106)
  846. primary_gid : 0x00000201 (513)
  847. groups: struct samr_RidWithAttributeArray
  848. count : 0x0000001f (31)
  849. rids : *
  850. rids: ARRAY(31)
  851. rids: struct samr_RidWithAttribute
  852. rid : 0x00000471 (1137)
  853. attributes : 0x00000007 (7)
  854. 1: SE_GROUP_MANDATORY
  855. 1: SE_GROUP_ENABLED_BY_DEFAULT
  856. 1: SE_GROUP_ENABLED
  857. 0: SE_GROUP_OWNER
  858. 0: SE_GROUP_USE_FOR_DENY_ONLY
  859. 0: SE_GROUP_RESOURCE
  860. 0x00: SE_GROUP_LOGON_ID (0)
  861. rids: struct samr_RidWithAttribute
  862. rid : 0x00000476 (1142)
  863. attributes : 0x00000007 (7)
  864. 1: SE_GROUP_MANDATORY
  865. 1: SE_GROUP_ENABLED_BY_DEFAULT
  866. 1: SE_GROUP_ENABLED
  867. 0: SE_GROUP_OWNER
  868. 0: SE_GROUP_USE_FOR_DENY_ONLY
  869. 0: SE_GROUP_RESOURCE
  870. 0x00: SE_GROUP_LOGON_ID (0)
  871. rids: struct samr_RidWithAttribute
  872. rid : 0x0000046a (1130)
  873. attributes : 0x00000007 (7)
  874. 1: SE_GROUP_MANDATORY
  875. 1: SE_GROUP_ENABLED_BY_DEFAULT
  876. 1: SE_GROUP_ENABLED
  877. 0: SE_GROUP_OWNER
  878. 0: SE_GROUP_USE_FOR_DENY_ONLY
  879. 0: SE_GROUP_RESOURCE
  880. 0x00: SE_GROUP_LOGON_ID (0)
  881. rids: struct samr_RidWithAttribute
  882. rid : 0x000004c5 (1221)
  883. attributes : 0x00000007 (7)
  884. 1: SE_GROUP_MANDATORY
  885. 1: SE_GROUP_ENABLED_BY_DEFAULT
  886. 1: SE_GROUP_ENABLED
  887. 0: SE_GROUP_OWNER
  888. 0: SE_GROUP_USE_FOR_DENY_ONLY
  889. 0: SE_GROUP_RESOURCE
  890. 0x00: SE_GROUP_LOGON_ID (0)
  891. rids: struct samr_RidWithAttribute
  892. rid : 0x00000472 (1138)
  893. attributes : 0x00000007 (7)
  894. 1: SE_GROUP_MANDATORY
  895. 1: SE_GROUP_ENABLED_BY_DEFAULT
  896. 1: SE_GROUP_ENABLED
  897. 0: SE_GROUP_OWNER
  898. 0: SE_GROUP_USE_FOR_DENY_ONLY
  899. 0: SE_GROUP_RESOURCE
  900. 0x00: SE_GROUP_LOGON_ID (0)
  901. rids: struct samr_RidWithAttribute
  902. rid : 0x00000487 (1159)
  903. attributes : 0x00000007 (7)
  904. 1: SE_GROUP_MANDATORY
  905. 1: SE_GROUP_ENABLED_BY_DEFAULT
  906. 1: SE_GROUP_ENABLED
  907. 0: SE_GROUP_OWNER
  908. 0: SE_GROUP_USE_FOR_DENY_ONLY
  909. 0: SE_GROUP_RESOURCE
  910. 0x00: SE_GROUP_LOGON_ID (0)
  911. rids: struct samr_RidWithAttribute
  912. rid : 0x0000047b (1147)
  913. attributes : 0x00000007 (7)
  914. 1: SE_GROUP_MANDATORY
  915. 1: SE_GROUP_ENABLED_BY_DEFAULT
  916. 1: SE_GROUP_ENABLED
  917. 0: SE_GROUP_OWNER
  918. 0: SE_GROUP_USE_FOR_DENY_ONLY
  919. 0: SE_GROUP_RESOURCE
  920. 0x00: SE_GROUP_LOGON_ID (0)
  921. rids: struct samr_RidWithAttribute
  922. rid : 0x0000046c (1132)
  923. attributes : 0x00000007 (7)
  924. 1: SE_GROUP_MANDATORY
  925. 1: SE_GROUP_ENABLED_BY_DEFAULT
  926. 1: SE_GROUP_ENABLED
  927. 0: SE_GROUP_OWNER
  928. 0: SE_GROUP_USE_FOR_DENY_ONLY
  929. 0: SE_GROUP_RESOURCE
  930. 0x00: SE_GROUP_LOGON_ID (0)
  931. rids: struct samr_RidWithAttribute
  932. rid : 0x00000470 (1136)
  933. attributes : 0x00000007 (7)
  934. 1: SE_GROUP_MANDATORY
  935. 1: SE_GROUP_ENABLED_BY_DEFAULT
  936. 1: SE_GROUP_ENABLED
  937. 0: SE_GROUP_OWNER
  938. 0: SE_GROUP_USE_FOR_DENY_ONLY
  939. 0: SE_GROUP_RESOURCE
  940. 0x00: SE_GROUP_LOGON_ID (0)
  941. rids: struct samr_RidWithAttribute
  942. rid : 0x0000047c (1148)
  943. attributes : 0x00000007 (7)
  944. 1: SE_GROUP_MANDATORY
  945. 1: SE_GROUP_ENABLED_BY_DEFAULT
  946. 1: SE_GROUP_ENABLED
  947. 0: SE_GROUP_OWNER
  948. 0: SE_GROUP_USE_FOR_DENY_ONLY
  949. 0: SE_GROUP_RESOURCE
  950. 0x00: SE_GROUP_LOGON_ID (0)
  951. rids: struct samr_RidWithAttribute
  952. rid : 0x0000046b (1131)
  953. attributes : 0x00000007 (7)
  954. 1: SE_GROUP_MANDATORY
  955. 1: SE_GROUP_ENABLED_BY_DEFAULT
  956. 1: SE_GROUP_ENABLED
  957. 0: SE_GROUP_OWNER
  958. 0: SE_GROUP_USE_FOR_DENY_ONLY
  959. 0: SE_GROUP_RESOURCE
  960. 0x00: SE_GROUP_LOGON_ID (0)
  961. rids: struct samr_RidWithAttribute
  962. rid : 0x00000465 (1125)
  963. attributes : 0x00000007 (7)
  964. 1: SE_GROUP_MANDATORY
  965. 1: SE_GROUP_ENABLED_BY_DEFAULT
  966. 1: SE_GROUP_ENABLED
  967. 0: SE_GROUP_OWNER
  968. 0: SE_GROUP_USE_FOR_DENY_ONLY
  969. 0: SE_GROUP_RESOURCE
  970. 0x00: SE_GROUP_LOGON_ID (0)
  971. rids: struct samr_RidWithAttribute
  972. rid : 0x00000201 (513)
  973. attributes : 0x00000007 (7)
  974. 1: SE_GROUP_MANDATORY
  975. 1: SE_GROUP_ENABLED_BY_DEFAULT
  976. 1: SE_GROUP_ENABLED
  977. 0: SE_GROUP_OWNER
  978. 0: SE_GROUP_USE_FOR_DENY_ONLY
  979. 0: SE_GROUP_RESOURCE
  980. 0x00: SE_GROUP_LOGON_ID (0)
  981. rids: struct samr_RidWithAttribute
  982. rid : 0x00000462 (1122)
  983. attributes : 0x00000007 (7)
  984. 1: SE_GROUP_MANDATORY
  985. 1: SE_GROUP_ENABLED_BY_DEFAULT
  986. 1: SE_GROUP_ENABLED
  987. 0: SE_GROUP_OWNER
  988. 0: SE_GROUP_USE_FOR_DENY_ONLY
  989. 0: SE_GROUP_RESOURCE
  990. 0x00: SE_GROUP_LOGON_ID (0)
  991. rids: struct samr_RidWithAttribute
  992. rid : 0x00000477 (1143)
  993. attributes : 0x00000007 (7)
  994. 1: SE_GROUP_MANDATORY
  995. 1: SE_GROUP_ENABLED_BY_DEFAULT
  996. 1: SE_GROUP_ENABLED
  997. 0: SE_GROUP_OWNER
  998. 0: SE_GROUP_USE_FOR_DENY_ONLY
  999. 0: SE_GROUP_RESOURCE
  1000. 0x00: SE_GROUP_LOGON_ID (0)
  1001. rids: struct samr_RidWithAttribute
  1002. rid : 0x00000463 (1123)
  1003. attributes : 0x00000007 (7)
  1004. 1: SE_GROUP_MANDATORY
  1005. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1006. 1: SE_GROUP_ENABLED
  1007. 0: SE_GROUP_OWNER
  1008. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1009. 0: SE_GROUP_RESOURCE
  1010. 0x00: SE_GROUP_LOGON_ID (0)
  1011. rids: struct samr_RidWithAttribute
  1012. rid : 0x00000200 (512)
  1013. attributes : 0x00000007 (7)
  1014. 1: SE_GROUP_MANDATORY
  1015. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1016. 1: SE_GROUP_ENABLED
  1017. 0: SE_GROUP_OWNER
  1018. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1019. 0: SE_GROUP_RESOURCE
  1020. 0x00: SE_GROUP_LOGON_ID (0)
  1021. rids: struct samr_RidWithAttribute
  1022. rid : 0x00000466 (1126)
  1023. attributes : 0x00000007 (7)
  1024. 1: SE_GROUP_MANDATORY
  1025. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1026. 1: SE_GROUP_ENABLED
  1027. 0: SE_GROUP_OWNER
  1028. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1029. 0: SE_GROUP_RESOURCE
  1030. 0x00: SE_GROUP_LOGON_ID (0)
  1031. rids: struct samr_RidWithAttribute
  1032. rid : 0x00000475 (1141)
  1033. attributes : 0x00000007 (7)
  1034. 1: SE_GROUP_MANDATORY
  1035. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1036. 1: SE_GROUP_ENABLED
  1037. 0: SE_GROUP_OWNER
  1038. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1039. 0: SE_GROUP_RESOURCE
  1040. 0x00: SE_GROUP_LOGON_ID (0)
  1041. rids: struct samr_RidWithAttribute
  1042. rid : 0x00000486 (1158)
  1043. attributes : 0x00000007 (7)
