Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a 2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd to authenticate with a Windows 2008 Domain Server" found on the sssd website on fedorahosted.org. Here is the link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20...
I'm at the step where I run kinit -k CLIENT$@AD.EXAMPLE.COM. Unfortunately it's not working for me. When I run the command on the client I get this: kinit: Client not found in Kerberos database while getting initial credentials The Windows server is running Windows 2008 R2, for forest functional level I selected 2008 R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
I had a similar problem a while back, and I even mailed the list for help. In that case however, I was able to get things to work by simply re-running the setspn and ktpass commands. However, that workaround is not fixing the issue this time.
Any help would be greatly appreciated. Bryan
On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a 2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd to authenticate with a Windows 2008 Domain Server" found on the sssd website on fedorahosted.org. Here is the link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20...
I'm at the step where I run kinit -k CLIENT$@AD.EXAMPLE.COM. Unfortunately it's not working for me. When I run the command on the client I get this: kinit: Client not found in Kerberos database while getting initial credentials The Windows server is running Windows 2008 R2, for forest functional level I selected 2008 R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
HTH
bye, Sumit
I had a similar problem a while back, and I even mailed the list for help. In that case however, I was able to get things to work by simply re-running the setspn and ktpass commands. However, that workaround is not fixing the issue this time.
Any help would be greatly appreciated. Bryan
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote:
On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a 2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd to authenticate with a Windows 2008 Domain Server" found on the sssd website on fedorahosted.org. Here is the link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20...
I'm at the step where I run kinit -k CLIENT$@AD.EXAMPLE.COM. Unfortunately it's not working for me. When I run the command on the client I get this: kinit: Client not found in Kerberos database while getting initial credentials The Windows server is running Windows 2008 R2, for forest functional level I selected 2008 R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended.
On Wed, 18 Dec 2013, Jakub Hrozek wrote:
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended.
I couldn't agree more with this. Unless you're making keytabs that are sufficiently interesting that samba or realmd can't make them, you really don't want to complicate matters by getting your hands dirty.
It's much easier using samba to do it, significantly faster, and it's less prone to error. They also work exactly the same if you have domain join but not domain administrator rights. Done with samba or realmd, it's a single line in my kickstart to join the machine to the domain and generate the keytab, and I know it's right everytime it happens.
jh
Hi Josh,
Thanks for your reply. It sounds like I should use Samba to do this step. I did give it a try and posted my results, see my reply to Jakub. Bryan
On Dec 18, 2013, at 03:41 AM, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
On Wed, 18 Dec 2013, Jakub Hrozek wrote:
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended.
I couldn't agree more with this. Unless you're making keytabs that are sufficiently interesting that samba or realmd can't make them, you really don't want to complicate matters by getting your hands dirty.
It's much easier using samba to do it, significantly faster, and it's less prone to error. They also work exactly the same if you have domain join but not domain administrator rights. Done with samba or realmd, it's a single line in my kickstart to join the machine to the domain and generate the keytab, and I know it's right everytime it happens.
jh _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You also do not need to have UPN set up for this to work. Save UPN for some service which really needs it (like rpc.gssd). This kind of error usually signals problem in DNS/reverse dns resolution of the client. Ondrej
________________________________________ From: sssd-users-bounces@lists.fedorahosted.org [sssd-users-bounces@lists.fedorahosted.org] on behalf of Jakub Hrozek [jhrozek@redhat.com] Sent: Wednesday, December 18, 2013 10:35 AM To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] kinit: Client not found in Kerberos database
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote:
On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a 2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd to authenticate with a Windows 2008 Domain Server" found on the sssd website on fedorahosted.org. Here is the link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20...
I'm at the step where I run kinit -k CLIENT$@AD.EXAMPLE.COM. Unfortunately it's not working for me. When I run the command on the client I get this: kinit: Client not found in Kerberos database while getting initial credentials The Windows server is running Windows 2008 R2, for forest functional level I selected 2008 R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hello Ondrej,
Can you let me know if the below commands are correct regarding the UPN? I don't see the UPN in there anywhere but perhaps it's related to one of the other arguments?
client = linux Debian server = AD windows
setspn -A host/client.domain.local@DOMAIN.LOCAL client setspn -L client ktpass /princ host/client.domain.local@DOMAIN.LOCAL /out c:\client-host.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -desonly /mapuser DOMAIN\client$ /pass *
I will try to explain the DNS as exactly as I can. The AD server has NIC1 as a public IP and NIC2 as management IP. We are required to use NIC1 for all communication because it goes through a vGW firewall, and NIC2 is not supposed to be used except from inside the company for management. In my resolv.conf I have placed the NIC1 public ip address, and resolution is working AFAICS.
Here is a sanitized example of a service record lookup. I can do public name resolution such as "host google.com" and get an answer.
root@client:/var/log/sssd# host -t srv _kerberos._tcp.domain.local _kerberos._tcp.domain.local has SRV record 0 100 88 server.domain.local.
On Dec 18, 2013, at 03:45 AM, Ondrej Valousek ovalousek@vendavo.com wrote:
You also do not need to have UPN set up for this to work. Save UPN for some service which really needs it (like rpc.gssd). This kind of error usually signals problem in DNS/reverse dns resolution of the client. Ondrej
Bryan
Hi Jakub,
On Dec 18, 2013, at 03:35 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote: On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended. When I try using the commands from the guide for using Samba, this is the output I receive for doing with -U Administrator (see below for -k method).
net ads join -U Administrator Enter Administrator's password: [2013/12/18 16:35:48.221674, 0] libads/sasl.c:821(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials
When I try using the -k method, this is the output.
kinit administrator Password for administrator@DOMAIN.LOCAL: root@client:/var/log/sssd# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@DOMAIN.LOCAL
Valid starting Expires Service principal 12/18/13 16:34:33 12/19/13 02:34:34 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 16:34:33 root@client:/var/log/sssd# net ads join -k Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over rpc: Logon failure
Any ideas? Do you think it means I have a firewall problem? It lets me have a kerberos ticket at least, I guess that's good?
Bryan
On Wed, Dec 18, 2013 at 10:38:39PM +0000, Bryan Harris wrote:
Hi Jakub,
On Dec 18, 2013, at 03:35 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote: On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended. When I try using the commands from the guide for using Samba, this is the output I receive for doing with -U Administrator (see below for -k method).
net ads join -U Administrator Enter Administrator's password: [2013/12/18 16:35:48.221674, 0] libads/sasl.c:821(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials
When I try using the -k method, this is the output.
kinit administrator Password for administrator@DOMAIN.LOCAL: root@client:/var/log/sssd# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@DOMAIN.LOCAL
Valid starting Expires Service principal 12/18/13 16:34:33 12/19/13 02:34:34 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 16:34:33 root@client:/var/log/sssd# net ads join -k Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over rpc: Logon failure
Any ideas? Do you think it means I have a firewall problem? It lets me have a kerberos ticket at least, I guess that's good?
Bryan
Sorry, this is out of my domain of expertise. Maybe passing the -d parameter to net ads would reveal some more info?
Or perhaps some of the Samba developers lurking on this list could help..
On Thu, Dec 19, 2013 at 07:30:54PM +0100, Jakub Hrozek wrote:
On Wed, Dec 18, 2013 at 10:38:39PM +0000, Bryan Harris wrote:
Hi Jakub,
On Dec 18, 2013, at 03:35 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote: On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended. When I try using the commands from the guide for using Samba, this is the output I receive for doing with -U Administrator (see below for -k method).
net ads join -U Administrator Enter Administrator's password: [2013/12/18 16:35:48.221674, 0] libads/sasl.c:821(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials
When I try using the -k method, this is the output.
kinit administrator Password for administrator@DOMAIN.LOCAL: root@client:/var/log/sssd# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@DOMAIN.LOCAL
Valid starting Expires Service principal 12/18/13 16:34:33 12/19/13 02:34:34 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 16:34:33 root@client:/var/log/sssd# net ads join -k Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over rpc: Logon failure
Any ideas? Do you think it means I have a firewall problem? It lets me have a kerberos ticket at least, I guess that's good?
You can run the net ads command with '-d 255' to get a full debug output. This might help to see where the issue is.
bye, Sumit
Bryan
Sorry, this is out of my domain of expertise. Maybe passing the -d parameter to net ads would reveal some more info?
Or perhaps some of the Samba developers lurking on this list could help.. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi Sumit,
I put the sanitized output below because it's so much.
One quick question, does it matter that kerberos is trying to use the management interface? Does it matter that it is trying over ipv6? We only use ipv4 at my company AFAIK. I think ipv6 is set to auto-configure (or whatever it's called).
On Dec 19, 2013, at 01:26 PM, Sumit Bose sbose@redhat.com wrote:
On Thu, Dec 19, 2013 at 07:30:54PM +0100, Jakub Hrozek wrote: On Wed, Dec 18, 2013 at 10:38:39PM +0000, Bryan Harris wrote:
On Dec 18, 2013, at 03:35 AM, Jakub Hrozek jhrozek@redhat.com wrote: On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote: On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without.
btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended. When I try using the commands from the guide for using Samba, this is the output I receive for doing with -U Administrator (see below for -k method).
net ads join -U Administrator Enter Administrator's password: [2013/12/18 16:35:48.221674, 0] libads/sasl.c:821(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials
When I try using the -k method, this is the output.
kinit administrator Password for administrator@DOMAIN.LOCAL: root@client:/var/log/sssd# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@DOMAIN.LOCAL
Valid starting Expires Service principal 12/18/13 16:34:33 12/19/13 02:34:34 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 16:34:33 root@client:/var/log/sssd# net ads join -k Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over rpc: Logon failure
Any ideas? Do you think it means I have a firewall problem? It lets me have a kerberos ticket at least, I guess that's good?
You can run the net ads command with '-d 255' to get a full debug output. This might help to see where the issue is. Thanks for your help. Here is the command for net ads join with the -d 255 and the resulting output.