  1044. 1: SE_GROUP_MANDATORY
  1045. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1046. 1: SE_GROUP_ENABLED
  1047. 0: SE_GROUP_OWNER
  1048. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1049. 0: SE_GROUP_RESOURCE
  1050. 0x00: SE_GROUP_LOGON_ID (0)
  1051. rids: struct samr_RidWithAttribute
  1052. rid : 0x00000464 (1124)
  1053. attributes : 0x00000007 (7)
  1054. 1: SE_GROUP_MANDATORY
  1055. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1056. 1: SE_GROUP_ENABLED
  1057. 0: SE_GROUP_OWNER
  1058. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1059. 0: SE_GROUP_RESOURCE
  1060. 0x00: SE_GROUP_LOGON_ID (0)
  1061. rids: struct samr_RidWithAttribute
  1062. rid : 0x0000047a (1146)
  1063. attributes : 0x00000007 (7)
  1064. 1: SE_GROUP_MANDATORY
  1065. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1066. 1: SE_GROUP_ENABLED
  1067. 0: SE_GROUP_OWNER
  1068. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1069. 0: SE_GROUP_RESOURCE
  1070. 0x00: SE_GROUP_LOGON_ID (0)
  1071. rids: struct samr_RidWithAttribute
  1072. rid : 0x0000046d (1133)
  1073. attributes : 0x00000007 (7)
  1074. 1: SE_GROUP_MANDATORY
  1075. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1076. 1: SE_GROUP_ENABLED
  1077. 0: SE_GROUP_OWNER
  1078. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1079. 0: SE_GROUP_RESOURCE
  1080. 0x00: SE_GROUP_LOGON_ID (0)
  1081. rids: struct samr_RidWithAttribute
  1082. rid : 0x00000474 (1140)
  1083. attributes : 0x00000007 (7)
  1084. 1: SE_GROUP_MANDATORY
  1085. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1086. 1: SE_GROUP_ENABLED
  1087. 0: SE_GROUP_OWNER
  1088. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1089. 0: SE_GROUP_RESOURCE
  1090. 0x00: SE_GROUP_LOGON_ID (0)
  1091. rids: struct samr_RidWithAttribute
  1092. rid : 0x0000046e (1134)
  1093. attributes : 0x00000007 (7)
  1094. 1: SE_GROUP_MANDATORY
  1095. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1096. 1: SE_GROUP_ENABLED
  1097. 0: SE_GROUP_OWNER
  1098. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1099. 0: SE_GROUP_RESOURCE
  1100. 0x00: SE_GROUP_LOGON_ID (0)
  1101. rids: struct samr_RidWithAttribute
  1102. rid : 0x00000479 (1145)
  1103. attributes : 0x00000007 (7)
  1104. 1: SE_GROUP_MANDATORY
  1105. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1106. 1: SE_GROUP_ENABLED
  1107. 0: SE_GROUP_OWNER
  1108. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1109. 0: SE_GROUP_RESOURCE
  1110. 0x00: SE_GROUP_LOGON_ID (0)
  1111. rids: struct samr_RidWithAttribute
  1112. rid : 0x00000469 (1129)
  1113. attributes : 0x00000007 (7)
  1114. 1: SE_GROUP_MANDATORY
  1115. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1116. 1: SE_GROUP_ENABLED
  1117. 0: SE_GROUP_OWNER
  1118. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1119. 0: SE_GROUP_RESOURCE
  1120. 0x00: SE_GROUP_LOGON_ID (0)
  1121. rids: struct samr_RidWithAttribute
  1122. rid : 0x00000468 (1128)
  1123. attributes : 0x00000007 (7)
  1124. 1: SE_GROUP_MANDATORY
  1125. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1126. 1: SE_GROUP_ENABLED
  1127. 0: SE_GROUP_OWNER
  1128. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1129. 0: SE_GROUP_RESOURCE
  1130. 0x00: SE_GROUP_LOGON_ID (0)
  1131. rids: struct samr_RidWithAttribute
  1132. rid : 0x00000461 (1121)
  1133. attributes : 0x00000007 (7)
  1134. 1: SE_GROUP_MANDATORY
  1135. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1136. 1: SE_GROUP_ENABLED
  1137. 0: SE_GROUP_OWNER
  1138. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1139. 0: SE_GROUP_RESOURCE
  1140. 0x00: SE_GROUP_LOGON_ID (0)
  1141. rids: struct samr_RidWithAttribute
  1142. rid : 0x00000478 (1144)
  1143. attributes : 0x00000007 (7)
  1144. 1: SE_GROUP_MANDATORY
  1145. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1146. 1: SE_GROUP_ENABLED
  1147. 0: SE_GROUP_OWNER
  1148. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1149. 0: SE_GROUP_RESOURCE
  1150. 0x00: SE_GROUP_LOGON_ID (0)
  1151. rids: struct samr_RidWithAttribute
  1152. rid : 0x00000460 (1120)
  1153. attributes : 0x00000007 (7)
  1154. 1: SE_GROUP_MANDATORY
  1155. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1156. 1: SE_GROUP_ENABLED
  1157. 0: SE_GROUP_OWNER
  1158. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1159. 0: SE_GROUP_RESOURCE
  1160. 0x00: SE_GROUP_LOGON_ID (0)
  1161. user_flags : 0x00000920 (2336)
  1162. 0: NETLOGON_GUEST
  1163. 0: NETLOGON_NOENCRYPTION
  1164. 0: NETLOGON_CACHED_ACCOUNT
  1165. 0: NETLOGON_USED_LM_PASSWORD
  1166. 1: NETLOGON_EXTRA_SIDS
  1167. 0: NETLOGON_SUBAUTH_SESSION_KEY
  1168. 0: NETLOGON_SERVER_TRUST_ACCOUNT
  1169. 1: NETLOGON_NTLMV2_ENABLED
  1170. 0: NETLOGON_RESOURCE_GROUPS
  1171. 0: NETLOGON_PROFILE_PATH_RETURNED
  1172. 0: NETLOGON_GRACE_LOGON
  1173. key: struct netr_UserSessionKey
  1174. key : 74e4da0255d2bf5a58e1aeb865e88c04
  1175. logon_server: struct lsa_StringLarge
  1176. length : 0x0010 (16)
  1177. size : 0x0012 (18)
  1178. string : *
  1179. string : 'SRV-DC01'
  1180. logon_domain: struct lsa_StringLarge
  1181. length : 0x0008 (8)
  1182. size : 0x000a (10)
  1183. string : *
  1184. string : 'EDNT'
  1185. domain_sid : *
  1186. domain_sid : S-1-5-21-4001112740-1724199908-163113746
  1187. LMSessKey: struct netr_LMSessionKey
  1188. key : 74e4da0255d2bf5a
  1189. acct_flags : 0x00000210 (528)
  1190. 0: ACB_DISABLED
  1191. 0: ACB_HOMDIRREQ
  1192. 0: ACB_PWNOTREQ
  1193. 0: ACB_TEMPDUP
  1194. 1: ACB_NORMAL
  1195. 0: ACB_MNS
  1196. 0: ACB_DOMTRUST
  1197. 0: ACB_WSTRUST
  1198. 0: ACB_SVRTRUST
  1199. 1: ACB_PWNOEXP
  1200. 0: ACB_AUTOLOCK
  1201. 0: ACB_ENC_TXT_PWD_ALLOWED
  1202. 0: ACB_SMARTCARD_REQUIRED
  1203. 0: ACB_TRUSTED_FOR_DELEGATION
  1204. 0: ACB_NOT_DELEGATED
  1205. 0: ACB_USE_DES_KEY_ONLY
  1206. 0: ACB_DONT_REQUIRE_PREAUTH
  1207. 0: ACB_PW_EXPIRED
  1208. 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
  1209. 0: ACB_NO_AUTH_DATA_REQD
  1210. 0: ACB_PARTIAL_SECRETS_ACCOUNT
  1211. 0: ACB_USE_AES_KEYS
  1212. sub_auth_status : 0x00000000 (0)
  1213. last_successful_logon : NTTIME(0)
  1214. last_failed_logon : NTTIME(0)
  1215. failed_logon_count : 0x00000000 (0)
  1216. reserved : 0x00000000 (0)
  1217. sidcount : 0x00000002 (2)
  1218. sids : *
  1219. sids: ARRAY(2)
  1220. sids: struct netr_SidAttr
  1221. sid : *
  1222. sid : S-1-5-21-4001112740-1724199908-163113746-572
  1223. attributes : 0x20000007 (536870919)
  1224. 1: SE_GROUP_MANDATORY
  1225. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1226. 1: SE_GROUP_ENABLED
  1227. 0: SE_GROUP_OWNER
  1228. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1229. 1: SE_GROUP_RESOURCE
  1230. 0x00: SE_GROUP_LOGON_ID (0)
  1231. sids: struct netr_SidAttr
  1232. sid : *
  1233. sid : S-1-5-21-4001112740-1724199908-163113746-1233
  1234. attributes : 0x20000007 (536870919)
  1235. 1: SE_GROUP_MANDATORY
  1236. 1: SE_GROUP_ENABLED_BY_DEFAULT
  1237. 1: SE_GROUP_ENABLED
  1238. 0: SE_GROUP_OWNER
  1239. 0: SE_GROUP_USE_FOR_DENY_ONLY
  1240. 1: SE_GROUP_RESOURCE
  1241. 0x00: SE_GROUP_LOGON_ID (0)
  1242. [2017/04/25 22:48:39.231385, 5, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:633(query_user)
  1243. query_user: Cache lookup succeeded for S-1-5-21-4001112740-1724199908-163113746-1106
  1244. [2017/04/25 22:48:39.231412, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1245. refresh_sequence_number: EDNT time ok
  1246. [2017/04/25 22:48:39.231427, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1247. refresh_sequence_number: EDNT seq number is now 6043364
  1248. [2017/04/25 22:48:39.231457, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:318(nss_get_info)
  1249. nss_get_info called for sid [S-1-5-21-4001112740-1724199908-163113746-1106] in domain 'EDNT'
  1250. [2017/04/25 22:48:39.231499, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:80(smb_register_idmap_nss)
  1251. smb_register_idmap_nss: Successfully added idmap nss backend 'template'
  1252. [2017/04/25 22:48:39.231516, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:191(nss_init)
  1253. parsed backend = 'rfc2307', domain = '(null)'
  1254. [2017/04/25 22:48:39.231535, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/util/modules.c:171(do_smb_load_module)
  1255. Probing module 'ad'
  1256. [2017/04/25 22:48:39.231554, 5, pid=3802, effective(0, 0), real(0, 0)] ../lib/util/modules.c:185(do_smb_load_module)
  1257. Probing module 'ad': Trying to load from /usr/lib/i386-linux-gnu/samba/idmap/ad.so
  1258. [2017/04/25 22:48:39.233917, 2, pid=3802, effective(0, 0), real(0, 0)] ../lib/util/modules.c:196(do_smb_load_module)
  1259. Module 'ad' loaded
  1260. [2017/04/25 22:48:39.233972, 5, pid=3802, effective(0, 0), real(0, 0), class=idmap] ../source3/winbindd/idmap.c:154(smb_register_idmap)
  1261. Successfully added idmap backend 'ad'
  1262. [2017/04/25 22:48:39.233993, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:80(smb_register_idmap_nss)
  1263. smb_register_idmap_nss: Successfully added idmap nss backend 'rfc2307'
  1264. [2017/04/25 22:48:39.234010, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:80(smb_register_idmap_nss)
  1265. smb_register_idmap_nss: Successfully added idmap nss backend 'sfu'
  1266. [2017/04/25 22:48:39.234027, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:80(smb_register_idmap_nss)
  1267. smb_register_idmap_nss: Successfully added idmap nss backend 'sfu20'
  1268. [2017/04/25 22:48:39.234046, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:231(nss_init)
  1269. nss_init: using 'rfc2307' as default backend.
  1270. [2017/04/25 22:48:39.234063, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:147(nss_domain_list_add_domain)
  1271. Added domain '(null)' with backend 'rfc2307' to nss_domain_list.
  1272. [2017/04/25 22:48:39.234080, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/winbindd/nss_info.c:147(nss_domain_list_add_domain)
  1273. Added domain 'EDNT' with backend 'rfc2307' to nss_domain_list.
  1274. [2017/04/25 22:48:39.234098, 10, pid=3802, effective(0, 0), real(0, 0), class=idmap] ../source3/winbindd/idmap_ad.c:691(nss_ad_get_info)
  1275. nss_ad_get_info called for sid [S-1-5-21-4001112740-1724199908-163113746-1106] in domain 'EDNT'
  1276. [2017/04/25 22:48:39.234118, 10, pid=3802, effective(0, 0), real(0, 0), class=idmap] ../source3/winbindd/idmap_ad.c:64(ad_idmap_cached_connection)
  1277. ad_idmap_cached_connection: called for domain 'EDNT'
  1278. [2017/04/25 22:48:39.234168, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:212(saf_fetch)
  1279. saf_fetch: Returning "SRV-DC01.ednt.de" for "EDNT" domain
  1280. [2017/04/25 22:48:39.234186, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:169(ads_idmap_cached_connection)
  1281. ldap_server from saf cache: 'SRV-DC01.ednt.de'
  1282. [2017/04/25 22:48:39.234204, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:178(ads_idmap_cached_connection)
  1283. find_domain_from_name found realm 'ednt.de' for domain 'EDNT'
  1284. [2017/04/25 22:48:39.234270, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1285. sitename_fetch: Returning sitename for ednt.de: "Default-First-Site-Name"
  1286. [2017/04/25 22:48:39.234290, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:77(ads_dc_name)
  1287. ads_dc_name: domain=EDNT
  1288. [2017/04/25 22:48:39.234319, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1289. sitename_fetch: Returning sitename for ednt.de: "Default-First-Site-Name"
  1290. [2017/04/25 22:48:39.234336, 6, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:408(ads_find_dc)
  1291. ads_find_dc: (cldap) looking for realm 'ednt.de'
  1292. [2017/04/25 22:48:39.234353, 8, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3320(get_sorted_dc_list)
  1293. get_sorted_dc_list: attempting lookup for name ednt.de (sitename Default-First-Site-Name)
  1294. [2017/04/25 22:48:39.234389, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:212(saf_fetch)
  1295. saf_fetch: Returning "SRV-DC01.ednt.de" for "ednt.de" domain
  1296. [2017/04/25 22:48:39.234410, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3133(get_dc_list)
  1297. get_dc_list: preferred server list: "SRV-DC01.ednt.de, *"
  1298. [2017/04/25 22:48:39.234432, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1299. internal_resolve_name: looking up ednt.de#1c (sitename Default-First-Site-Name)
  1300. [2017/04/25 22:48:39.234479, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1301. name ednt.de#1C found.
  1302. [2017/04/25 22:48:39.234520, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1303. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1304. [2017/04/25 22:48:39.234538, 8, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3154(get_dc_list)
  1305. Adding 1 DC's from auto lookup
  1306. [2017/04/25 22:48:39.234567, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1307. sitename_fetch: Returning sitename for EDNT.DE: "Default-First-Site-Name"
  1308. [2017/04/25 22:48:39.234584, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1309. internal_resolve_name: looking up SRV-DC01.ednt.de#20 (sitename Default-First-Site-Name)
  1310. [2017/04/25 22:48:39.234609, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1311. name SRV-DC01.ednt.de#20 found.