net ads join -d 255 -U Administrator >& /home/bryan/bryan1.log Password: (I type the password here)
[2013/12/20 16:30:43, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/255 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2013/12/20 16:30:43, 3] param/loadparm.c:9158(lp_load_ex) lp_load_ex: refreshing parameters [2013/12/20 16:30:43, 3] param/loadparm.c:4929(init_globals) Initialising global parameters [2013/12/20 16:30:43, 2] param/loadparm.c:4788(max_open_files) rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) [2013/12/20 16:30:43.705561, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2013/12/20 16:30:43.705588, 3] param/loadparm.c:7842(do_section) Processing section "[global]" doing parameter workgroup = domain doing parameter client signing = yes doing parameter client use spnego = yes doing parameter kerberos method = secrets and keytab doing parameter log file = /var/log/samba/%m.log doing parameter password server = domain.local doing parameter realm = domain.local doing parameter security = ads [2013/12/20 16:30:43.705683, 4] param/loadparm.c:9193(lp_load_ex) pm_process() returned Yes [2013/12/20 16:30:43.705702, 7] param/loadparm.c:9399(lp_servicenumber) lp_servicenumber: couldn't find homes [2013/12/20 16:30:43.705720, 10] param/loadparm.c:8403(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2013/12/20 16:30:43.705736, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UCS-2LE [2013/12/20 16:30:43.705750, 5] lib/iconv.c:112(smb_register_charset) Registered charset UCS-2LE [2013/12/20 16:30:43.705762, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF-16LE [2013/12/20 16:30:43.705777, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF-16LE [2013/12/20 16:30:43.705789, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UCS-2BE [2013/12/20 16:30:43.705805, 5] lib/iconv.c:112(smb_register_charset) Registered charset UCS-2BE [2013/12/20 16:30:43.705817, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF-16BE [2013/12/20 16:30:43.705828, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF-16BE [2013/12/20 16:30:43.705839, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF8 [2013/12/20 16:30:43.705850, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF8 [2013/12/20 16:30:43.705861, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF-8 [2013/12/20 16:30:43.705873, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF-8 [2013/12/20 16:30:43.705884, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset ASCII [2013/12/20 16:30:43.705897, 5] lib/iconv.c:112(smb_register_charset) Registered charset ASCII [2013/12/20 16:30:43.705908, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset 646 [2013/12/20 16:30:43.705921, 5] lib/iconv.c:112(smb_register_charset) Registered charset 646 [2013/12/20 16:30:43.705932, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset ISO-8859-1 [2013/12/20 16:30:43.705944, 5] lib/iconv.c:112(smb_register_charset) Registered charset ISO-8859-1 [2013/12/20 16:30:43.705955, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UCS2-HEX [2013/12/20 16:30:43.705966, 5] lib/iconv.c:112(smb_register_charset) Registered charset UCS2-HEX [2013/12/20 16:30:43.705995, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706198, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706239, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706272, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706291, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706309, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706327, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706359, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706380, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706399, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706439, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706484, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706519, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706548, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:43.706605, 5] lib/util.c:276(init_names) Netbios name list:- my_netbios_names[0]="client" [2013/12/20 16:30:43.706727, 2] lib/interface.c:340(add_interface) added interface eth0 ip=xxxx::250:xxxx:xxxx:xxxx%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2013/12/20 16:30:43.706835, 2] lib/interface.c:340(add_interface) added interface eth1 ip=xxxx::250:xxxx:xxxx:xxxx%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: [2013/12/20 16:30:43.706869, 2] lib/interface.c:340(add_interface) added interface eth0 ip=CLIENT-IP-ADDRESS bcast=CLIENT-IP-ADDRESS.255 netmask=255.255.255.128 [2013/12/20 16:30:43.706887, 2] lib/interface.c:340(add_interface) added interface eth1 ip=10.1.171.2 bcast=10.1.171.255 netmask=255.255.252.0 [2013/12/20 16:30:45.844246, 1] libnet/libnet_join.c:1963(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'client' domain_name : * domain_name : 'domain.local' account_ou : NULL admin_account : 'Administrator' admin_password : * machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2013/12/20 16:30:45.844505, 10] libsmb/dsgetdcname.c:1132(dsgetdcname) dsgetdcname: domain_name: domain.local, domain_guid: (null), site_name: (null), flags: 0x40001011 [2013/12/20 16:30:45.844529, 10] libsmb/dsgetdcname.c:46(debug_dsdcinfo_flags) debug_dsdcinfo_flags: 0x40001011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME [2013/12/20 16:30:45.844587, 5] lib/gencache.c:65(gencache_init) Opening cache file at /var/run/samba/gencache.tdb [2013/12/20 16:30:45.844657, 5] lib/gencache.c:108(gencache_init) Opening cache file at /var/run/samba/gencache_notrans.tdb [2013/12/20 16:30:45.844786, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/domain.local, value = Default-First-Site-Name, timeout = Mon Jan 18 21:14:07 2038 [2013/12/20 16:30:45.844863, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for domain.local: "Default-First-Site-Name" [2013/12/20 16:30:45.844878, 10] libsmb/dsgetdcname.c:1045(dsgetdcname_rediscover) dsgetdcname_rediscover [2013/12/20 16:30:45.845720, 4] libads/dns.c:432(ads_dns_lookup_srv) ads_dns_lookup_srv: 1 records returned in the answer section. [2013/12/20 16:30:45.845759, 10] libads/dns.c:213(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed server.domain.local [0, 100, 389] [2013/12/20 16:30:45.845779, 10] libsmb/dsgetdcname.c:859(process_dc_dns) LDAP ping to server.domain.local [2013/12/20 16:30:45.847729, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = DSGETDCNAME/DOMAIN/domain and timeout = Fri Dec 20 16:45:45 2013 (900 seconds ahead) [2013/12/20 16:30:45.864167, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [domain], sitename = [Default-First-Site-Name], expire = [2147483647] [2013/12/20 16:30:45.864197, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/domain and timeout = Mon Jan 18 21:14:07 2038 (759905002 seconds ahead) [2013/12/20 16:30:45.864242, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = DSGETDCNAME/DOMAIN/domain.local and timeout = Fri Dec 20 16:45:45 2013 (900 seconds ahead) [2013/12/20 16:30:45.864274, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2147483647] [2013/12/20 16:30:45.864290, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/domain.local and timeout = Mon Jan 18 21:14:07 2038 (759905002 seconds ahead) [2013/12/20 16:30:45.864443, 3] libsmb/cliconnect.c:2209(cli_start_connection) Connecting to host=server.domain.local [2013/12/20 16:30:45.864479, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/domain.local, value = Default-First-Site-Name, timeout = Mon Jan 18 21:14:07 2038 [2013/12/20 16:30:45.864507, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for domain.local: "Default-First-Site-Name" [2013/12/20 16:30:45.864526, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up server.domain.local#20 (sitename Default-First-Site-Name) [2013/12/20 16:30:45.864549, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/server.domain.local#20, value = SERVER-IP-ADDRESS173:0, timeout = Fri Dec 20 16:41:32 2013 [2013/12/20 16:30:45.864569, 5] libsmb/namecache.c:192(namecache_fetch) name server.domain.local#20 found. [2013/12/20 16:30:45.864630, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58530 [2013/12/20 16:30:45.864650, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58bf0 [2013/12/20 16:30:45.864664, 10] lib/events.c:131(run_events) Running timed event "tevent_req_timedout" 0x7f9bf8e58530 [2013/12/20 16:30:45.864678, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e58530 "tevent_req_timedout" [2013/12/20 16:30:45.864698, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58530 [2013/12/20 16:30:45.864712, 3] lib/util_sock.c:979(open_socket_out_send) Connecting to SERVER-IP-ADDRESS173 at port 445 [2013/12/20 16:30:45.864753, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7b050 [2013/12/20 16:30:45.865466, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7b050 "tevent_req_timedout" [2013/12/20 16:30:45.865492, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e58530 "tevent_req_timedout" [2013/12/20 16:30:45.865522, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/12/20 16:30:45.865633, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865659, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865680, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865698, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865717, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865734, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865751, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865770, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865788, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865806, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865826, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865848, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865868, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865888, 5] lib/charcnv.c:98(charset_name) Substituting charset 'UTF-8' for LOCALE [2013/12/20 16:30:45.865936, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e568c0 [2013/12/20 16:30:45.865960, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.865974, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.866947, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e568c0 "tevent_req_timedout" [2013/12/20 16:30:45.866979, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego) Doing spnego session setup (blob length=136) [2013/12/20 16:30:45.867034, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 [2013/12/20 16:30:45.867063, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego) got principal=not_defined_in_RFC4178@please_ignore [2013/12/20 16:30:45.867170, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0003 (3) DomainNameMaxLen : 0x0003 (3) DomainName : * DomainName : 'domain' WorkstationLen : 0x000b (11) WorkstationMaxLen : 0x000b (11) Workstation : * Workstation : 'client' [2013/12/20 16:30:45.867424, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.867440, 10] ../lib/util/util.c:278(_dump_data) [0000] 42 53 52 53 50 59 4C 20 BSRSPYL [2013/12/20 16:30:45.867462, 6] libsmb/clientgen.c:323(write_socket) write_socket(7,166) [2013/12/20 16:30:45.867487, 6] libsmb/clientgen.c:326(write_socket) write_socket(7,166) wrote 166 [2013/12/20 16:30:45.868131, 10] lib/util_sock.c:731(read_smb_length_return_keepalive) got smb length of 454 [2013/12/20 16:30:45.868163, 5] lib/util.c:617(show_msg) [2013/12/20 16:30:45.868174, 5] lib/util.c:627(show_msg) size=454 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=20998 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 454 (0x1C6) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 235 (0xEB) smb_bcc=411 [2013/12/20 16:30:45.868240, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 81 E8 30 81 E5 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 CF 04 81 CC 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [0030] 00 00 00 15 82 89 62 C1 FB 05 17 2B 9F DB B8 00 ......b. ...+.... [0040] 00 00 00 00 00 00 00 8E 00 8E 00 3E 00 00 00 06 ........ ...>.... [0050] 01 B1 1D 00 00 00 0F 50 00 32 00 50 00 02 00 06 [0060] 00 50 00 32 00 50 00 01 00 16 00 41 00 47 00 45 [0070] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30 [0080] 00 04 00 12 00 70 00 32 00 70 00 2E 00 6C 00 6F [0090] 00 63 00 61 00 6C 00 03 00 2A 00 41 00 47 00 45 [00A0] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30 [00B0] 00 2E 00 70 00 32 00 70 00 2E 00 6C 00 6F 00 63 [00C0] 00 61 00 6C 00 05 00 12 00 70 00 32 00 70 00 2E [00D0] 00 6C 00 6F 00 63 00 61 00 6C 00 07 00 08 00 08 .l.o.c.a .l...... [00E0] 6A F5 1F D3 FD CE 01 00 00 00 00 57 00 69 00 6E j....... ...W.i.n [00F0] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [0100] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 38 .v.e.r. .2.0.0.8 [0110] 00 20 00 52 00 32 00 20 00 53 00 74 00 61 00 6E . .R.2. .S.t.a.n [0120] 00 64 00 61 00 72 00 64 00 20 00 37 00 36 00 30 .d.a.r.d . .7.6.0 [0130] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c [0140] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 [0150] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0160] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0170] 00 32 00 30 00 30 00 38 00 20 00 52 00 32 00 20 .2.0.0.8 . .R.2. [0180] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d [0190] 00 20 00 36 00 2E 00 31 00 00 00 . .6...1 ... [2013/12/20 16:30:45.868606, 5] lib/util.c:617(show_msg) [2013/12/20 16:30:45.868615, 5] lib/util.c:627(show_msg) size=454 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=20998 smb_uid=2048 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 454 (0x1C6) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 235 (0xEB) smb_bcc=411 [2013/12/20 16:30:45.868683, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 81 E8 30 81 E5 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 CF 04 81 CC 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 [0030] 00 00 00 15 82 89 62 C1 FB 05 17 2B 9F DB B8 00 ......b. ...+.... [0040] 00 00 00 00 00 00 00 8E 00 8E 00 3E 00 00 00 06 ........ ...>.... [0050] 01 B1 1D 00 00 00 0F 50 00 32 00 50 00 02 00 06 [0060] 00 50 00 32 00 50 00 01 00 16 00 41 00 47 00 45 [0070] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30 . [0080] 00 04 00 12 00 70 00 32 00 70 00 2E 00 6C 00 6F . [0090] 00 63 00 61 00 6C 00 03 00 2A 00 41 00 47 00 45 .c.a.l.. .* [00A0] 00 4F 00 30 00 31 00 56 00 4D 00 57 00 31 00 30 [00B0] 00 2E 00 70 00 32 00 70 00 2E 00 6C 00 6F 00 63 ...l.o.c [00C0] 00 61 00 6C 00 05 00 12 00 70 00 32 00 70 00 2E .a.l.... . [00D0] 00 6C 00 6F 00 63 00 61 00 6C 00 07 00 08 00 08 .l.o.c.a .l...... [00E0] 6A F5 1F D3 FD CE 01 00 00 00 00 57 00 69 00 6E j....... ...W.i.n [00F0] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [0100] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 38 .v.e.r. .2.0.0.8 [0110] 00 20 00 52 00 32 00 20 00 53 00 74 00 61 00 6E . .R.2. .S.t.a.n [0120] 00 64 00 61 00 72 00 64 00 20 00 37 00 36 00 30 .d.a.r.d . .7.6.0 [0130] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c [0140] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 [0150] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0160] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0170] 00 32 00 30 00 30 00 38 00 20 00 52 00 32 00 20 .2.0.0.8 . .R.2. [0180] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d [0190] 00 20 00 36 00 2E 00 31 00 00 00 . .6...1 ... [2013/12/20 16:30:45.869082, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0006 (6) TargetNameMaxLen : 0x0006 (6) TargetName : * TargetName : 'domain' NegotiateFlags : 0x62898215 (1653178901) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : c1fb05172b9fdbb8 Reserved : 0000000000000000 TargetInfoLen : 0x008e (142) TargetNameInfoMaxLen : 0x008e (142) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'domain' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'server' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'domain.local' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x002a (42) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'server.domain.local' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'domain.local' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Fri 20 Dec 2013 04:30:46 PM CST CST pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x1db1 (7601) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) [2013/12/20 16:30:45.869592, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) Got challenge flags: [2013/12/20 16:30:45.869607, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2013/12/20 16:30:45.869655, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2013/12/20 16:30:45.869666, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2013/12/20 16:30:45.869724, 5] libsmb/ntlmssp.c:1196(ntlmssp_client_challenge) NTLMSSP challenge set by NTLM2 [2013/12/20 16:30:45.869738, 5] libsmb/ntlmssp.c:1197(ntlmssp_client_challenge) challenge is: [2013/12/20 16:30:45.869750, 5] ../lib/util/util.c:278(_dump_data) [0000] C2 40 94 90 D4 45 3F D1 .@...E?. [2013/12/20 16:30:45.869875, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 1199e79531025a6c00000000000000000000000000000000 NtChallengeResponseLen : 0x0018 (24) NtChallengeResponseMaxLen: 0x0018 (24) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 24) v1: struct NTLM_RESPONSE Response : 55e815f291e9110c2d25740ec7051d315b5f4a95963d393b DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x001a (26) UserNameMaxLen : 0x001a (26) UserName : * UserName : 'Administrator' WorkstationLen : 0x0016 (22) WorkstationMaxLen : 0x0016 (22) Workstation : * Workstation : 'client' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [2013/12/20 16:30:45.870065, 10] ../lib/util/util.c:278(_dump_data) [0000] 66 EF E4 AE 19 31 E2 DC 60 85 65 3B DD 40 13 37 f....1.. `.e;.