  1312. [2017/04/25 22:48:39.234630, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1313. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1314. [2017/04/25 22:48:39.234658, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1315. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1316. [2017/04/25 22:48:39.234683, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1317. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1318. [2017/04/25 22:48:39.234700, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1319. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1320. [2017/04/25 22:48:39.234719, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3270(get_dc_list)
  1321. get_dc_list: returning 1 ip addresses in an ordered list
  1322. [2017/04/25 22:48:39.234735, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3271(get_dc_list)
  1323. get_dc_list: 192.168.18.130:389
  1324. [2017/04/25 22:48:39.234760, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1325. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1326. [2017/04/25 22:48:39.234779, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:253(ads_try_connect)
  1327. ads_try_connect: sending CLDAP request to 192.168.18.130 (realm: ednt.de)
  1328. [2017/04/25 22:48:39.235872, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1329. &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
  1330. command : LOGON_SAM_LOGON_RESPONSE_EX (23)
  1331. sbz : 0x0000 (0)
  1332. server_type : 0x0000f3fd (62461)
  1333. 1: NBT_SERVER_PDC
  1334. 1: NBT_SERVER_GC
  1335. 1: NBT_SERVER_LDAP
  1336. 1: NBT_SERVER_DS
  1337. 1: NBT_SERVER_KDC
  1338. 1: NBT_SERVER_TIMESERV
  1339. 1: NBT_SERVER_CLOSEST
  1340. 1: NBT_SERVER_WRITABLE
  1341. 1: NBT_SERVER_GOOD_TIMESERV
  1342. 0: NBT_SERVER_NDNC
  1343. 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
  1344. 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
  1345. 1: NBT_SERVER_ADS_WEB_SERVICE
  1346. 0: NBT_SERVER_HAS_DNS_NAME
  1347. 0: NBT_SERVER_IS_DEFAULT_NC
  1348. 0: NBT_SERVER_FOREST_ROOT
  1349. domain_uuid : 1438b128-8674-4c78-ae4f-c96610fdcab1
  1350. forest : 'ednt.de'
  1351. dns_domain : 'ednt.de'
  1352. pdc_dns_name : 'SRV-DC01.ednt.de'
  1353. domain_name : 'EDNT'
  1354. pdc_name : 'SRV-DC01'
  1355. user_name : ''
  1356. server_site : 'Default-First-Site-Name'
  1357. client_site : 'Default-First-Site-Name'
  1358. sockaddr_size : 0x00 (0)
  1359. sockaddr: struct nbt_sockaddr
  1360. sockaddr_family : 0x00000000 (0)
  1361. pdc_ip : (null)
  1362. remaining : DATA_BLOB length=0
  1363. next_closest_site : NULL
  1364. nt_version : 0x00000005 (5)
  1365. 1: NETLOGON_NT_VERSION_1
  1366. 0: NETLOGON_NT_VERSION_5
  1367. 1: NETLOGON_NT_VERSION_5EX
  1368. 0: NETLOGON_NT_VERSION_5EX_WITH_IP
  1369. 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
  1370. 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
  1371. 0: NETLOGON_NT_VERSION_PDC
  1372. 0: NETLOGON_NT_VERSION_IP
  1373. 0: NETLOGON_NT_VERSION_LOCAL
  1374. 0: NETLOGON_NT_VERSION_GC
  1375. lmnt_token : 0xffff (65535)
  1376. lm20_token : 0xffff (65535)
  1377. [2017/04/25 22:48:39.236215, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store)
  1378. sitename_store: realm = [EDNT], sitename = [Default-First-Site-Name], expire = [2147483647]
  1379. [2017/04/25 22:48:39.236244, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  1380. Did not store value for AD_SITENAME/DOMAIN/EDNT, we already got it
  1381. [2017/04/25 22:48:39.236262, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store)
  1382. sitename_store: realm = [ednt.de], sitename = [Default-First-Site-Name], expire = [2147483647]
  1383. [2017/04/25 22:48:39.236285, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  1384. Did not store value for AD_SITENAME/DOMAIN/EDNT.DE, we already got it
  1385. [2017/04/25 22:48:39.236305, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:541(ads_connect)
  1386. Successfully contacted LDAP server 192.168.18.130
  1387. [2017/04/25 22:48:39.236333, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1388. sitename_fetch: Returning sitename for ednt.de: "Default-First-Site-Name"
  1389. [2017/04/25 22:48:39.236354, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:211(ads_closest_dc)
  1390. ads_closest_dc: NBT_SERVER_CLOSEST flag set
  1391. [2017/04/25 22:48:39.236397, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:865(create_local_private_krb5_conf_for_domain)
  1392. create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.EDNT, realm = ednt.de, domain = EDNT
  1393. [2017/04/25 22:48:39.236433, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:212(saf_fetch)
  1394. saf_fetch: Returning "SRV-DC01.ednt.de" for "ednt.de" domain
  1395. [2017/04/25 22:48:39.236451, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3133(get_dc_list)
  1396. get_dc_list: preferred server list: "SRV-DC01.ednt.de, *"
  1397. [2017/04/25 22:48:39.236481, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1398. internal_resolve_name: looking up ednt.de#1c (sitename Default-First-Site-Name)
  1399. [2017/04/25 22:48:39.236505, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1400. name ednt.de#1C found.
  1401. [2017/04/25 22:48:39.236526, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1402. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1403. [2017/04/25 22:48:39.236542, 8, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3154(get_dc_list)
  1404. Adding 1 DC's from auto lookup
  1405. [2017/04/25 22:48:39.236567, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1406. sitename_fetch: Returning sitename for EDNT.DE: "Default-First-Site-Name"
  1407. [2017/04/25 22:48:39.236584, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1408. internal_resolve_name: looking up SRV-DC01.ednt.de#20 (sitename Default-First-Site-Name)
  1409. [2017/04/25 22:48:39.236621, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1410. name SRV-DC01.ednt.de#20 found.
  1411. [2017/04/25 22:48:39.236641, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1412. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1413. [2017/04/25 22:48:39.236666, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1414. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1415. [2017/04/25 22:48:39.236691, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1416. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1417. [2017/04/25 22:48:39.236707, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1418. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1419. [2017/04/25 22:48:39.236724, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3270(get_dc_list)
  1420. get_dc_list: returning 1 ip addresses in an ordered list
  1421. [2017/04/25 22:48:39.236740, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3271(get_dc_list)
  1422. get_dc_list: 192.168.18.130:389
  1423. [2017/04/25 22:48:39.236772, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:212(saf_fetch)
  1424. saf_fetch: Returning "SRV-DC01.ednt.de" for "ednt.de" domain
  1425. [2017/04/25 22:48:39.236792, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3133(get_dc_list)
  1426. get_dc_list: preferred server list: "SRV-DC01.ednt.de, *"
  1427. [2017/04/25 22:48:39.236809, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1428. internal_resolve_name: looking up ednt.de#1c (sitename (null))
  1429. [2017/04/25 22:48:39.236834, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1430. name ednt.de#1C found.
  1431. [2017/04/25 22:48:39.236854, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1432. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1433. [2017/04/25 22:48:39.236870, 8, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3154(get_dc_list)
  1434. Adding 1 DC's from auto lookup
  1435. [2017/04/25 22:48:39.236896, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1436. sitename_fetch: Returning sitename for EDNT.DE: "Default-First-Site-Name"
  1437. [2017/04/25 22:48:39.236913, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1438. internal_resolve_name: looking up SRV-DC01.ednt.de#20 (sitename Default-First-Site-Name)
  1439. [2017/04/25 22:48:39.236937, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1440. name SRV-DC01.ednt.de#20 found.