@.7 NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 [2013/12/20 16:30:45.870230, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/12/20 16:30:45.870243, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2013/12/20 16:30:45.870307, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.870321, 10] ../lib/util/util.c:278(_dump_data) [0000] 42 53 52 53 50 59 4C 20 BSRSPYL [2013/12/20 16:30:45.870341, 6] libsmb/clientgen.c:323(write_socket) write_socket(7,274) [2013/12/20 16:30:45.870367, 6] libsmb/clientgen.c:326(write_socket) write_socket(7,274) wrote 274 [2013/12/20 16:30:45.872026, 10] lib/util_sock.c:731(read_smb_length_return_keepalive) got smb length of 228 [2013/12/20 16:30:45.872058, 5] lib/util.c:617(show_msg) [2013/12/20 16:30:45.872068, 5] lib/util.c:627(show_msg) size=228 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=20998 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 228 (0xE4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=185 [2013/12/20 16:30:45.872135, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [0010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [0020] 00 65 00 72 00 20 00 32 00 30 00 30 00 38 00 20 .e.r. .2 .0.0.8. [0030] 00 52 00 32 00 20 00 53 00 74 00 61 00 6E 00 64 .R.2. .S .t.a.n.d [0040] 00 61 00 72 00 64 00 20 00 37 00 36 00 30 00 31 .a.r.d. .7.6.0.1 [0050] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0060] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1.. [0070] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [0080] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [0090] 00 30 00 30 00 38 00 20 00 52 00 32 00 20 00 53 .0.0.8. .R.2. .S [00A0] 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 00 20 .t.a.n.d .a.r.d. [00B0] 00 36 00 2E 00 31 00 00 00 .6...1.. . [2013/12/20 16:30:45.872305, 5] lib/util.c:617(show_msg) [2013/12/20 16:30:45.872313, 5] lib/util.c:627(show_msg) size=228 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=20998 smb_uid=2048 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 228 (0xE4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=185 [2013/12/20 16:30:45.872378, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ..0..... .W.i.n.d [0010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v [0020] 00 65 00 72 00 20 00 32 00 30 00 30 00 38 00 20 .e.r. .2 .0.0.8. [0030] 00 52 00 32 00 20 00 53 00 74 00 61 00 6E 00 64 .R.2. .S .t.a.n.d [0040] 00 61 00 72 00 64 00 20 00 37 00 36 00 30 00 31 .a.r.d. .7.6.0.1 [0050] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0060] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1.. [0070] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [0080] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 [0090] 00 30 00 30 00 38 00 20 00 52 00 32 00 20 00 53 .0.0.8. .R.2. .S [00A0] 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 00 20 .t.a.n.d .a.r.d. [00B0] 00 36 00 2E 00 31 00 00 00 .6...1.. . [2013/12/20 16:30:45.872551, 10] libsmb/smb_signing.c:320(smb_signing_activate) smb_signing_activate: user_session_key [2013/12/20 16:30:45.872565, 10] ../lib/util/util.c:278(_dump_data) [0000] 4D 0B 9B FF B2 93 E0 63 4A 65 D7 32 48 CA 64 53 M......c Je.2H.dS [2013/12/20 16:30:45.872587, 10] libsmb/smb_signing.c:329(smb_signing_activate) smb_signing_activate: NULL response_data [2013/12/20 16:30:45.872598, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 1 [2013/12/20 16:30:45.872620, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 1: got good SMB signature of [2013/12/20 16:30:45.872640, 10] ../lib/util/util.c:278(_dump_data) [0000] 05 76 28 D3 A0 14 21 AB .v(...!. [2013/12/20 16:30:45.872687, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58740 [2013/12/20 16:30:45.872704, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 2 [2013/12/20 16:30:45.872718, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.872729, 10] ../lib/util/util.c:278(_dump_data) [0000] C2 D1 98 BA 38 1B 86 D2 ....8... [2013/12/20 16:30:45.872751, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.872764, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.873123, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 3 [2013/12/20 16:30:45.873151, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 3: got good SMB signature of [2013/12/20 16:30:45.873164, 10] ../lib/util/util.c:278(_dump_data) [0000] B7 B3 61 FF 61 29 BF 83 ..a.a).. [2013/12/20 16:30:45.873189, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e58740 "tevent_req_timedout" [2013/12/20 16:30:45.873204, 10] libsmb/clientgen.c:553(cli_init_creds) cli_init_creds: user Administrator domain [2013/12/20 16:30:45.873310, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58c40 [2013/12/20 16:30:45.873330, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 4 [2013/12/20 16:30:45.873344, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.873356, 10] ../lib/util/util.c:278(_dump_data) [0000] C3 0D B9 47 1B 70 E9 AC ...G.p.. [2013/12/20 16:30:45.873378, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.873392, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.873910, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 5 [2013/12/20 16:30:45.873937, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 5: got good SMB signature of [2013/12/20 16:30:45.873950, 10] ../lib/util/util.c:278(_dump_data) [0000] F2 85 3A 58 63 5A 5F A3 ..:XcZ_. [2013/12/20 16:30:45.873978, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e58c40 "tevent_req_timedout" [2013/12/20 16:30:45.874002, 5] rpc_client/cli_pipe.c:2663(rpc_pipe_bind_send) Bind RPC Pipe: host server.domain.local auth_type 0, auth_level 1 [2013/12/20 16:30:45.874028, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 [2013/12/20 16:30:45.874097, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_rb [2013/12/20 16:30:45.874110, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 [2013/12/20 16:30:45.874151, 6] rpc_parse/parse_prs.c:89(prs_debug) 00001f smb_io_rpc_iface [2013/12/20 16:30:45.874163, 7] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 00000000 [2013/12/20 16:30:45.874219, 6] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_rpc_iface [2013/12/20 16:30:45.874232, 7] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 [2013/12/20 16:30:45.874277, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.874298, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.874324, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58c50 [2013/12/20 16:30:45.874337, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 6 [2013/12/20 16:30:45.874351, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.874364, 10] ../lib/util/util.c:278(_dump_data) [0000] E5 43 16 FF A2 43 C6 45 .C...C.E [2013/12/20 16:30:45.874386, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.874400, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.874832, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 7 [2013/12/20 16:30:45.874860, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 7: got good SMB signature of [2013/12/20 16:30:45.874873, 10] ../lib/util/util.c:278(_dump_data) [0000] 45 90 59 C5 D4 EB 07 59 E.Y....Y [2013/12/20 16:30:45.874902, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e58c50 "tevent_req_timedout" [2013/12/20 16:30:45.874923, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 [2013/12/20 16:30:45.874988, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7b770 [2013/12/20 16:30:45.875003, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7b770 [2013/12/20 16:30:45.875018, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.875038, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 68 bytes. [2013/12/20 16:30:45.875053, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 [2013/12/20 16:30:45.875116, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_ba [2013/12/20 16:30:45.875129, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00004715 [2013/12/20 16:30:45.875155, 6] rpc_parse/parse_prs.c:89(prs_debug) 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \pipe\lsass. [2013/12/20 16:30:45.875191, 6] rpc_parse/parse_prs.c:89(prs_debug) 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 [2013/12/20 16:30:45.875219, 6] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_rpc_iface [2013/12/20 16:30:45.875231, 7] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 [2013/12/20 16:30:45.875275, 5] rpc_client/cli_pipe.c:2510(check_bind_response) check_bind_response: accepted! [2013/12/20 16:30:45.875290, 10] rpc_client/cli_pipe.c:3847(cli_rpc_pipe_open_noauth_transport) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine server.domain.local and bound anonymously. [2013/12/20 16:30:45.875316, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/12/20 16:30:45.875533, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2013/12/20 16:30:45.875598, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000002c 0014 context_id: 0000 0016 opnum : 0006 [2013/12/20 16:30:45.875626, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.875642, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.875661, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7ab90 [2013/12/20 16:30:45.875674, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 8 [2013/12/20 16:30:45.875687, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.875699, 10] ../lib/util/util.c:278(_dump_data) [0000] 3C 59 CF F6 02 27 AC C8 <Y...'.. [2013/12/20 16:30:45.875728, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.875742, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.876306, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 9 [2013/12/20 16:30:45.876335, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 9: got good SMB signature of [2013/12/20 16:30:45.876348, 10] ../lib/util/util.c:278(_dump_data) [0000] 93 9A 6D D7 4E 19 66 45 ..m.N.fE [2013/12/20 16:30:45.876373, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7ab90 "tevent_req_timedout" [2013/12/20 16:30:45.876390, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 [2013/12/20 16:30:45.876455, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d1b0 [2013/12/20 16:30:45.876468, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d1b0 [2013/12/20 16:30:45.876482, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.876514, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.876528, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.876541, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.876562, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : c90388b2-2fa0-4542-8aa9-58d341bcc314 result : NT_STATUS_OK [2013/12/20 16:30:45.876626, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : c90388b2-2fa0-4542-8aa9-58d341bcc314 level : LSA_POLICY_INFO_DNS (12) [2013/12/20 16:30:45.876693, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000003 [2013/12/20 16:30:45.876759, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000016 0014 context_id: 0000 0016 opnum : 002e [2013/12/20 16:30:45.876787, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.876803, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.876830, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7be60 [2013/12/20 16:30:45.876845, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 10 [2013/12/20 16:30:45.876858, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.876870, 10] ../lib/util/util.c:278(_dump_data) [0000] 83 23 D0 F7 BD F3 19 77 .#.....w [2013/12/20 16:30:45.876893, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.876907, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.877374, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 11 [2013/12/20 16:30:45.877403, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 11: got good SMB signature of [2013/12/20 16:30:45.877416, 10] ../lib/util/util.c:278(_dump_data) [0000] A9 AE D7 56 76 1E 83 DF ...Vv... [2013/12/20 16:30:45.877440, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7be60 "tevent_req_timedout" [2013/12/20 16:30:45.877458, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00c0 000a auth_len : 0000 000c call_id : 00000003 [2013/12/20 16:30:45.877523, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a9d0 [2013/12/20 16:30:45.877537, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a9d0 [2013/12/20 16:30:45.877550, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 000000a8 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.877582, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 192, data_len 168, ss_len 0 [2013/12/20 16:30:45.877596, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.877609, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 336 bytes. [2013/12/20 16:30:45.877641, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'domain' dns_domain: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'domain.local' dns_forest: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'domain.local' domain_guid : 98e9bb81-fc49-4cdd-9de2-8cee06eeee7e sid : * sid : S-1-5-21-404543544-4040226311-1825311824 result : NT_STATUS_OK [2013/12/20 16:30:45.877838, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : c90388b2-2fa0-4542-8aa9-58d341bcc314 [2013/12/20 16:30:45.877898, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000004 [2013/12/20 16:30:45.877964, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 opnum : 0000 [2013/12/20 16:30:45.877992, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.878008, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.878026, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7c280 [2013/12/20 16:30:45.878040, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 12 [2013/12/20 16:30:45.878053, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.878065, 10] ../lib/util/util.c:278(_dump_data) [0000] 58 30 6A 99 10 BB 67 0F X0j...g. [2013/12/20 16:30:45.878088, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.878101, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.878570, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 13 [2013/12/20 16:30:45.878598, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 13: got good SMB signature of [2013/12/20 16:30:45.878611, 10] ../lib/util/util.c:278(_dump_data) [0000] 31 5E 28 79 99 D0 6B 4F 1^(y..kO [2013/12/20 16:30:45.878635, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7c280 "tevent_req_timedout" [2013/12/20 16:30:45.878652, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 [2013/12/20 16:30:45.878717, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e58170 [2013/12/20 16:30:45.878731, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e58170 [2013/12/20 16:30:45.878744, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.878776, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.878789, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.878811, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.878844, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/12/20 16:30:45.878910, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7a6a0 [2013/12/20 16:30:45.878925, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 14 [2013/12/20 16:30:45.878938, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.878949, 10] ../lib/util/util.c:278(_dump_data) [0000] 21 C6 4B 54 9E F4 62 A8 !.KT..b. [2013/12/20 16:30:45.878972, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.878985, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.879372, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 15 [2013/12/20 16:30:45.879399, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 15: got good SMB signature of [2013/12/20 16:30:45.879412, 10] ../lib/util/util.c:278(_dump_data) [0000] 4B 78 F9 83 32 0B AC F3 Kx..2... [2013/12/20 16:30:45.879435, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7a6a0 "tevent_req_timedout" [2013/12/20 16:30:45.879456, 10] rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor) rpc_pipe_destructor: closed \lsarpc [2013/12/20 16:30:45.879507, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7bd10 [2013/12/20 16:30:45.879523, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 16 [2013/12/20 16:30:45.879537, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.879548, 10] ../lib/util/util.c:278(_dump_data) [0000] 57 4A 89 B2 C7 84 6B 00 WJ....k. [2013/12/20 16:30:45.879571, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.879585, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.880030, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 17 [2013/12/20 16:30:45.880060, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 17: got good SMB signature of [2013/12/20 16:30:45.880072, 10] ../lib/util/util.c:278(_dump_data) [0000] 53 C1 AF A5 CE 6A 62 57 S....jbW [2013/12/20 16:30:45.880096, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7bd10 "tevent_req_timedout" [2013/12/20 16:30:45.880116, 5] rpc_client/cli_pipe.c:2663(rpc_pipe_bind_send) Bind RPC Pipe: host server.domain.local auth_type 0, auth_level 1 [2013/12/20 16:30:45.880132, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000005 [2013/12/20 16:30:45.880198, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_rb [2013/12/20 16:30:45.880220, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 [2013/12/20 16:30:45.880262, 6] rpc_parse/parse_prs.c:89(prs_debug) 00001f smb_io_rpc_iface [2013/12/20 16:30:45.880275, 7] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ac 0030 version: 00000001 [2013/12/20 16:30:45.880321, 6] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_rpc_iface [2013/12/20 16:30:45.880333, 7] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 [2013/12/20 16:30:45.880379, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.880396, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.880419, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7b770 [2013/12/20 16:30:45.880433, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 18 [2013/12/20 16:30:45.880446, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.880458, 10] ../lib/util/util.c:278(_dump_data) [0000] CA 5C 8C 00 C2 AB FD 22 ......" [2013/12/20 16:30:45.880481, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.880494, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.881088, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 19 [2013/12/20 16:30:45.881117, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 19: got good SMB signature of [2013/12/20 16:30:45.881129, 10] ../lib/util/util.c:278(_dump_data) [0000] 54 82 F9 B4 2C E4 16 2E T...,... [2013/12/20 16:30:45.881154, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7b770 "tevent_req_timedout" [2013/12/20 16:30:45.881173, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000005 [2013/12/20 16:30:45.881241, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a000 [2013/12/20 16:30:45.881255, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a000 [2013/12/20 16:30:45.881268, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.881281, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 68 bytes. [2013/12/20 16:30:45.881296, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000005 [2013/12/20 16:30:45.881369, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_ba [2013/12/20 16:30:45.881382, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00004716 [2013/12/20 16:30:45.881409, 6] rpc_parse/parse_prs.c:89(prs_debug) 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \pipe\lsass. [2013/12/20 16:30:45.881434, 6] rpc_parse/parse_prs.c:89(prs_debug) 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 [2013/12/20 16:30:45.881461, 6] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_rpc_iface [2013/12/20 16:30:45.881516, 7] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 [2013/12/20 16:30:45.881569, 5] rpc_client/cli_pipe.c:2510(check_bind_response) check_bind_response: accepted! [2013/12/20 16:30:45.881585, 10] rpc_client/cli_pipe.c:3847(cli_rpc_pipe_open_noauth_transport) cli_rpc_pipe_open_noauth: opened pipe \samr to machine server.domain.local and bound anonymously. [2013/12/20 16:30:45.881609, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'server.domain.local' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/12/20 16:30:45.881694, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 0000 000c call_id : 00000006 [2013/12/20 16:30:45.881759, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000040 0014 context_id: 0000 0016 opnum : 0039 [2013/12/20 16:30:45.881787, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.881804, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=88, this_data=88, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.881823, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7c5b0 [2013/12/20 16:30:45.881837, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 20 [2013/12/20 16:30:45.881851, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.881863, 10] ../lib/util/util.c:278(_dump_data) [0000] F7 F8 1F 76 E8 78 D3 B3 ...v.x.. [2013/12/20 16:30:45.881886, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.881901, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.882445, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 21 [2013/12/20 16:30:45.882473, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 21: got good SMB signature of [2013/12/20 16:30:45.882495, 10] ../lib/util/util.c:278(_dump_data) [0000] CB 5C E4 06 70 6D 8C 03 ...pm.. [2013/12/20 16:30:45.882519, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7c5b0 "tevent_req_timedout" [2013/12/20 16:30:45.882537, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000006 [2013/12/20 16:30:45.882602, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7aa90 [2013/12/20 16:30:45.882616, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7aa90 [2013/12/20 16:30:45.882628, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.882660, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.882674, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.882687, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.882711, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 6262cece-f30f-478e-b8cf-8c6631a80dc6 result : NT_STATUS_OK [2013/12/20 16:30:45.882774, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 6262cece-f30f-478e-b8cf-8c6631a80dc6 access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-404543544-4040226311-1825311824 [2013/12/20 16:30:45.882912, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000007 [2013/12/20 16:30:45.882977, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000034 0014 context_id: 0000 0016 opnum : 0007 [2013/12/20 16:30:45.883006, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.883030, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.883050, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7dbc0 [2013/12/20 16:30:45.883064, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 22 [2013/12/20 16:30:45.883078, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.883089, 10] ../lib/util/util.c:278(_dump_data) [0000] EB 20 6E 4A E0 C3 1A 70 . nJ...p [2013/12/20 16:30:45.883112, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.883127, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.883726, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 23 [2013/12/20 16:30:45.883754, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 23: got good SMB signature of [2013/12/20 16:30:45.883767, 10] ../lib/util/util.c:278(_dump_data) [0000] C6 1D FB 9B 6B 8B E2 7A ....k..z [2013/12/20 16:30:45.883791, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7dbc0 "tevent_req_timedout" [2013/12/20 16:30:45.883808, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000007 [2013/12/20 16:30:45.883884, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a710 [2013/12/20 16:30:45.883899, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a710 [2013/12/20 16:30:45.883913, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.883972, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.883988, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.884001, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.884026, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5 result : NT_STATUS_OK [2013/12/20 16:30:45.884085, 10] libnet/libnet_join.c:892(libnet_join_joindomain_rpc) Creating account with desired access mask: -536543056 [2013/12/20 16:30:45.884101, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5 account_name : * account_name: struct lsa_String length : 0x0018 (24) size : 0x0018 (24) string : * string : 'client$' acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP [2013/12/20 16:30:45.884388, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000008 [2013/12/20 16:30:45.884457, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000048 0014 context_id: 0000 0016 opnum : 0032 [2013/12/20 16:30:45.884485, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.884502, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=96, this_data=96, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.884520, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7de50 [2013/12/20 16:30:45.884534, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 24 [2013/12/20 16:30:45.884548, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.884559, 10] ../lib/util/util.c:278(_dump_data) [0000] 82 67 24 B4 9F E2 EA AE .g$..... [2013/12/20 16:30:45.884582, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.884596, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.885344, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 25 [2013/12/20 16:30:45.885372, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 25: got good SMB signature of [2013/12/20 16:30:45.885385, 10] ../lib/util/util.c:278(_dump_data) [0000] F6 1B E3 EF 31 CB EC 80 ....1... [2013/12/20 16:30:45.885409, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7de50 "tevent_req_timedout" [2013/12/20 16:30:45.885435, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000008 [2013/12/20 16:30:45.885502, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7c970 [2013/12/20 16:30:45.885516, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7c970 [2013/12/20 16:30:45.885529, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.885561, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 [2013/12/20 16:30:45.885574, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.885588, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 64 bytes. [2013/12/20 16:30:45.885613, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000000 (0) result : NT_STATUS_USER_EXISTS [2013/12/20 16:30:45.885698, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0018 (24) size : 0x0018 (24) string : * string : 'client$' [2013/12/20 16:30:45.885800, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000009 [2013/12/20 16:30:45.885867, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 opnum : 0011 [2013/12/20 16:30:45.885896, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.885912, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=104, this_data=104, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.885931, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e58740 [2013/12/20 16:30:45.885945, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 26 [2013/12/20 16:30:45.885958, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.885977, 10] ../lib/util/util.c:278(_dump_data) [0000] 4C 3F DD 1B 11 2B E7 2A L?...+.* [2013/12/20 16:30:45.886000, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.886014, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.886659, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 27 [2013/12/20 16:30:45.886687, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 27: got good SMB signature of [2013/12/20 16:30:45.886700, 10] ../lib/util/util.c:278(_dump_data) [0000] F8 6F 98 59 70 47 04 AF .o.YpG.. [2013/12/20 16:30:45.886724, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e58740 "tevent_req_timedout" [2013/12/20 16:30:45.886741, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000009 [2013/12/20 16:30:45.886807, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e58740 [2013/12/20 16:30:45.886821, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e58740 [2013/12/20 16:30:45.886843, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.886877, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 [2013/12/20 16:30:45.886890, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.886904, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 72 bytes. [2013/12/20 16:30:45.886929, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000456 (1110) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/12/20 16:30:45.887034, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x00000456 (1110) [2013/12/20 16:30:45.887174, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 0000000a [2013/12/20 16:30:45.887243, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000001c 0014 context_id: 0000 0016 opnum : 0022 [2013/12/20 16:30:45.887271, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.887288, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.887307, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7d6c0 [2013/12/20 16:30:45.887320, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 28 [2013/12/20 16:30:45.887334, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.887346, 10] ../lib/util/util.c:278(_dump_data) [0000] 1E 0F 7A 41 9F D8 BF 29 ..zA...) [2013/12/20 16:30:45.887369, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.887382, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.888049, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 29 [2013/12/20 16:30:45.888079, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 29: got good SMB signature of [2013/12/20 16:30:45.888092, 10] ../lib/util/util.c:278(_dump_data) [0000] 98 6C 53 89 BA D7 4C 36 .lS...L6 [2013/12/20 16:30:45.888116, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7d6c0 "tevent_req_timedout" [2013/12/20 16:30:45.888133, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000a [2013/12/20 16:30:45.888198, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0 [2013/12/20 16:30:45.888211, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0 [2013/12/20 16:30:45.888224, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.888257, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.888270, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.888284, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.888307, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 44b94794-e84c-4039-b91c-cbd77709aad4 result : NT_STATUS_OK [2013/12/20 16:30:45.888375, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_SetUserInfo: struct samr_SetUserInfo in: struct samr_SetUserInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 44b94794-e84c-4039-b91c-cbd77709aad4 level : UserControlInformation (16) info : * info : union samr_UserInfo(case 16) info16: struct samr_UserInfo16 acct_flags : 0x00000280 (640) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD [2013/12/20 16:30:45.888587, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 0000000b [2013/12/20 16:30:45.888653, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000001c 0014 context_id: 0000 0016 opnum : 0025 [2013/12/20 16:30:45.888681, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.888698, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.888716, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7c970 [2013/12/20 16:30:45.888730, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 30 [2013/12/20 16:30:45.888744, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.888756, 10] ../lib/util/util.c:278(_dump_data) [0000] B0 F3 CD 5B 84 F1 0A DE ...[.... [2013/12/20 16:30:45.888778, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.888792, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.889663, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 31 [2013/12/20 16:30:45.889691, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 31: got good SMB signature of [2013/12/20 16:30:45.889712, 10] ../lib/util/util.c:278(_dump_data) [0000] 04 BE 98 5E 06 67 C6 E5 ...^.g.. [2013/12/20 16:30:45.889737, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7c970 "tevent_req_timedout" [2013/12/20 16:30:45.889755, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 0000000b [2013/12/20 16:30:45.889821, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7c970 [2013/12/20 16:30:45.889851, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7c970 [2013/12/20 16:30:45.889866, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.889899, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2013/12/20 16:30:45.889912, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.889925, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 8 bytes. [2013/12/20 16:30:45.889944, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_SetUserInfo: struct samr_SetUserInfo out: struct samr_SetUserInfo result : NT_STATUS_OK [2013/12/20 16:30:45.890022, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_SetUserInfo2: struct samr_SetUserInfo2 in: struct samr_SetUserInfo2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 44b94794-e84c-4039-b91c-cbd77709aad4 level : UserInternal5InformationNew (26) info : * info : union samr_UserInfo(case 26) info26: struct samr_UserInfo26 password: struct samr_CryptPasswordEx data : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx password_expired : 0x00 (0) [2013/12/20 16:30:45.890233, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0245 000a auth_len : 0000 000c call_id : 0000000c [2013/12/20 16:30:45.890308, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000022d 0014 context_id: 0000 0016 opnum : 003a [2013/12/20 16:30:45.890337, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.890354, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=581, this_data=581, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.890373, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7d6c0 [2013/12/20 16:30:45.890387, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 32 [2013/12/20 16:30:45.890403, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.890415, 10] ../lib/util/util.c:278(_dump_data) [0000] 63 87 BC CE 69 89 27 BD c...i.'. [2013/12/20 16:30:45.890437, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.890451, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.939932, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 33 [2013/12/20 16:30:45.939963, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 33: got good SMB signature of [2013/12/20 16:30:45.939976, 10] ../lib/util/util.c:278(_dump_data) [0000] A7 8B AA 68 05 F4 37 B3 ...h..7. [2013/12/20 16:30:45.940000, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7d6c0 "tevent_req_timedout" [2013/12/20 16:30:45.940017, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 0000000c [2013/12/20 16:30:45.940082, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0 [2013/12/20 16:30:45.940096, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d6c0 [2013/12/20 16:30:45.940109, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.940141, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 [2013/12/20 16:30:45.940154, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.940167, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 8 bytes. [2013/12/20 16:30:45.940190, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_OK [2013/12/20 16:30:45.940222, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 6262cece-f30f-478e-b8cf-8c6631a80dc6 [2013/12/20 16:30:45.940277, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000d [2013/12/20 16:30:45.940351, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 opnum : 0001 [2013/12/20 16:30:45.940381, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.940399, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.940418, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7d910 [2013/12/20 16:30:45.940432, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 34 [2013/12/20 16:30:45.940445, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.940457, 10] ../lib/util/util.c:278(_dump_data) [0000] 80 A8 94 28 37 C9 D5 21 ...(7..! [2013/12/20 16:30:45.940480, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.940493, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.941020, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 35 [2013/12/20 16:30:45.941047, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 35: got good SMB signature of [2013/12/20 16:30:45.941060, 10] ../lib/util/util.c:278(_dump_data) [0000] 2D 07 D8 C4 C5 46 DF 75 -....F.u [2013/12/20 16:30:45.941083, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7d910 "tevent_req_timedout" [2013/12/20 16:30:45.941101, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000d [2013/12/20 16:30:45.941166, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7d910 [2013/12/20 16:30:45.941179, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7d910 [2013/12/20 16:30:45.941192, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.941224, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.941237, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.941250, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.941269, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/12/20 16:30:45.941326, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 2ce86684-2e00-4a00-aaa6-1511e233b1d5 [2013/12/20 16:30:45.941388, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000e [2013/12/20 16:30:45.941452, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 opnum : 0001 [2013/12/20 16:30:45.941480, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.941497, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.941515, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7da50 [2013/12/20 16:30:45.941529, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 36 [2013/12/20 16:30:45.941542, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.941554, 10] ../lib/util/util.c:278(_dump_data) [0000] CF DC B5 3B 73 78 48 4E ...;sxHN [2013/12/20 16:30:45.941576, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.941590, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.942089, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 37 [2013/12/20 16:30:45.942116, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 37: got good SMB signature of [2013/12/20 16:30:45.942129, 10] ../lib/util/util.c:278(_dump_data) [0000] 68 AE 49 5E 27 84 E7 09 h.I^'... [2013/12/20 16:30:45.942152, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7da50 "tevent_req_timedout" [2013/12/20 16:30:45.942169, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000e [2013/12/20 16:30:45.942235, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7a710 [2013/12/20 16:30:45.942248, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7a710 [2013/12/20 16:30:45.942261, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.942293, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.942307, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.942320, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.942339, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/12/20 16:30:45.942404, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 44b94794-e84c-4039-b91c-cbd77709aad4 [2013/12/20 16:30:45.942456, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000f [2013/12/20 16:30:45.942521, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 opnum : 0001 [2013/12/20 16:30:45.942548, 5] rpc_client/cli_pipe.c:1394(rpc_api_pipe_send) rpc_api_pipe: host server.domain.local [2013/12/20 16:30:45.942565, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2013/12/20 16:30:45.942583, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7da50 [2013/12/20 16:30:45.942598, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 38 [2013/12/20 16:30:45.942611, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.942623, 10] ../lib/util/util.c:278(_dump_data) [0000] A6 03 8C A2 D0 9A 6E C6 ......n. [2013/12/20 16:30:45.942646, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.942659, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.943127, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 39 [2013/12/20 16:30:45.943154, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 39: got good SMB signature of [2013/12/20 16:30:45.943167, 10] ../lib/util/util.c:278(_dump_data) [0000] 07 8F 4E F0 31 B8 F7 7B ..N.1..{ [2013/12/20 16:30:45.943191, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7da50 "tevent_req_timedout" [2013/12/20 16:30:45.943208, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000f [2013/12/20 16:30:45.943274, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x7f9bf8e7c970 [2013/12/20 16:30:45.943288, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x7f9bf8e7c970 [2013/12/20 16:30:45.943301, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2013/12/20 16:30:45.943333, 10] rpc_client/cli_pipe.c:1021(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2013/12/20 16:30:45.943346, 10] rpc_client/cli_pipe.c:1494(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2013/12/20 16:30:45.943359, 10] rpc_client/cli_pipe.c:1545(rpc_api_pipe_got_pdu) rpc_api_pipe: host server.domain.local returned 48 bytes. [2013/12/20 16:30:45.943387, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/12/20 16:30:45.943448, 11] lib/events.c:321(s3_event_debug) s3_event: Added timed event "tevent_req_timedout": 0x7f9bf8e7a780 [2013/12/20 16:30:45.943462, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 40 [2013/12/20 16:30:45.943476, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.943487, 10] ../lib/util/util.c:278(_dump_data) [0000] AE A1 07 79 99 21 B9 3F ...y.!.? [2013/12/20 16:30:45.943510, 11] lib/events.c:321(s3_event_debug) s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.943523, 11] lib/events.c:321(s3_event_debug) s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x7f9bf8e57040 [2013/12/20 16:30:45.943906, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 41 [2013/12/20 16:30:45.943934, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 41: got good SMB signature of [2013/12/20 16:30:45.943946, 10] ../lib/util/util.c:278(_dump_data) [0000] B3 C0 EB 4B 9E AA 00 95 ...K.... [2013/12/20 16:30:45.943969, 11] lib/events.c:321(s3_event_debug) s3_event: Destroying timer event 0x7f9bf8e7a780 "tevent_req_timedout" [2013/12/20 16:30:45.943984, 10] rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor) rpc_pipe_destructor: closed \samr [2013/12/20 16:30:45.944010, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 534543524554532F5349442F503250 [2013/12/20 16:30:45.944033, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f9bf8e7e400 [2013/12/20 16:30:45.944049, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 534543524554532F5349442F503250 [2013/12/20 16:30:45.944085, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 534543524554532F4D414348494E455F50415353574F52442E505245562F503250 [2013/12/20 16:30:45.944101, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f9bf8e7a000 [2013/12/20 16:30:45.944120, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 534543524554532F4D414348494E455F50415353574F52442E505245562F503250 [2013/12/20 16:30:45.949841, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 534543524554532F4D414348494E455F50415353574F52442F503250 [2013/12/20 16:30:45.949874, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f9bf8e7b770 [2013/12/20 16:30:45.949892, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 534543524554532F4D414348494E455F50415353574F52442F503250 [2013/12/20 16:30:45.956476, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 534543524554532F4D414348494E455F4C4153545F4348414E47455F54494D452F503250 [2013/12/20 16:30:45.956507, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f9bf8e7a000 [2013/12/20 16:30:45.956524, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 534543524554532F4D414348494E455F4C4153545F4348414E47455F54494D452F503250 [2013/12/20 16:30:45.961813, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 534543524554532F4D414348494E455F5345435F4348414E4E454C5F545950452F503250 [2013/12/20 16:30:45.961844, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f9bf8e58740 [2013/12/20 16:30:45.961859, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 534543524554532F4D414348494E455F5345435F4348414E4E454C5F545950452F503250 [2013/12/20 16:30:45.961891, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 42 [2013/12/20 16:30:45.961906, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2013/12/20 16:30:45.961918, 10] ../lib/util/util.c:278(_dump_data) [0000] FD BE 0D 26 4E 92 62 4F ...&N.bO [2013/12/20 16:30:45.961940, 6] libsmb/clientgen.c:323(write_socket) write_socket(7,39) [2013/12/20 16:30:45.961965, 6] libsmb/clientgen.c:326(write_socket) write_socket(7,39) wrote 39 [2013/12/20 16:30:45.962399, 10] lib/util_sock.c:731(read_smb_length_return_keepalive) got smb length of 35 [2013/12/20 16:30:45.962431, 5] lib/util.c:617(show_msg) [2013/12/20 16:30:45.962440, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51205 smb_tid=2048 smb_pid=20998 smb_uid=2048 smb_mid=24 smt_wct=0 smb_bcc=0 [2013/12/20 16:30:45.962494, 10] libsmb/smb_signing.c:115(smb_signing_md5) smb_signing_md5: sequence number 43 [2013/12/20 16:30:45.962507, 10] libsmb/smb_signing.c:267(smb_signing_check_pdu) smb_signing_check_pdu: seq 43: got good SMB signature of [2013/12/20 16:30:45.962519, 10] ../lib/util/util.c:278(_dump_data) [0000] 8A 70 3C 58 5A 93 74 A0 .p<XZ.t. [2013/12/20 16:30:45.962574, 10] libsmb/namequery.c:112(saf_join_store) saf_join_store: domain = [domain], server = [server.domain.local], expire = [1387582245] [2013/12/20 16:30:45.962597, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAFJOIN/DOMAIN/domain and timeout = Fri Dec 20 17:30:45 2013 (3600 seconds ahead) [2013/12/20 16:30:45.962634, 10] libsmb/namequery.c:112(saf_join_store) saf_join_store: domain = [domain.local], server = [server.domain.local], expire = [1387582245] [2013/12/20 16:30:45.962649, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAFJOIN/DOMAIN/domain.local and timeout = Fri Dec 20 17:30:45 2013 (3600 seconds ahead) [2013/12/20 16:30:45.962937, 11] libads/ldap.c:602(ads_connect) ads_connect: entering ads: struct ads_struct is_mine : true ads: struct server realm : 'domain.local' workgroup : 'domain' ldap_server : 'server.domain.local' foreign : false ads: struct auth realm : NULL password : '(PASSWORD ommited)' user_name : 'Administrator' kdc_server : NULL flags : 0x00000100 (256) 0: ADS_AUTH_DISABLE_KERBEROS 0: ADS_AUTH_NO_BIND 0: ADS_AUTH_ANON_BIND 0: ADS_AUTH_SIMPLE_BIND 0: ADS_AUTH_ALLOW_NTLMSSP 0: ADS_AUTH_SASL_SIGN 0: ADS_AUTH_SASL_SEAL 0: ADS_AUTH_SASL_FORCE time_offset : 0x00000000 (0) tgt_expire : (time_t)0 tgs_expire : (time_t)0 renewable : (time_t)0 ads: struct config flags : 0x00000000 (0) 0: DS_SERVER_PDC 0: DS_SERVER_GC 0: DS_SERVER_LDAP 0: DS_SERVER_DS 0: DS_SERVER_KDC 0: DS_SERVER_TIMESERV 0: DS_SERVER_CLOSEST 0: DS_SERVER_WRITABLE 0: DS_SERVER_GOOD_TIMESERV 0: DS_SERVER_NDNC 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 0: DS_SERVER_FULL_SECRET_DOMAIN_6 0: DS_DNS_CONTROLLER 0: DS_DNS_DOMAIN 0: DS_DNS_FOREST realm : NULL bind_path : NULL ldap_server_name : NULL server_site_name : NULL client_site_name : NULL current_time : (time_t)0 schema_path : NULL config_path : NULL ads: struct ldap ld : NULL ss : last_attempt : Fri 20 Dec 2013 04:30:45 PM CST CST port : 0x00000000 (0) wrap_type : 0x0001 (1) sbiod : NULL mem_ctx : NULL wrap_ops : NULL wrap_private_data : NULL ads: struct in ofs : 0x00000000 (0) needed : 0x00000000 (0) left : 0x00000000 (0) max_wrapped : 0x00000000 (0) min_wrapped : 0x00000000 (0) size : 0x00000000 (0) buf: ARRAY(0) ads: struct out ofs : 0x00000000 (0) left : 0x00000000 (0) max_unwrapped : 0x00000000 (0) sig_size : 0x00000000 (0) size : 0x00000000 (0) buf: ARRAY(0) [2013/12/20 16:30:45.963275, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/domain.local, value = Default-First-Site-Name, timeout = Mon Jan 18 21:14:07 2038 [2013/12/20 16:30:45.963309, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for domain.local: "Default-First-Site-Name" [2013/12/20 16:30:45.963324, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up server.domain.local#20 (sitename Default-First-Site-Name) [2013/12/20 16:30:45.963343, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/server.domain.local#20, value = SERVER-IP-ADDRESS173:0, timeout = Fri Dec 20 16:41:32 2013 [2013/12/20 16:30:45.963363, 5] libsmb/namecache.c:192(namecache_fetch) name server.domain.local#20 found. [2013/12/20 16:30:45.963409, 5] libads/ldap.c:226(ads_try_connect) ads_try_connect: sending CLDAP request to SERVER-IP-ADDRESS173 (realm: domain.local) [2013/12/20 16:30:45.964265, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [domain], sitename = [Default-First-Site-Name], expire = [2147483647] [2013/12/20 16:30:45.964294, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/domain and timeout = Mon Jan 18 21:14:07 2038 (759905002 seconds ahead) [2013/12/20 16:30:45.964335, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2147483647] [2013/12/20 16:30:45.964351, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/domain.local and timeout = Mon Jan 18 21:14:07 2038 (759905002 seconds ahead) [2013/12/20 16:30:45.964387, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server SERVER-IP-ADDRESS173 [2013/12/20 16:30:45.964404, 10] libads/ldap.c:62(ldap_open_with_timeout) Opening connection to LDAP server 'server.domain.local:389', timeout 15 seconds [2013/12/20 16:30:45.965502, 10] libads/ldap.c:76(ldap_open_with_timeout) Connected to LDAP server 'server.domain.local:389' [2013/12/20 16:30:45.965534, 3] libads/ldap.c:688(ads_connect) Connected to LDAP server server.domain.local [2013/12/20 16:30:45.965550, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2013/12/20 16:30:45.965575, 10] libsmb/namequery.c:83(saf_store) saf_store: domain = [domain], server = [server.domain.local], expire = [1387579545] [2013/12/20 16:30:45.965615, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/domain and timeout = Fri Dec 20 16:45:45 2013 (900 seconds ahead) [2013/12/20 16:30:45.965653, 10] libsmb/namequery.c:83(saf_store) saf_store: domain = [domain.local], server = [server.domain.local], expire = [1387579545] [2013/12/20 16:30:45.965670, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/domain.local and timeout = Fri Dec 20 16:45:45 2013 (900 seconds ahead) [2013/12/20 16:30:45.966165, 4] libads/ldap.c:2852(ads_current_time) time offset is 0 seconds [2013/12/20 16:30:45.966546, 4] libads/sasl.c:1114(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2013/12/20 16:30:45.967046, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 [2013/12/20 16:30:45.967071, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2013/12/20 16:30:45.967083, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2013/12/20 16:30:45.967095, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2013/12/20 16:30:45.967107, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2013/12/20 16:30:45.967118, 3] libads/sasl.c:791(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2013/12/20 16:30:45.967436, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2013/12/20 16:30:45.967495, 10] libads/sasl.c:812(ads_sasl_spnego_bind) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2013/12/20 16:30:45.967578, 10] libads/kerberos.c:188(kerberos_kinit_password_ext) kerberos_kinit_password: as Administrator@domain.local using [MEMORY:net_ads] as ccache and config [(null)] [2013/12/20 16:30:45.984471, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Sat, 21 Dec 2013 02:30:45 CST [2013/12/20 16:30:45.984511, 10] libsmb/clikrb5.c:821(ads_krb5_mk_req) ads_krb5_mk_req: Ticket (ldap/server.domain.local@domain.local) in ccache (MEMORY:net_ads) is valid until: (Sat, 21 Dec 2013 02:30:45 CST - 1387614645) [2013/12/20 16:30:45.984537, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2013/12/20 16:30:45.987578, 10] libsmb/clikrb5.c:1036(get_krb5_smb_session_key) Got KRB5 session key of length 16 [2013/12/20 16:30:45.988339, 0] libads/sasl.c:821(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials [2013/12/20 16:30:45.988812, 11] libads/ldap.c:730(ads_connect) ads_connect: leaving with: Invalid credentials ads: struct ads_struct is_mine : true ads: struct server realm : 'domain.local' workgroup : 'domain' ldap_server : 'server.domain.local' foreign : false ads: struct auth realm : 'domain.local' password : '(PASSWORD ommited)' user_name : 'Administrator' kdc_server : 'SERVER-IP-ADDRESS173' flags : 0x00000100 (256) 0: ADS_AUTH_DISABLE_KERBEROS 0: ADS_AUTH_NO_BIND 0: ADS_AUTH_ANON_BIND 0: ADS_AUTH_SIMPLE_BIND 0: ADS_AUTH_ALLOW_NTLMSSP 0: ADS_AUTH_SASL_SIGN 0: ADS_AUTH_SASL_SEAL 0: ADS_AUTH_SASL_FORCE time_offset : 0x00000000 (0) tgt_expire : Sat 21 Dec 2013 02:30:45 AM CST CST tgs_expire : Sat 21 Dec 2013 02:30:45 AM CST CST renewable : (time_t)0 ads: struct config flags : 0x000033fd (13309) 1: DS_SERVER_PDC 1: DS_SERVER_GC 1: DS_SERVER_LDAP 1: DS_SERVER_DS 1: DS_SERVER_KDC 1: DS_SERVER_TIMESERV 1: DS_SERVER_CLOSEST 1: DS_SERVER_WRITABLE 1: DS_SERVER_GOOD_TIMESERV 0: DS_SERVER_NDNC 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 1: DS_SERVER_FULL_SECRET_DOMAIN_6 0: DS_DNS_CONTROLLER 0: DS_DNS_DOMAIN 0: DS_DNS_FOREST realm : 'domain.local' bind_path : 'dc=domain,dc=LOCAL' ldap_server_name : 'server.domain.local' server_site_name : 'Default-First-Site-Name' client_site_name : 'Default-First-Site-Name' current_time : Fri 20 Dec 2013 04:30:45 PM CST CST schema_path : NULL config_path : NULL ads: struct ldap ld : * ss : SERVER-IP-ADDRESS173 last_attempt : Fri 20 Dec 2013 04:30:45 PM CST CST port : 0x00000185 (389) wrap_type : 0x0001 (1) sbiod : NULL mem_ctx : * wrap_ops : NULL wrap_private_data : NULL ads: struct in ofs : 0x00000000 (0) needed : 0x00000000 (0) left : 0x00000000 (0) max_wrapped : 0x00000000 (0) min_wrapped : 0x00000000 (0) size : 0x00000000 (0) buf: ARRAY(0) ads: struct out ofs : 0x00000000 (0) left : 0x00000000 (0) max_unwrapped : 0x00000000 (0) sig_size : 0x00000000 (0) size : 0x00000000 (0) buf: ARRAY(0) [2013/12/20 16:30:45.989210, 1] libnet/libnet_join.c:1994(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'domain' dns_domain_name : 'domain.local' forest_name : 'domain.local' dn : NULL domain_sid : * domain_sid : S-1-5-21-404543544-4040226311-1825311824 modified_config : 0x00 (0) error_string : 'failed to connect to AD: Invalid credentials' domain_is_ad : 0x01 (1) result : WERR_GENERAL_FAILURE [2013/12/20 16:30:45.989291, 10] intl/lang_tdb.c:138(lang_tdb_init) lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory [2013/12/20 16:30:45.989334, 2] utils/net.c:916(main) return code = -1 Failed to join domain: failed to connect to AD: Invalid credentials
Bryan
Hi Jakub,
I re-ran the command with -d 255 and tried my best to sanitize, here it is. I am just posting this here in case someone with more expertise knows what to do or has seen the same thing. Thanks again.