  1441. [2017/04/25 22:48:39.236957, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1442. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1443. [2017/04/25 22:48:39.236980, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1444. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1445. [2017/04/25 22:48:39.237005, 9, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache)
  1446. check_negative_conn_cache returning result 0 for domain ednt.de server 192.168.18.130
  1447. [2017/04/25 22:48:39.237021, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1448. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1449. [2017/04/25 22:48:39.237038, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3270(get_dc_list)
  1450. get_dc_list: returning 1 ip addresses in an ordered list
  1451. [2017/04/25 22:48:39.237055, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3271(get_dc_list)
  1452. get_dc_list: 192.168.18.130:389
  1453. [2017/04/25 22:48:39.237773, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1454. &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
  1455. command : LOGON_SAM_LOGON_RESPONSE_EX (23)
  1456. sbz : 0x0000 (0)
  1457. server_type : 0x0000f3fd (62461)
  1458. 1: NBT_SERVER_PDC
  1459. 1: NBT_SERVER_GC
  1460. 1: NBT_SERVER_LDAP
  1461. 1: NBT_SERVER_DS
  1462. 1: NBT_SERVER_KDC
  1463. 1: NBT_SERVER_TIMESERV
  1464. 1: NBT_SERVER_CLOSEST
  1465. 1: NBT_SERVER_WRITABLE
  1466. 1: NBT_SERVER_GOOD_TIMESERV
  1467. 0: NBT_SERVER_NDNC
  1468. 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
  1469. 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
  1470. 1: NBT_SERVER_ADS_WEB_SERVICE
  1471. 0: NBT_SERVER_HAS_DNS_NAME
  1472. 0: NBT_SERVER_IS_DEFAULT_NC
  1473. 0: NBT_SERVER_FOREST_ROOT
  1474. domain_uuid : 1438b128-8674-4c78-ae4f-c96610fdcab1
  1475. forest : 'ednt.de'
  1476. dns_domain : 'ednt.de'
  1477. pdc_dns_name : 'SRV-DC01.ednt.de'
  1478. domain_name : 'EDNT'
  1479. pdc_name : 'SRV-DC01'
  1480. user_name : ''
  1481. server_site : 'Default-First-Site-Name'
  1482. client_site : 'Default-First-Site-Name'
  1483. sockaddr_size : 0x00 (0)
  1484. sockaddr: struct nbt_sockaddr
  1485. sockaddr_family : 0x00000000 (0)
  1486. pdc_ip : (null)
  1487. remaining : DATA_BLOB length=0
  1488. next_closest_site : NULL
  1489. nt_version : 0x00000005 (5)
  1490. 1: NETLOGON_NT_VERSION_1
  1491. 0: NETLOGON_NT_VERSION_5
  1492. 1: NETLOGON_NT_VERSION_5EX
  1493. 0: NETLOGON_NT_VERSION_5EX_WITH_IP
  1494. 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
  1495. 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
  1496. 0: NETLOGON_NT_VERSION_PDC
  1497. 0: NETLOGON_NT_VERSION_IP
  1498. 0: NETLOGON_NT_VERSION_LOCAL
  1499. 0: NETLOGON_NT_VERSION_GC
  1500. lmnt_token : 0xffff (65535)
  1501. lm20_token : 0xffff (65535)
  1502. [2017/04/25 22:48:39.238094, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:794(get_kdc_ip_string)
  1503. get_kdc_ip_string: Returning kdc = 192.168.18.130
  1504.  
  1505. [2017/04/25 22:48:39.238182, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:956(create_local_private_krb5_conf_for_domain)
  1506. create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.EDNT with realm EDNT.DE KDC list = kdc = 192.168.18.130
  1507.  
  1508. [2017/04/25 22:48:39.238211, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:151(ads_dc_name)
  1509. ads_dc_name: using server='SRV-DC01.EDNT.DE' IP=192.168.18.130
  1510. [2017/04/25 22:48:39.238241, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch)
  1511. sitename_fetch: Returning sitename for EDNT.DE: "Default-First-Site-Name"
  1512. [2017/04/25 22:48:39.238258, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2628(internal_resolve_name)
  1513. internal_resolve_name: looking up SRV-DC01.ednt.de#20 (sitename Default-First-Site-Name)
  1514. [2017/04/25 22:48:39.238283, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch)
  1515. name SRV-DC01.ednt.de#20 found.
  1516. [2017/04/25 22:48:39.238304, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1140(remove_duplicate_addrs2)
  1517. remove_duplicate_addrs2: looking for duplicate address/port pairs
  1518. [2017/04/25 22:48:39.238322, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:253(ads_try_connect)
  1519. ads_try_connect: sending CLDAP request to 192.168.18.130 (realm: ednt.de)
  1520. [2017/04/25 22:48:39.238932, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1521. &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
  1522. command : LOGON_SAM_LOGON_RESPONSE_EX (23)
  1523. sbz : 0x0000 (0)
  1524. server_type : 0x0000f3fd (62461)
  1525. 1: NBT_SERVER_PDC
  1526. 1: NBT_SERVER_GC
  1527. 1: NBT_SERVER_LDAP
  1528. 1: NBT_SERVER_DS
  1529. 1: NBT_SERVER_KDC
  1530. 1: NBT_SERVER_TIMESERV
  1531. 1: NBT_SERVER_CLOSEST
  1532. 1: NBT_SERVER_WRITABLE
  1533. 1: NBT_SERVER_GOOD_TIMESERV
  1534. 0: NBT_SERVER_NDNC
  1535. 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
  1536. 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
  1537. 1: NBT_SERVER_ADS_WEB_SERVICE
  1538. 0: NBT_SERVER_HAS_DNS_NAME
  1539. 0: NBT_SERVER_IS_DEFAULT_NC
  1540. 0: NBT_SERVER_FOREST_ROOT
  1541. domain_uuid : 1438b128-8674-4c78-ae4f-c96610fdcab1
  1542. forest : 'ednt.de'
  1543. dns_domain : 'ednt.de'
  1544. pdc_dns_name : 'SRV-DC01.ednt.de'
  1545. domain_name : 'EDNT'
  1546. pdc_name : 'SRV-DC01'
  1547. user_name : ''
  1548. server_site : 'Default-First-Site-Name'
  1549. client_site : 'Default-First-Site-Name'
  1550. sockaddr_size : 0x00 (0)
  1551. sockaddr: struct nbt_sockaddr
  1552. sockaddr_family : 0x00000000 (0)
  1553. pdc_ip : (null)
  1554. remaining : DATA_BLOB length=0
  1555. next_closest_site : NULL
  1556. nt_version : 0x00000005 (5)
  1557. 1: NETLOGON_NT_VERSION_1
  1558. 0: NETLOGON_NT_VERSION_5
  1559. 1: NETLOGON_NT_VERSION_5EX
  1560. 0: NETLOGON_NT_VERSION_5EX_WITH_IP
  1561. 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
  1562. 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
  1563. 0: NETLOGON_NT_VERSION_PDC
  1564. 0: NETLOGON_NT_VERSION_IP
  1565. 0: NETLOGON_NT_VERSION_LOCAL
  1566. 0: NETLOGON_NT_VERSION_GC
  1567. lmnt_token : 0xffff (65535)
  1568. lm20_token : 0xffff (65535)
  1569. [2017/04/25 22:48:39.239253, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store)
  1570. sitename_store: realm = [EDNT], sitename = [Default-First-Site-Name], expire = [2147483647]
  1571. [2017/04/25 22:48:39.239279, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  1572. Did not store value for AD_SITENAME/DOMAIN/EDNT, we already got it
  1573. [2017/04/25 22:48:39.239297, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store)
  1574. sitename_store: realm = [ednt.de], sitename = [Default-First-Site-Name], expire = [2147483647]
  1575. [2017/04/25 22:48:39.239321, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  1576. Did not store value for AD_SITENAME/DOMAIN/EDNT.DE, we already got it
  1577. [2017/04/25 22:48:39.239340, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:541(ads_connect)
  1578. Successfully contacted LDAP server 192.168.18.130
  1579. [2017/04/25 22:48:39.239358, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:72(ldap_open_with_timeout)
  1580. Opening connection to LDAP server '192.168.18.130:389', timeout 15 seconds
  1581. [2017/04/25 22:48:39.239458, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:107(ldap_open_with_timeout)
  1582. Initialized connection for LDAP server 'ldap://192.168.18.130:389'
  1583. [2017/04/25 22:48:39.239489, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:584(ads_connect)
  1584. Connected to LDAP server SRV-DC01.ednt.de
  1585. [2017/04/25 22:48:39.239523, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:211(ads_closest_dc)
  1586. ads_closest_dc: NBT_SERVER_CLOSEST flag set
  1587. [2017/04/25 22:48:39.239550, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:87(saf_store)
  1588. saf_store: domain = [EDNT], server = [SRV-DC01.ednt.de], expire = [1493154219]
  1589. [2017/04/25 22:48:39.239575, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  1590. Did not store value for SAF/DOMAIN/EDNT, we already got it
  1591. [2017/04/25 22:48:39.239595, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:87(saf_store)
  1592. saf_store: domain = [ednt.de], server = [SRV-DC01.ednt.de], expire = [1493154219]
  1593. [2017/04/25 22:48:39.239619, 10, pid=3802, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:292(gencache_set_data_blob)
  1594. Did not store value for SAF/DOMAIN/EDNT.DE, we already got it
  1595. [2017/04/25 22:48:39.240928, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:2870(ads_current_time)
  1596. KDC time offset is -1 seconds
  1597. [2017/04/25 22:48:39.241431, 4, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:1082(ads_sasl_bind)
  1598. Found SASL mechanism GSS-SPNEGO
  1599. [2017/04/25 22:48:39.242256, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  1600. ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
  1601. [2017/04/25 22:48:39.242274, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  1602. ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
  1603. [2017/04/25 22:48:39.242290, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  1604. ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
  1605. [2017/04/25 22:48:39.242306, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  1606. ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