Also I noticed that just adserver does not resolve in DNS. I am _forced_ to use the FQDN like adserver.domain.local if I do a dig to find the A record. Does that make any difference? I could put it in my /etc/hosts or I could login to the AD server and run the DNS management GUI to find out what is going on.
Oh on second thought, never mind my previous paragraph. After I put a "search domain.local" in my /etc/resolv.conf now I can resolve just the short host name.
/usr/bin/ldapsearch -d 255 -LLL -H ldap://server.domain.local/ -Y GSSAPI -N -b "dc=domain,dc=local" cn &> /home/bryan/bryan.log
ldap_url_parse_ext(ldap://adserver.domain.local/) ldap_create ldap_url_parse_ext(ldap://adserver.domain.local:389/??base) ldap_sasl_interactive_bind_s: user selected: GSSAPI ldap_int_sasl_bind: GSSAPI ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP adserver.domain.local:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying IP-ADDRESS-HERE:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_int_sasl_open: host=adserver.domain.local SASL/GSSAPI authentication started ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x1ae84d0 ptr=0x1ae84d0 end=0x1ae8a5c len=1420 0000: 30 82 05 88 02 01 01 60 82 05 81 02 01 03 04 00 0......`........ 0010: a3 82 05 78 04 06 47 53 53 41 50 49 04 82 05 6c ...x..GSSAPI...l 0020: 60 82 05 68 06 09 2a 86 48 86 f7 12 01 02 02 01 `..h..*.H....... 0030: 00 6e 82 05 57 30 82 05 53 a0 03 02 01 05 a1 03 .n..W0..S....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 57 ........ ......W 0050: 61 82 04 53 30 82 04 4f a0 03 02 01 05 a1 0b 1b a..S0..O........ 0060: 09 50 32 50 2e 4c 4f 43 41 4c a2 28 30 26 a0 03 .domain.LOCAL.(0&.. 0070: 02 01 03 a1 1f 30 1d 1b 04 6c 64 61 70 1b 15 61 .....0...ldap..c 0080: 67 65 6f 30 31 76 6d 77 31 30 2e 70 32 70 2e 6c client.domain.l 0090: 6f 63 61 6c a3 82 04 0f 30 82 04 0b a0 03 02 01 ocal....0....... 00a0: 12 a1 03 02 01 0a a2 82 03 fd 04 82 03 f9 39 90 ..............9. 00b0: 06 43 0d ad 07 ce 76 81 e3 e1 d4 fa 3e 58 8f b2 .C....v.....>X.. 00c0: 19 c0 8e 1f 62 7d f9 6b d5 22 60 6b 3c 96 f2 9a ....b}.k."`k<... 00d0: a5 8e 39 a8 eb 15 8c bf 37 b3 63 28 df 06 ce fe ..9.....7.c(.... 00e0: a6 14 50 94 d0 69 69 fe fb 45 11 6e 20 34 8d 8d ..P..ii..E.n 4.. 00f0: 99 d9 bd 2a d0 9f c5 35 f2 bc 46 21 5c f9 f0 71 ...*...5..F!..q 0100: 9b 1c 59 8a 9e 42 e1 83 12 73 45 13 fd 69 ae 66 ..Y..B...sE..i.f 0110: 97 c4 f8 ca d9 e8 8d 4c c1 c4 54 e9 f0 c2 6f 09 .......L..T...o. 0120: 86 36 25 fc c1 86 89 4a e6 61 58 28 63 0e c5 24 .6%....J.aX(c..$ 0130: 0c 1c dd 28 03 ef b4 df b8 95 b1 93 37 9c 8c 84 ...(........7... 0140: 89 62 eb 3f 88 36 e3 51 ad 3e 67 4b e6 58 f1 3f .b.?.6.Q.>gK.X.? 0150: 2c 0a 74 db e5 83 d5 43 cb eb 84 3a c5 70 f7 e8 ,.t....C...:.p.. 0160: 5a 88 5d dd 33 f9 67 a6 78 40 ab b2 da e1 7d ae Z.].3.g.x@....}. 0170: f6 68 b9 8d cd 15 e7 d6 24 b3 fc cf 91 33 26 cd .h......$....3&. 0180: 38 1c 90 43 b9 54 9d 33 da 25 0a 1c 5e 0f 2b 50 8..C.T.3.%..^.+P 0190: 66 12 07 be 89 13 b2 ba ba f5 e0 46 20 fd 24 62 f..........F .$b 01a0: d1 0a 4a 4a c6 3c c4 10 a2 cb 00 7f 1c 82 91 ec ..JJ.<.......... 01b0: d7 be f0 be 56 ac c9 72 12 3e 3d b1 c1 89 85 e9 ....V..r.>=..... 01c0: fe 5e 3c b9 d1 0b 5a 20 f3 7e 6b af 7a ba 51 23 .^<...Z .~k.z.Q# 01d0: 97 85 fe 77 5d bc f1 f2 67 71 e3 19 ac ed 55 9d ...w]...gq....U. 01e0: a0 9f 1f fe 2b a7 06 76 19 80 f3 b9 5c 8f 85 af ....+..v....... 01f0: 42 6d 3f f7 9d c2 e8 bb 78 c2 d4 ec 0a bd 1f da Bm?.....x....... 0200: 0c ab 08 8b b7 57 ff 74 87 be 0c 07 40 e7 f4 d6 .....W.t....@... 0210: de 50 3b ca 05 83 55 3d 53 2d dc e0 61 d4 c1 bf .P;...U=S-..a... 0220: b9 f9 38 25 89 50 2c e0 d8 c0 99 28 28 93 19 63 ..8%.P,....((..c 0230: d5 53 0e 3e 7f 8f 5b 3b 5e 02 cb 7d 5f bf c9 bd .S.>..[;^..}_... 0240: 8e a9 79 bb 0a b0 6c 26 8e 9a c5 3d 17 03 6b e1 ..y...l&...=..k. 0250: 29 f8 0b 43 18 b3 42 05 1a 14 35 36 9a d3 58 91 )..C..B...56..X. 0260: 56 cc 06 f2 dd 2d de 4d 8d c5 f0 ac b9 63 be 35 V....-.M.....c.5 0270: 3a a2 64 a8 3c 0f 60 e4 bf 86 e3 e4 23 6e 19 d6 :.d.<.`.....#n.. 0280: 24 15 aa 28 64 9a cc fb e1 4d 3c f6 c2 58 51 8d $..(d....M<..XQ. 0290: ae 07 11 39 21 d4 ed 6c 80 84 35 4b 1f 63 58 65 ...9!..l..5K.cXe 02a0: f4 3a 42 76 6b 41 97 3b 1f d4 f3 db ca 49 3d ed .:BvkA.;.....I=. 02b0: 56 5c 38 fe 7d 1f 75 ab 6e 53 1e 5d 34 df 8b 42 V\8.}.u.nS.]4..B 02c0: d9 2d 79 eb 7c fa 83 5f f7 65 3a a6 9f e3 d5 b2 .-y.|.._.e:..... 02d0: 52 9b e9 cb b7 71 d1 8d e5 b1 eb aa 8e ac 14 65 R....q.........e 02e0: 05 41 54 83 ae e8 88 04 57 06 63 d1 14 ac 06 b1 .AT.....W.c..... 02f0: ec 90 38 9a f8 d6 e0 28 75 37 f8 9b 60 d1 e3 35 ..8....(u7..`..5 0300: 22 98 ec 7b 06 a5 1b 36 dc a6 e1 32 d0 22 93 e8 "..{...6...2.".. 0310: f6 77 ad 4e 2b e2 ef be 62 91 2c 5f b9 8c e7 50 .w.N+...b.,_...P 0320: af 46 4b e9 42 4f 2f d5 c5 89 e6 0d d4 d8 25 61 .FK.BO/.......%a 0330: 0f 98 03 99 91 76 7a 89 58 ca df 2a e6 0b 2a 08 .....vz.X..*..*. 0340: ad ed 44 fa 39 a5 d2 01 5d bd f9 48 a2 a3 ef 75 ..D.9...]..H...u 0350: 32 66 c3 d5 dd ad d0 b7 bf da 6b 87 9f 61 07 b8 2f........k..a.. 0360: 14 08 3e cc 58 a0 77 3f a6 57 19 8b 6b 17 f8 c9 ..>.X.w?.W..k... 0370: 2b ac 02 b6 ee 34 37 89 d4 6c 88 18 bb d6 b6 35 +....47..l.....5 0380: e1 4c 89 e3 8e 51 20 a9 04 50 36 0f 14 65 4f 25 .L...Q ..P6..eO% 0390: 52 17 c3 a0 3a c5 8a a3 e3 7d 7b 5c f1 5a c7 a3 R...:....}{.Z.. 03a0: be 62 b3 42 46 14 93 95 50 57 1c e8 fb 94 94 3f .b.BF...PW.....? 03b0: f0 62 54 90 ce b2 b0 1d 90 ed 57 ce 7a ce 33 cb .bT.......W.z.3. 03c0: 2a 0b 2f e9 41 b4 67 80 45 a4 23 fb 11 12 0a db *./.A.g.E.#..... 03d0: e3 d9 26 d0 88 45 22 77 19 86 95 95 8c 69 bc 55 ..&..E"w.....i.U 03e0: 3d 2e 4d 78 20 b0 69 d8 c8 33 68 f8 64 b9 8a 5c =.Mx .i..3h.d..\ 03f0: 49 da 8d 28 fe 3f 67 a8 d3 71 fd fd 20 c8 36 39 I..(.?g..q.. .69 0400: 12 26 03 c8 d5 53 df 4e 18 c2 55 91 9c 23 f3 6e .&...S.N..U..#.n 0410: 2a db f8 eb 43 2a 14 9c e7 b9 43 2a 2a bc 6a 26 *...C*....C**.j& 0420: 03 2b 2f e7 6b bd 7a c7 3a 79 1e 95 9d 01 09 9e .+/.k.z.:y...... 0430: 3a 73 a0 c2 10 4e 47 03 ff f6 b7 33 bb 73 96 2b :s...NG....3.s.+ 0440: 3e 70 08 a9 9f 0a 4a 47 54 2d 16 a1 ad 90 fd 32 >p....JGT-.....2 0450: eb 9c e2 35 35 73 bf 41 4f 6a fa 9c f2 78 83 00 ...55s.AOj...x.. 0460: 66 bd 8b d4 ca b6 87 6f 93 63 ed e4 54 d9 03 cc f......o.c..T... 0470: df 6a 5c 52 df a8 76 f9 d0 56 c4 9a c5 3c cc 36 .j\R..v..V...<.6 0480: 4e 1d 18 b6 47 d2 2b 23 d0 ac 7f 02 db ad 57 4f N...G.+#......WO 0490: 01 0b 0d 27 fd e2 08 80 5f 1d 45 db 38 d6 ae 13 ...'...._.E.8... 04a0: 46 46 ef 82 f4 02 f3 a4 81 e2 30 81 df a0 03 02 FF........0..... 04b0: 01 12 a2 81 d7 04 81 d4 aa ad 5b d7 ec 84 8d 0e ..........[..... 04c0: 37 dc eb c3 e5 17 a1 c6 8d 09 b7 28 a0 e3 99 93 7..........(.... 04d0: 71 be d5 17 71 01 31 d5 7d 3c 96 61 49 25 23 a2 q...q.1.}<.aI%#. 04e0: 2a 80 0f 56 ef 81 d3 f5 b8 5d 07 fa da 1e d7 06 *..V.....]...... 04f0: 4c 80 eb 37 10 19 e1 97 10 9a fa 20 f4 8a f0 e3 L..7....... .... 0500: c1 8b 7a 30 5b a2 1b fe 4f ac 5b 13 ea 2f f3 f9 ..z0[...O.[../.. 0510: 3a 11 a3 07 43 b2 ff cd ec 14 ff d3 e9 f5 c8 ff :...C........... 0520: 48 21 72 6c 15 b6 ce 32 85 36 70 a3 39 28 e8 48 H!rl...2.6p.9(.H 0530: 92 1f 8f 60 7e 4a 1a 23 31 4a 0d 64 db 21 9b 16 ...`~J.