  1607. [2017/04/25 22:48:39.242322, 3, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:732(ads_sasl_spnego_bind)
  1608. ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
  1609. [2017/04/25 22:48:39.242593, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  1610. Starting GENSEC mechanism spnego
  1611. [2017/04/25 22:48:39.242642, 5, pid=3802, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:672(gensec_start_mech)
  1612. Starting GENSEC submechanism gse_krb5
  1613. [2017/04/25 22:48:39.257750, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap_schema.c:231(ads_check_posix_schema_mapping)
  1614. ads_check_posix_schema_mapping for schema mode: 3
  1615. [2017/04/25 22:48:39.301264, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
  1616. Search for (|(attributeId=1.3.6.1.1.1.1.0)(attributeId=1.3.6.1.1.1.1.1)(attributeId=1.3.6.1.1.1.1.3)(attributeId=1.3.6.1.1.1.1.4)(attributeId=1.3.6.1.1.1.1.2)(attributeId=0.9.2342.19200300.100.1.1)) in <CN=Schema,CN=Configuration,DC=ednt,DC=de> gave 6 replies
  1617. OID 0.9.2342.19200300.100.1.1 has name: uid
  1618. OID 1.3.6.1.1.1.1.0 has name: uidNumber
  1619. OID 1.3.6.1.1.1.1.1 has name: gidNumber
  1620. OID 1.3.6.1.1.1.1.2 has name: gecos
  1621. OID 1.3.6.1.1.1.1.3 has name: unixHomeDirectory
  1622. OID 1.3.6.1.1.1.1.4 has name: loginShell
  1623. [2017/04/25 22:48:39.301440, 10, pid=3802, effective(0, 0), real(0, 0), class=idmap] ../source3/winbindd/idmap_ad.c:718(nss_ad_get_info)
  1624. nss_ad_get_info: no ads connection given, doing our own query
  1625. [2017/04/25 22:48:39.302493, 5, pid=3802, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
  1626. Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\A4\22\7C\EE\E43\C5f\12\EB\B8\09R\04\00\00) in <dc=EDNT,dc=DE> gave 1 replies
  1627. [2017/04/25 22:48:39.302518, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4886(nss_get_info_cached)
  1628. nss_get_info returned NT_STATUS_OK
  1629. [2017/04/25 22:48:39.302570, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4889(nss_get_info_cached)
  1630. result:
  1631. homedir = '(null)'
  1632. shell = '(null)'
  1633. gecos = '(null)'
  1634. gid = '4294967295'
  1635. [2017/04/25 22:48:39.302660, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4842(wcache_save_user_pwinfo)
  1636. wcache_save_user_pwinfo: S-1-5-21-4001112740-1724199908-163113746-1106
  1637. [2017/04/25 22:48:39.302696, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1638. refresh_sequence_number: EDNT time ok
  1639. [2017/04/25 22:48:39.302713, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1640. refresh_sequence_number: EDNT seq number is now 6043364
  1641. [2017/04/25 22:48:39.302740, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1642. refresh_sequence_number: EDNT time ok
  1643. [2017/04/25 22:48:39.302757, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1644. refresh_sequence_number: EDNT seq number is now 6043364
  1645. [2017/04/25 22:48:39.302794, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
  1646. wcache_save_user: S-1-5-21-4001112740-1724199908-163113746-1106 (acct_name kk)
  1647. [2017/04/25 22:48:39.302817, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1648. wbint_QueryUser: struct wbint_QueryUser
  1649. out: struct wbint_QueryUser
  1650. info : *
  1651. info: struct wbint_userinfo
  1652. acct_name : *
  1653. acct_name : 'kk'
  1654. full_name : NULL
  1655. homedir : NULL
  1656. shell : NULL
  1657. primary_gid : 0x00000000ffffffff (4294967295)
  1658. user_sid : S-1-5-21-4001112740-1724199908-163113746-1106
  1659. group_sid : S-1-5-21-4001112740-1724199908-163113746-513
  1660. result : NT_STATUS_OK
  1661. [2017/04/25 22:48:39.302950, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1662. Finished processing child request 59
  1663. [2017/04/25 22:48:39.302967, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1664. Writing 3596 bytes to parent
  1665. [2017/04/25 22:48:39.306404, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  1666. Need to read 28 extra bytes
  1667. [2017/04/25 22:48:39.306507, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  1668. child daemon request 59
  1669. [2017/04/25 22:48:39.306531, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  1670. child_process_request: request fn NDRCMD
  1671. [2017/04/25 22:48:39.306550, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  1672. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (EDNT)
  1673. [2017/04/25 22:48:39.306580, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1674. wbint_LookupSid: struct wbint_LookupSid
  1675. in: struct wbint_LookupSid
  1676. sid : *
  1677. sid : S-1-5-21-4001112740-1724199908-163113746-513
  1678. [2017/04/25 22:48:39.306656, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1679. refresh_sequence_number: EDNT time ok
  1680. [2017/04/25 22:48:39.306674, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1681. refresh_sequence_number: EDNT seq number is now 6043364
  1682. [2017/04/25 22:48:39.306760, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
  1683. sid_to_name: [Cached] - doing backend query for name for domain EDNT
  1684. [2017/04/25 22:48:39.306789, 3, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:300(msrpc_sid_to_name)
  1685. msrpc_sid_to_name: S-1-5-21-4001112740-1724199908-163113746-513 for domain EDNT
  1686. [2017/04/25 22:48:39.306809, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2666(cm_connect_lsa_tcp)
  1687. cm_connect_lsa_tcp
  1688. [2017/04/25 22:48:39.306838, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
  1689. rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
  1690. [2017/04/25 22:48:39.306890, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1691. lsa_LookupSids3: struct lsa_LookupSids3
  1692. in: struct lsa_LookupSids3
  1693. sids : *
  1694. sids: struct lsa_SidArray
  1695. num_sids : 0x00000001 (1)
  1696. sids : *
  1697. sids: ARRAY(1)
  1698. sids: struct lsa_SidPtr
  1699. sid : *
  1700. sid : S-1-5-21-4001112740-1724199908-163113746-513
  1701. names : *
  1702. names: struct lsa_TransNameArray2
  1703. count : 0x00000000 (0)
  1704. names : NULL
  1705. level : LSA_LOOKUP_NAMES_ALL (1)
  1706. count : *
  1707. count : 0x00000000 (0)
  1708. lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
  1709. client_revision : LSA_CLIENT_REVISION_2 (2)
  1710. [2017/04/25 22:48:39.307070, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1711. &r: struct ncacn_packet
  1712. rpc_vers : 0x05 (5)
  1713. rpc_vers_minor : 0x00 (0)
  1714. ptype : DCERPC_PKT_REQUEST (0)
  1715. pfc_flags : 0x03 (3)
  1716. 1: DCERPC_PFC_FLAG_FIRST
  1717. 1: DCERPC_PFC_FLAG_LAST
  1718. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  1719. 0: DCERPC_PFC_FLAG_CONC_MPX
  1720. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  1721. 0: DCERPC_PFC_FLAG_MAYBE
  1722. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  1723. drep: ARRAY(4)
  1724. [0] : 0x10 (16)
  1725. [1] : 0x00 (0)
  1726. [2] : 0x00 (0)
  1727. [3] : 0x00 (0)
  1728. frag_length : 0x0018 (24)
  1729. auth_length : 0x0038 (56)
  1730. call_id : 0x00000011 (17)
  1731. u : union dcerpc_payload(case 0)
  1732. request: struct dcerpc_request
  1733. alloc_hint : 0x00000048 (72)
  1734. context_id : 0x0000 (0)
  1735. opnum : 0x004c (76)
  1736. object : union dcerpc_object(case 0)
  1737. empty: struct dcerpc_empty
  1738. _pad : DATA_BLOB length=0
  1739. stub_and_verifier : DATA_BLOB length=0
  1740. [2017/04/25 22:48:39.307282, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1741. &r: struct dcerpc_auth
  1742. auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
  1743. auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
  1744. auth_pad_length : 0x08 (8)
  1745. auth_reserved : 0x00 (0)
  1746. auth_context_id : 0x00000001 (1)
  1747. credentials : DATA_BLOB length=0
  1748. [2017/04/25 22:48:39.307401, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:826(rpc_api_pipe_send)
  1749. rpc_api_pipe: host SRV-DC01.ednt.de
  1750. [2017/04/25 22:48:39.307422, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:178(rpc_write_send)
  1751. rpc_write_send: data_to_write: 168
  1752. [2017/04/25 22:48:39.308826, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:98(rpc_read_send)
  1753. rpc_read_send: data_to_read: 248
  1754. [2017/04/25 22:48:39.308894, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1755. r: struct ncacn_packet
  1756. rpc_vers : 0x05 (5)
  1757. rpc_vers_minor : 0x00 (0)
  1758. ptype : DCERPC_PKT_RESPONSE (2)
  1759. pfc_flags : 0x03 (3)
  1760. 1: DCERPC_PFC_FLAG_FIRST
  1761. 1: DCERPC_PFC_FLAG_LAST
  1762. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  1763. 0: DCERPC_PFC_FLAG_CONC_MPX
  1764. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  1765. 0: DCERPC_PFC_FLAG_MAYBE
  1766. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  1767. drep: ARRAY(4)
  1768. [0] : 0x10 (16)
  1769. [1] : 0x00 (0)
  1770. [2] : 0x00 (0)
  1771. [3] : 0x00 (0)
  1772. frag_length : 0x0108 (264)
  1773. auth_length : 0x0038 (56)
  1774. call_id : 0x00000011 (17)
  1775. u : union dcerpc_payload(case 2)
  1776. response: struct dcerpc_response
  1777. alloc_hint : 0x000000a4 (164)
  1778. context_id : 0x0000 (0)
  1779. cancel_count : 0x00 (0)
  1780. _pad : DATA_BLOB length=1
  1781. [0000] 00 .
  1782. stub_and_verifier : DATA_BLOB length=240
  1783. [0000] A0 ED FC 1A BE 41 4B 5B DB F2 72 B0 A9 36 DA 46 .....AK[ ..r..6.F
  1784. [0010] F2 6E 8A 93 71 21 3D EF 55 5A DA CD 35 10 61 7D .n..q!=. UZ..5.a}
  1785. [0020] 8E 05 A4 0B E2 A1 15 F2 A4 A3 2E F0 59 0C 49 43 ........ ....Y.IC
  1786. [0030] 97 FF 3D F6 79 44 C3 30 F5 C0 2E D4 04 8D 62 6A ..=.yD.0 ......bj
  1787. [0040] 09 4B 66 5B FA 6A 39 BA 4E FD 17 D9 FF 2C 83 CF .Kf[.j9. N....,..
  1788. [0050] 2F E6 BC A2 51 1D E5 8F 1B C2 59 B0 75 D0 F5 82 /...Q... ..Y.u...
  1789. [0060] 9D B4 52 16 CE 7F EF 97 23 A5 E5 6A CC 68 43 47 ..R..... #..j.hCG
  1790. [0070] D5 97 4A FC 32 3C A8 AF 77 A0 86 89 AA 34 85 E1 ..J.2<.. w....4..
  1791. [0080] C0 EA 7E CD AB D9 AE 2F AF A5 F6 06 9C A0 EA 3B ..~..../ .......;
  1792. [0090] 05 B7 20 72 FC A9 C5 D4 93 29 05 0B 93 66 E3 DA .. r.... .)...f..
  1793. [00A0] E3 9D 74 02 DB 4E 4D 14 43 A7 ED 14 B2 59 3B 82 ..t..NM. C....Y;.
  1794. [00B0] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........
  1795. [00C0] 35 E7 61 42 EA B3 52 E2 47 19 B2 4A C4 02 33 B7 5.aB..R. G..J..3.
  1796. [00D0] F0 C2 29 6F E3 21 14 71 89 37 E3 7D C3 F3 64 97 ..)o.!.q .7.}..d.
  1797. [00E0] CD 40 8E F3 73 CB 4F 6A 3A 65 91 D9 05 69 3A 2B .@..s.Oj :e...i:+
  1798. [2017/04/25 22:48:39.309510, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
  1799. Requested Privacy.
  1800. [2017/04/25 22:48:39.309530, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
  1801. GENSEC auth
  1802. [2017/04/25 22:48:39.309642, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:525(cli_pipe_validate_current_pdu)
  1803. Got pdu len 264, data_len 164
  1804. [2017/04/25 22:48:39.309662, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  1805. rpc_api_pipe: got frag len of 264 at offset 0: NT_STATUS_OK
  1806. [2017/04/25 22:48:39.309700, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
  1807. rpc_api_pipe: host SRV-DC01.ednt.de returned 164 bytes.
  1808. [2017/04/25 22:48:39.309742, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1809. lsa_LookupSids3: struct lsa_LookupSids3
  1810. out: struct lsa_LookupSids3
  1811. domains : *
  1812. domains : *
  1813. domains: struct lsa_RefDomainList
  1814. count : 0x00000001 (1)
  1815. domains : *
  1816. domains: ARRAY(1)
  1817. domains: struct lsa_DomainInfo
  1818. name: struct lsa_StringLarge
  1819. length : 0x0008 (8)
  1820. size : 0x000a (10)
  1821. string : *
  1822. string : 'EDNT'
  1823. sid : *
  1824. sid : S-1-5-21-4001112740-1724199908-163113746
  1825. max_size : 0x00000020 (32)
  1826. names : *
  1827. names: struct lsa_TransNameArray2
  1828. count : 0x00000001 (1)
  1829. names : *
  1830. names: ARRAY(1)
  1831. names: struct lsa_TranslatedName2
  1832. sid_type : SID_NAME_DOM_GRP (2)
  1833. name: struct lsa_String
  1834. length : 0x0020 (32)
  1835. size : 0x0020 (32)
  1836. string : *
  1837. string : 'Domänen-Benutzer'
  1838. sid_index : 0x00000000 (0)
  1839. unknown : 0x00000000 (0)
  1840. count : *
  1841. count : 0x00000001 (1)
  1842. result : NT_STATUS_OK
  1843. [2017/04/25 22:48:39.310021, 10, pid=3802, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
  1844. LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
  1845. [2017/04/25 22:48:39.310043, 5, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:320(msrpc_sid_to_name)
  1846. Mapped sid to [EDNT]\[Domänen-Benutzer]
  1847. [2017/04/25 22:48:39.310069, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1848. refresh_sequence_number: EDNT time ok
  1849. [2017/04/25 22:48:39.310086, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1850. refresh_sequence_number: EDNT seq number is now 6043364
  1851. [2017/04/25 22:48:39.310138, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  1852. wcache_save_sid_to_name: S-1-5-21-4001112740-1724199908-163113746-513 -> EDNT\Domänen-Benutzer (NT_STATUS_OK)
  1853. [2017/04/25 22:48:39.310158, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1854. wbint_LookupSid: struct wbint_LookupSid
  1855. out: struct wbint_LookupSid
  1856. type : *
  1857. type : SID_NAME_DOM_GRP (2)
  1858. domain : *
  1859. domain : *
  1860. domain : 'EDNT'
  1861. name : *
  1862. name : *
  1863. name : 'Domänen-Benutzer'
  1864. result : NT_STATUS_OK
  1865. [2017/04/25 22:48:39.310272, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1866. Finished processing child request 59
  1867. [2017/04/25 22:48:39.310290, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1868. Writing 3564 bytes to parent
  1869. [2017/04/25 22:48:47.360549, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  1870. Need to read 40 extra bytes
  1871. [2017/04/25 22:48:47.360606, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  1872. child daemon request 59
  1873. [2017/04/25 22:48:47.360627, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  1874. child_process_request: request fn NDRCMD
  1875. [2017/04/25 22:48:47.360645, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  1876. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (EDNT)
  1877. [2017/04/25 22:48:47.360677, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1878. wbint_LookupName: struct wbint_LookupName
  1879. in: struct wbint_LookupName
  1880. domain : *
  1881. domain : 'EDNT'
  1882. name : *
  1883. name : '*'
  1884. flags : 0x00000008 (8)
  1885. [2017/04/25 22:48:47.360745, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1886. refresh_sequence_number: EDNT time ok
  1887. [2017/04/25 22:48:47.360762, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1888. refresh_sequence_number: EDNT seq number is now 6043364
  1889. [2017/04/25 22:48:47.360790, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1873(name_to_sid)
  1890. name_to_sid: [Cached] - doing backend query for name for domain EDNT
  1891. [2017/04/25 22:48:47.360810, 3, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid)
  1892. msrpc_name_to_sid: name=EDNT\*
  1893. [2017/04/25 22:48:47.360828, 3, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid)
  1894. name_to_sid [rpc] EDNT\* for domain EDNT
  1895. [2017/04/25 22:48:47.360846, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2666(cm_connect_lsa_tcp)
  1896. cm_connect_lsa_tcp
  1897. [2017/04/25 22:48:47.360892, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1898. lsa_LookupNames4: struct lsa_LookupNames4
  1899. in: struct lsa_LookupNames4
  1900. num_names : 0x00000001 (1)
  1901. names: ARRAY(1)
  1902. names: struct lsa_String
  1903. length : 0x000c (12)
  1904. size : 0x000c (12)
  1905. string : *
  1906. string : 'EDNT\*'
  1907. sids : *
  1908. sids: struct lsa_TransSidArray3
  1909. count : 0x00000000 (0)
  1910. sids : NULL
  1911. level : LSA_LOOKUP_NAMES_ALL (1)
  1912. count : *
  1913. count : 0x00000000 (0)
  1914. lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
  1915. client_revision : LSA_CLIENT_REVISION_2 (2)
  1916. [2017/04/25 22:48:47.361051, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1917. &r: struct ncacn_packet
  1918. rpc_vers : 0x05 (5)
  1919. rpc_vers_minor : 0x00 (0)
  1920. ptype : DCERPC_PKT_REQUEST (0)
  1921. pfc_flags : 0x03 (3)
  1922. 1: DCERPC_PFC_FLAG_FIRST
  1923. 1: DCERPC_PFC_FLAG_LAST
  1924. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  1925. 0: DCERPC_PFC_FLAG_CONC_MPX
  1926. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  1927. 0: DCERPC_PFC_FLAG_MAYBE
  1928. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  1929. drep: ARRAY(4)
  1930. [0] : 0x10 (16)
  1931. [1] : 0x00 (0)
  1932. [2] : 0x00 (0)
  1933. [3] : 0x00 (0)
  1934. frag_length : 0x0018 (24)
  1935. auth_length : 0x0038 (56)
  1936. call_id : 0x00000012 (18)
  1937. u : union dcerpc_payload(case 0)
  1938. request: struct dcerpc_request
  1939. alloc_hint : 0x00000040 (64)
  1940. context_id : 0x0000 (0)
  1941. opnum : 0x004d (77)
  1942. object : union dcerpc_object(case 0)
  1943. empty: struct dcerpc_empty
  1944. _pad : DATA_BLOB length=0
  1945. stub_and_verifier : DATA_BLOB length=0
  1946. [2017/04/25 22:48:47.361269, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1947. &r: struct dcerpc_auth
  1948. auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
  1949. auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
  1950. auth_pad_length : 0x00 (0)
  1951. auth_reserved : 0x00 (0)
  1952. auth_context_id : 0x00000001 (1)
  1953. credentials : DATA_BLOB length=0
  1954. [2017/04/25 22:48:47.361369, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:826(rpc_api_pipe_send)
  1955. rpc_api_pipe: host SRV-DC01.ednt.de
  1956. [2017/04/25 22:48:47.361390, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:178(rpc_write_send)
  1957. rpc_write_send: data_to_write: 152
  1958. [2017/04/25 22:48:47.380033, 5, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:98(rpc_read_send)
  1959. rpc_read_send: data_to_read: 200
  1960. [2017/04/25 22:48:47.380086, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug)
  1961. r: struct ncacn_packet
  1962. rpc_vers : 0x05 (5)
  1963. rpc_vers_minor : 0x00 (0)
  1964. ptype : DCERPC_PKT_RESPONSE (2)
  1965. pfc_flags : 0x03 (3)
  1966. 1: DCERPC_PFC_FLAG_FIRST
  1967. 1: DCERPC_PFC_FLAG_LAST
  1968. 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
  1969. 0: DCERPC_PFC_FLAG_CONC_MPX
  1970. 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
  1971. 0: DCERPC_PFC_FLAG_MAYBE
  1972. 0: DCERPC_PFC_FLAG_OBJECT_UUID
  1973. drep: ARRAY(4)
  1974. [0] : 0x10 (16)
  1975. [1] : 0x00 (0)
  1976. [2] : 0x00 (0)
  1977. [3] : 0x00 (0)
  1978. frag_length : 0x00d8 (216)
  1979. auth_length : 0x0038 (56)
  1980. call_id : 0x00000012 (18)
  1981. u : union dcerpc_payload(case 2)
  1982. response: struct dcerpc_response
  1983. alloc_hint : 0x00000074 (116)
  1984. context_id : 0x0000 (0)
  1985. cancel_count : 0x00 (0)
  1986. _pad : DATA_BLOB length=1
  1987. [0000] 00 .
  1988. stub_and_verifier : DATA_BLOB length=192
  1989. [0000] 0B 00 6F A8 ED 46 2E CF 0F A5 56 92 8B 5B 4E 1D ..o..F.. ..V..[N.
  1990. [0010] B3 D7 2E 15 F6 F2 39 24 D0 96 3A A7 A3 4D EB 98 ......9$ ..:..M..
  1991. [0020] 00 99 4F D7 AE C6 16 54 52 DE E5 AD CD B5 51 A8 ..O....T R.....Q.
  1992. [0030] B4 28 88 7B 02 D8 03 93 6F 59 52 93 FB 09 AF B9 .(.{.... oYR.....
  1993. [0040] 46 9D E9 E8 9C 56 84 B6 89 3C 6C 5F C3 A1 4F C4 F....V.. .<l_..O.
  1994. [0050] 1E 6C EE A9 3F 19 2D 73 85 30 C4 43 6C CB DC A9 .l..?.-s .0.Cl...
  1995. [0060] 09 3B 9A 34 6C 05 61 BF 86 B5 F9 07 0B C3 0B B5 .;.4l.a. ........
  1996. [0070] C0 AE DA C1 10 9D 9A 6E DF 07 D3 C6 E2 73 04 86 .......n .....s..
  1997. [0080] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........
  1998. [0090] 1F DF 7F 97 B2 4B 5C 12 1D 04 25 9D A4 09 DB AA .....K\. ..%.....
  1999. [00A0] B7 C0 AB 5B C6 3D 14 18 43 A7 ED 14 B2 59 3B 82 ...[.=.. C....Y;.
  2000. [00B0] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........
  2001. [2017/04/25 22:48:47.380663, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth)
  2002. Requested Privacy.
  2003. [2017/04/25 22:48:47.380683, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth)
  2004. GENSEC auth
  2005. [2017/04/25 22:48:47.380746, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:525(cli_pipe_validate_current_pdu)
  2006. Got pdu len 216, data_len 116
  2007. [2017/04/25 22:48:47.380764, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  2008. rpc_api_pipe: got frag len of 216 at offset 0: NT_STATUS_OK
  2009. [2017/04/25 22:48:47.380783, 10, pid=3802, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
  2010. rpc_api_pipe: host SRV-DC01.ednt.de returned 116 bytes.
  2011. [2017/04/25 22:48:47.380822, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  2012. lsa_LookupNames4: struct lsa_LookupNames4
  2013. out: struct lsa_LookupNames4
  2014. domains : *
  2015. domains : *
  2016. domains: struct lsa_RefDomainList
  2017. count : 0x00000001 (1)
  2018. domains : *
  2019. domains: ARRAY(1)
  2020. domains: struct lsa_DomainInfo
  2021. name: struct lsa_StringLarge
  2022. length : 0x0008 (8)
  2023. size : 0x000a (10)
  2024. string : *
  2025. string : 'EDNT'
  2026. sid : *
  2027. sid : S-1-5-21-4001112740-1724199908-163113746
  2028. max_size : 0x00000020 (32)
  2029. sids : *
  2030. sids: struct lsa_TransSidArray3
  2031. count : 0x00000001 (1)
  2032. sids : *
  2033. sids: ARRAY(1)
  2034. sids: struct lsa_TranslatedSid3
  2035. sid_type : SID_NAME_UNKNOWN (8)
  2036. sid : NULL
  2037. sid_index : 0x00000000 (0)
  2038. flags : 0x00000000 (0)
  2039. count : *
  2040. count : 0x00000000 (0)
  2041. result : NT_STATUS_NONE_MAPPED
  2042. [2017/04/25 22:48:47.381086, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  2043. refresh_sequence_number: EDNT time ok
  2044. [2017/04/25 22:48:47.381104, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  2045. refresh_sequence_number: EDNT seq number is now 6043364
  2046. [2017/04/25 22:48:47.381167, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:965(wcache_save_name_to_sid)
  2047. wcache_save_name_to_sid: EDNT\* -> S-0-0 (NT_STATUS_NONE_MAPPED)
  2048. [2017/04/25 22:48:47.381204, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  2049. wcache_save_sid_to_name: S-0-0 -> EDNT\* (NT_STATUS_NONE_MAPPED)
  2050. [2017/04/25 22:48:47.381223, 1, pid=3802, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  2051. wbint_LookupName: struct wbint_LookupName
  2052. out: struct wbint_LookupName
  2053. type : *
  2054. type : SID_NAME_USE_NONE (0)
  2055. sid : *
  2056. sid : S-0-0
  2057. result : NT_STATUS_NONE_MAPPED
  2058. [2017/04/25 22:48:47.381289, 4, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  2059. Finished processing child request 59
  2060. [2017/04/25 22:48:47.381306, 10, pid=3802, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  2061. Writing 3512 bytes to parent
  2062. root@fs2:/var/log/samba#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!