#1J.d.!.. 0540: 29 3c 0e 3e fd b2 ad 69 5d 3b 8e fb aa b4 8a 83 )<.>...i];...... 0550: b6 bc 5c 23 4e 35 0b ce ae d1 9f 9f 73 48 b8 c1 ..#N5......sH.. 0560: 61 82 78 c0 fe b3 c4 cf 2e 24 26 3a ac 53 d7 e2 a.x......$&:.S.. 0570: d2 93 db 70 ef f6 88 03 b1 b3 08 17 03 ba 30 83 ...p..........0. 0580: 8a 1a 02 62 a7 85 57 25 a6 71 85 c3 ...b..W%.q.. ber_scanf fmt ({i) ber: ber_dump: buf=0x1ae84d0 ptr=0x1ae84d7 end=0x1ae8a5c len=1413 0000: 60 82 05 81 02 01 03 04 00 a3 82 05 78 04 06 47 `...........x..G 0010: 53 53 41 50 49 04 82 05 6c 60 82 05 68 06 09 2a SSAPI...l`..h..* 0020: 86 48 86 f7 12 01 02 02 01 00 6e 82 05 57 30 82 .H........n..W0. 0030: 05 53 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 .S.............. 0040: 00 20 00 00 00 a3 82 04 57 61 82 04 53 30 82 04 . ......Wa..S0.. 0050: 4f a0 03 02 01 05 a1 0b 1b 09 50 32 50 2e 4c 4f O.........DOMAIN.LO 0060: 43 41 4c a2 28 30 26 a0 03 02 01 03 a1 1f 30 1d CAL.(0&.......0. 0070: 1b 04 6c 64 61 70 1b 15 61 67 65 6f 30 31 76 6d ..ldap..client 0080: 77 31 30 2e 70 32 70 2e 6c 6f 63 61 6c a3 82 04 .domain.local... 0090: 0f 30 82 04 0b a0 03 02 01 12 a1 03 02 01 0a a2 .0.............. 00a0: 82 03 fd 04 82 03 f9 39 90 06 43 0d ad 07 ce 76 .......9..C....v 00b0: 81 e3 e1 d4 fa 3e 58 8f b2 19 c0 8e 1f 62 7d f9 .....>X......b}. 00c0: 6b d5 22 60 6b 3c 96 f2 9a a5 8e 39 a8 eb 15 8c k."`k<.....9.... 00d0: bf 37 b3 63 28 df 06 ce fe a6 14 50 94 d0 69 69 .7.c(......P..ii 00e0: fe fb 45 11 6e 20 34 8d 8d 99 d9 bd 2a d0 9f c5 ..E.n 4.....*... 00f0: 35 f2 bc 46 21 5c f9 f0 71 9b 1c 59 8a 9e 42 e1 5..F!..q..Y..B. 0100: 83 12 73 45 13 fd 69 ae 66 97 c4 f8 ca d9 e8 8d ..sE..i.f....... 0110: 4c c1 c4 54 e9 f0 c2 6f 09 86 36 25 fc c1 86 89 L..T...o..6%.... 0120: 4a e6 61 58 28 63 0e c5 24 0c 1c dd 28 03 ef b4 J.aX(c..$...(... 0130: df b8 95 b1 93 37 9c 8c 84 89 62 eb 3f 88 36 e3 .....7....b.?.6. 0140: 51 ad 3e 67 4b e6 58 f1 3f 2c 0a 74 db e5 83 d5 Q.>gK.X.?,.t.... 0150: 43 cb eb 84 3a c5 70 f7 e8 5a 88 5d dd 33 f9 67 C...:.p..Z.].3.g 0160: a6 78 40 ab b2 da e1 7d ae f6 68 b9 8d cd 15 e7 .x@....}..h..... 0170: d6 24 b3 fc cf 91 33 26 cd 38 1c 90 43 b9 54 9d .$....3&.8..C.T. 0180: 33 da 25 0a 1c 5e 0f 2b 50 66 12 07 be 89 13 b2 3.%..^.+Pf...... 0190: ba ba f5 e0 46 20 fd 24 62 d1 0a 4a 4a c6 3c c4 ....F .$b..JJ.<. 01a0: 10 a2 cb 00 7f 1c 82 91 ec d7 be f0 be 56 ac c9 .............V.. 01b0: 72 12 3e 3d b1 c1 89 85 e9 fe 5e 3c b9 d1 0b 5a r.>=......^<...Z 01c0: 20 f3 7e 6b af 7a ba 51 23 97 85 fe 77 5d bc f1 .~k.z.Q#...w].. 01d0: f2 67 71 e3 19 ac ed 55 9d a0 9f 1f fe 2b a7 06 .gq....U.....+.. 01e0: 76 19 80 f3 b9 5c 8f 85 af 42 6d 3f f7 9d c2 e8 v.......Bm?.... 01f0: bb 78 c2 d4 ec 0a bd 1f da 0c ab 08 8b b7 57 ff .x............W. 0200: 74 87 be 0c 07 40 e7 f4 d6 de 50 3b ca 05 83 55 t....@....P;...U 0210: 3d 53 2d dc e0 61 d4 c1 bf b9 f9 38 25 89 50 2c =S-..a.....8%.P, 0220: e0 d8 c0 99 28 28 93 19 63 d5 53 0e 3e 7f 8f 5b ....((..c.S.>..[ 0230: 3b 5e 02 cb 7d 5f bf c9 bd 8e a9 79 bb 0a b0 6c ;^..}_.....y...l 0240: 26 8e 9a c5 3d 17 03 6b e1 29 f8 0b 43 18 b3 42 &...=..k.)..C..B 0250: 05 1a 14 35 36 9a d3 58 91 56 cc 06 f2 dd 2d de ...56..X.V....-. 0260: 4d 8d c5 f0 ac b9 63 be 35 3a a2 64 a8 3c 0f 60 M.....c.5:.d.<.` 0270: e4 bf 86 e3 e4 23 6e 19 d6 24 15 aa 28 64 9a cc .....#n..$..(d.. 0280: fb e1 4d 3c f6 c2 58 51 8d ae 07 11 39 21 d4 ed ..M<..XQ....9!.. 0290: 6c 80 84 35 4b 1f 63 58 65 f4 3a 42 76 6b 41 97 l..5K.cXe.:BvkA. 02a0: 3b 1f d4 f3 db ca 49 3d ed 56 5c 38 fe 7d 1f 75 ;.....I=.V\8.}.u 02b0: ab 6e 53 1e 5d 34 df 8b 42 d9 2d 79 eb 7c fa 83 .nS.]4..B.-y.|.. 02c0: 5f f7 65 3a a6 9f e3 d5 b2 52 9b e9 cb b7 71 d1 _.e:.....R....q. 02d0: 8d e5 b1 eb aa 8e ac 14 65 05 41 54 83 ae e8 88 ........e.AT.... 02e0: 04 57 06 63 d1 14 ac 06 b1 ec 90 38 9a f8 d6 e0 .W.c.......8.... 02f0: 28 75 37 f8 9b 60 d1 e3 35 22 98 ec 7b 06 a5 1b (u7..`..5"..{... 0300: 36 dc a6 e1 32 d0 22 93 e8 f6 77 ad 4e 2b e2 ef 6...2."...w.N+.. 0310: be 62 91 2c 5f b9 8c e7 50 af 46 4b e9 42 4f 2f .b.,_...P.FK.BO/ 0320: d5 c5 89 e6 0d d4 d8 25 61 0f 98 03 99 91 76 7a .......%a.....vz 0330: 89 58 ca df 2a e6 0b 2a 08 ad ed 44 fa 39 a5 d2 .X..*..*...D.9.. 0340: 01 5d bd f9 48 a2 a3 ef 75 32 66 c3 d5 dd ad d0 .]..H...u2f..... 0350: b7 bf da 6b 87 9f 61 07 b8 14 08 3e cc 58 a0 77 ...k..a....>.X.w 0360: 3f a6 57 19 8b 6b 17 f8 c9 2b ac 02 b6 ee 34 37 ?.W..k...+....47 0370: 89 d4 6c 88 18 bb d6 b6 35 e1 4c 89 e3 8e 51 20 ..l.....5.L...Q 0380: a9 04 50 36 0f 14 65 4f 25 52 17 c3 a0 3a c5 8a ..P6..eO%R...:.. 0390: a3 e3 7d 7b 5c f1 5a c7 a3 be 62 b3 42 46 14 93 ..}{.Z...b.BF.. 03a0: 95 50 57 1c e8 fb 94 94 3f f0 62 54 90 ce b2 b0 .PW.....?.bT.... 03b0: 1d 90 ed 57 ce 7a ce 33 cb 2a 0b 2f e9 41 b4 67 ...W.z.3.*./.A.g 03c0: 80 45 a4 23 fb 11 12 0a db e3 d9 26 d0 88 45 22 .E.#.......&..E" 03d0: 77 19 86 95 95 8c 69 bc 55 3d 2e 4d 78 20 b0 69 w.....i.U=.Mx .i 03e0: d8 c8 33 68 f8 64 b9 8a 5c 49 da 8d 28 fe 3f 67 ..3h.d..\I..(.?g 03f0: a8 d3 71 fd fd 20 c8 36 39 12 26 03 c8 d5 53 df ..q.. .69.&...S. 0400: 4e 18 c2 55 91 9c 23 f3 6e 2a db f8 eb 43 2a 14 N..U..#.n*...C*. 0410: 9c e7 b9 43 2a 2a bc 6a 26 03 2b 2f e7 6b bd 7a ...C**.j&.+/.k.z 0420: c7 3a 79 1e 95 9d 01 09 9e 3a 73 a0 c2 10 4e 47 .:y......:s...NG 0430: 03 ff f6 b7 33 bb 73 96 2b 3e 70 08 a9 9f 0a 4a ....3.s.+>p....J 0440: 47 54 2d 16 a1 ad 90 fd 32 eb 9c e2 35 35 73 bf GT-.....2...55s. 0450: 41 4f 6a fa 9c f2 78 83 00 66 bd 8b d4 ca b6 87 AOj...x..f...... 0460: 6f 93 63 ed e4 54 d9 03 cc df 6a 5c 52 df a8 76 o.c..T....j\R..v 0470: f9 d0 56 c4 9a c5 3c cc 36 4e 1d 18 b6 47 d2 2b ..V...<.6N...G.+ 0480: 23 d0 ac 7f 02 db ad 57 4f 01 0b 0d 27 fd e2 08 #......WO...'... 0490: 80 5f 1d 45 db 38 d6 ae 13 46 46 ef 82 f4 02 f3 ._.E.8...FF..... 04a0: a4 81 e2 30 81 df a0 03 02 01 12 a2 81 d7 04 81 ...0............ 04b0: d4 aa ad 5b d7 ec 84 8d 0e 37 dc eb c3 e5 17 a1 ...[.....7...... 04c0: c6 8d 09 b7 28 a0 e3 99 93 71 be d5 17 71 01 31 ....(....q...q.1 04d0: d5 7d 3c 96 61 49 25 23 a2 2a 80 0f 56 ef 81 d3 .}<.aI%#.*..V... 04e0: f5 b8 5d 07 fa da 1e d7 06 4c 80 eb 37 10 19 e1 ..]......L..7... 04f0: 97 10 9a fa 20 f4 8a f0 e3 c1 8b 7a 30 5b a2 1b .... ......z0[.. 0500: fe 4f ac 5b 13 ea 2f f3 f9 3a 11 a3 07 43 b2 ff .O.[../..:...C.. 0510: cd ec 14 ff d3 e9 f5 c8 ff 48 21 72 6c 15 b6 ce .........H!rl... 0520: 32 85 36 70 a3 39 28 e8 48 92 1f 8f 60 7e 4a 1a 2.6p.9(.H...`~J. 0530: 23 31 4a 0d 64 db 21 9b 16 29 3c 0e 3e fd b2 ad #1J.d.!..)<.>... 0540: 69 5d 3b 8e fb aa b4 8a 83 b6 bc 5c 23 4e 35 0b i];........#N5. 0550: ce ae d1 9f 9f 73 48 b8 c1 61 82 78 c0 fe b3 c4 .....sH..a.x.... 0560: cf 2e 24 26 3a ac 53 d7 e2 d2 93 db 70 ef f6 88 ..$&:.S.....p... 0570: 03 b1 b3 08 17 03 ba 30 83 8a 1a 02 62 a7 85 57 .......0....b..W 0580: 25 a6 71 85 c3 %.q.. ber_flush2: 1420 bytes to sd 3 0000: 30 82 05 88 02 01 01 60 82 05 81 02 01 03 04 00 0......`........ 0010: a3 82 05 78 04 06 47 53 53 41 50 49 04 82 05 6c ...x..GSSAPI...l 0020: 60 82 05 68 06 09 2a 86 48 86 f7 12 01 02 02 01 `..h..*.H....... 0030: 00 6e 82 05 57 30 82 05 53 a0 03 02 01 05 a1 03 .n..W0..S....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 57 ........ ......W 0050: 61 82 04 53 30 82 04 4f a0 03 02 01 05 a1 0b 1b a..S0..O........ 0060: 09 50 32 50 2e 4c 4f 43 41 4c a2 28 30 26 a0 03 .domain.LOCAL.(0&.. 0070: 02 01 03 a1 1f 30 1d 1b 04 6c 64 61 70 1b 15 61 .....0...ldap..c 0080: 67 65 6f 30 31 76 6d 77 31 30 2e 70 32 70 2e 6c lient.domain.l 0090: 6f 63 61 6c a3 82 04 0f 30 82 04 0b a0 03 02 01 ocal....0....... 00a0: 12 a1 03 02 01 0a a2 82 03 fd 04 82 03 f9 39 90 ..............9. 00b0: 06 43 0d ad 07 ce 76 81 e3 e1 d4 fa 3e 58 8f b2 .C....v.....>X.. 00c0: 19 c0 8e 1f 62 7d f9 6b d5 22 60 6b 3c 96 f2 9a ....b}.k."`k<... 00d0: a5 8e 39 a8 eb 15 8c bf 37 b3 63 28 df 06 ce fe ..9.....7.c(.... 00e0: a6 14 50 94 d0 69 69 fe fb 45 11 6e 20 34 8d 8d ..P..ii..E.n 4.. 00f0: 99 d9 bd 2a d0 9f c5 35 f2 bc 46 21 5c f9 f0 71 ...*...5..F!..q 0100: 9b 1c 59 8a 9e 42 e1 83 12 73 45 13 fd 69 ae 66 ..Y..B...sE..i.f 0110: 97 c4 f8 ca d9 e8 8d 4c c1 c4 54 e9 f0 c2 6f 09 .......L..T...o. 0120: 86 36 25 fc c1 86 89 4a e6 61 58 28 63 0e c5 24 .6%....J.aX(c..$ 0130: 0c 1c dd 28 03 ef b4 df b8 95 b1 93 37 9c 8c 84 ...(........7... 0140: 89 62 eb 3f 88 36 e3 51 ad 3e 67 4b e6 58 f1 3f .b.?.6.Q.>gK.X.? 0150: 2c 0a 74 db e5 83 d5 43 cb eb 84 3a c5 70 f7 e8 ,.t....C...:.p.. 0160: 5a 88 5d dd 33 f9 67 a6 78 40 ab b2 da e1 7d ae Z.].3.g.x@....}. 0170: f6 68 b9 8d cd 15 e7 d6 24 b3 fc cf 91 33 26 cd .h......$....3&. 0180: 38 1c 90 43 b9 54 9d 33 da 25 0a 1c 5e 0f 2b 50 8..C.T.3.%..^.+P 0190: 66 12 07 be 89 13 b2 ba ba f5 e0 46 20 fd 24 62 f..........F .$b 01a0: d1 0a 4a 4a c6 3c c4 10 a2 cb 00 7f 1c 82 91 ec ..JJ.<.......... 01b0: d7 be f0 be 56 ac c9 72 12 3e 3d b1 c1 89 85 e9 ....V..r.>=..... 01c0: fe 5e 3c b9 d1 0b 5a 20 f3 7e 6b af 7a ba 51 23 .^<...Z .~k.z.Q# 01d0: 97 85 fe 77 5d bc f1 f2 67 71 e3 19 ac ed 55 9d ...w]...gq....U. 01e0: a0 9f 1f fe 2b a7 06 76 19 80 f3 b9 5c 8f 85 af ....+..v....... 01f0: 42 6d 3f f7 9d c2 e8 bb 78 c2 d4 ec 0a bd 1f da Bm?.....x....... 0200: 0c ab 08 8b b7 57 ff 74 87 be 0c 07 40 e7 f4 d6 .....W.t....@... 0210: de 50 3b ca 05 83 55 3d 53 2d dc e0 61 d4 c1 bf .P;...U=S-..a... 0220: b9 f9 38 25 89 50 2c e0 d8 c0 99 28 28 93 19 63 ..8%.P,....((..c 0230: d5 53 0e 3e 7f 8f 5b 3b 5e 02 cb 7d 5f bf c9 bd .S.>..[;^..}_... 0240: 8e a9 79 bb 0a b0 6c 26 8e 9a c5 3d 17 03 6b e1 ..y...l&...=..k. 0250: 29 f8 0b 43 18 b3 42 05 1a 14 35 36 9a d3 58 91 )..C..B...56..X. 0260: 56 cc 06 f2 dd 2d de 4d 8d c5 f0 ac b9 63 be 35 V....-.M.....c.5 0270: 3a a2 64 a8 3c 0f 60 e4 bf 86 e3 e4 23 6e 19 d6 :.d.<.`.....#n.. 0280: 24 15 aa 28 64 9a cc fb e1 4d 3c f6 c2 58 51 8d $..(d....M<..XQ. 0290: ae 07 11 39 21 d4 ed 6c 80 84 35 4b 1f 63 58 65 ...9!..l..5K.cXe 02a0: f4 3a 42 76 6b 41 97 3b 1f d4 f3 db ca 49 3d ed .:BvkA.;.....I=. 02b0: 56 5c 38 fe 7d 1f 75 ab 6e 53 1e 5d 34 df 8b 42 V\8.}.u.nS.]4..B 02c0: d9 2d 79 eb 7c fa 83 5f f7 65 3a a6 9f e3 d5 b2 .-y.|.._.e:..... 02d0: 52 9b e9 cb b7 71 d1 8d e5 b1 eb aa 8e ac 14 65 R....q.........e 02e0: 05 41 54 83 ae e8 88 04 57 06 63 d1 14 ac 06 b1 .AT.....W.c..... 02f0: ec 90 38 9a f8 d6 e0 28 75 37 f8 9b 60 d1 e3 35 ..8....(u7..`..5 0300: 22 98 ec 7b 06 a5 1b 36 dc a6 e1 32 d0 22 93 e8 "..{...6...2.".. 0310: f6 77 ad 4e 2b e2 ef be 62 91 2c 5f b9 8c e7 50 .w.N+...b.,_...P 0320: af 46 4b e9 42 4f 2f d5 c5 89 e6 0d d4 d8 25 61 .FK.BO/.......%a 0330: 0f 98 03 99 91 76 7a 89 58 ca df 2a e6 0b 2a 08 .....vz.X..*..*. 0340: ad ed 44 fa 39 a5 d2 01 5d bd f9 48 a2 a3 ef 75 ..D.9...]..H...u 0350: 32 66 c3 d5 dd ad d0 b7 bf da 6b 87 9f 61 07 b8 2f........k..a.. 0360: 14 08 3e cc 58 a0 77 3f a6 57 19 8b 6b 17 f8 c9 ..>.X.w?.W..k... 0370: 2b ac 02 b6 ee 34 37 89 d4 6c 88 18 bb d6 b6 35 +....47..l.....5 0380: e1 4c 89 e3 8e 51 20 a9 04 50 36 0f 14 65 4f 25 .L...Q ..P6..eO% 0390: 52 17 c3 a0 3a c5 8a a3 e3 7d 7b 5c f1 5a c7 a3 R...:....}{.Z.. 03a0: be 62 b3 42 46 14 93 95 50 57 1c e8 fb 94 94 3f .b.BF...PW.....? 03b0: f0 62 54 90 ce b2 b0 1d 90 ed 57 ce 7a ce 33 cb .bT.......W.z.3. 03c0: 2a 0b 2f e9 41 b4 67 80 45 a4 23 fb 11 12 0a db *./.A.g.E.#..... 03d0: e3 d9 26 d0 88 45 22 77 19 86 95 95 8c 69 bc 55 ..&..E"w.....i.U 03e0: 3d 2e 4d 78 20 b0 69 d8 c8 33 68 f8 64 b9 8a 5c =.Mx .i..3h.d..\ 03f0: 49 da 8d 28 fe 3f 67 a8 d3 71 fd fd 20 c8 36 39 I..(.?g..q.. .69 0400: 12 26 03 c8 d5 53 df 4e 18 c2 55 91 9c 23 f3 6e .&...S.N..U..#.n 0410: 2a db f8 eb 43 2a 14 9c e7 b9 43 2a 2a bc 6a 26 *...C*....C**.j& 0420: 03 2b 2f e7 6b bd 7a c7 3a 79 1e 95 9d 01 09 9e .+/.k.z.:y...... 0430: 3a 73 a0 c2 10 4e 47 03 ff f6 b7 33 bb 73 96 2b :s...NG....3.s.+ 0440: 3e 70 08 a9 9f 0a 4a 47 54 2d 16 a1 ad 90 fd 32 >p....JGT-.....2 0450: eb 9c e2 35 35 73 bf 41 4f 6a fa 9c f2 78 83 00 ...55s.AOj...x.. 0460: 66 bd 8b d4 ca b6 87 6f 93 63 ed e4 54 d9 03 cc f......o.c..T... 0470: df 6a 5c 52 df a8 76 f9 d0 56 c4 9a c5 3c cc 36 .j\R..v..V...<.6 0480: 4e 1d 18 b6 47 d2 2b 23 d0 ac 7f 02 db ad 57 4f N...G.+#......WO 0490: 01 0b 0d 27 fd e2 08 80 5f 1d 45 db 38 d6 ae 13 ...'...._.E.8... 04a0: 46 46 ef 82 f4 02 f3 a4 81 e2 30 81 df a0 03 02 FF........0..... 04b0: 01 12 a2 81 d7 04 81 d4 aa ad 5b d7 ec 84 8d 0e ..........[..... 04c0: 37 dc eb c3 e5 17 a1 c6 8d 09 b7 28 a0 e3 99 93 7..........(.... 04d0: 71 be d5 17 71 01 31 d5 7d 3c 96 61 49 25 23 a2 q...q.1.}<.aI%#. 04e0: 2a 80 0f 56 ef 81 d3 f5 b8 5d 07 fa da 1e d7 06 *..V.....]...... 04f0: 4c 80 eb 37 10 19 e1 97 10 9a fa 20 f4 8a f0 e3 L..7....... .... 0500: c1 8b 7a 30 5b a2 1b fe 4f ac 5b 13 ea 2f f3 f9 ..z0[...O.[../.. 0510: 3a 11 a3 07 43 b2 ff cd ec 14 ff d3 e9 f5 c8 ff :...C........... 0520: 48 21 72 6c 15 b6 ce 32 85 36 70 a3 39 28 e8 48 H!rl...2.6p.9(.H 0530: 92 1f 8f 60 7e 4a 1a 23 31 4a 0d 64 db 21 9b 16 ...`~J.#1J.d.!.. 0540: 29 3c 0e 3e fd b2 ad 69 5d 3b 8e fb aa b4 8a 83 )<.>...i];...... 0550: b6 bc 5c 23 4e 35 0b ce ae d1 9f 9f 73 48 b8 c1 ..#N5......sH.. 0560: 61 82 78 c0 fe b3 c4 cf 2e 24 26 3a ac 53 d7 e2 a.x......$&:.S.. 0570: d2 93 db 70 ef f6 88 03 b1 b3 08 17 03 ba 30 83 ...p..........0. 0580: 8a 1a 02 62 a7 85 57 25 a6 71 85 c3 ...b..W%.q.. ldap_write: want=1420, written=1420 0000: 30 82 05 88 02 01 01 60 82 05 81 02 01 03 04 00 0......`........ 0010: a3 82 05 78 04 06 47 53 53 41 50 49 04 82 05 6c ...x..GSSAPI...l 0020: 60 82 05 68 06 09 2a 86 48 86 f7 12 01 02 02 01 `..h..*.H....... 0030: 00 6e 82 05 57 30 82 05 53 a0 03 02 01 05 a1 03 .n..W0..S....... 0040: 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 57 ........ ......W 0050: 61 82 04 53 30 82 04 4f a0 03 02 01 05 a1 0b 1b a..S0..O........ 0060: 09 50 32 50 2e 4c 4f 43 41 4c a2 28 30 26 a0 03 .DOMAIN.LOCAL.(0&.. 0070: 02 01 03 a1 1f 30 1d 1b 04 6c 64 61 70 1b 15 61 .....0...ldap..c 0080: 67 65 6f 30 31 76 6d 77 31 30 2e 70 32 70 2e 6c client.domain.l 0090: 6f 63 61 6c a3 82 04 0f 30 82 04 0b a0 03 02 01 ocal....0....... 00a0: 12 a1 03 02 01 0a a2 82 03 fd 04 82 03 f9 39 90 ..............9. 00b0: 06 43 0d ad 07 ce 76 81 e3 e1 d4 fa 3e 58 8f b2 .C....v.....>X.. 00c0: 19 c0 8e 1f 62 7d f9 6b d5 22 60 6b 3c 96 f2 9a ....b}.k."`k<... 00d0: a5 8e 39 a8 eb 15 8c bf 37 b3 63 28 df 06 ce fe ..9.....7.c(.... 00e0: a6 14 50 94 d0 69 69 fe fb 45 11 6e 20 34 8d 8d ..P..ii..E.n 4.. 00f0: 99 d9 bd 2a d0 9f c5 35 f2 bc 46 21 5c f9 f0 71 ...*...5..F!..q 0100: 9b 1c 59 8a 9e 42 e1 83 12 73 45 13 fd 69 ae 66 ..Y..B...sE..i.f 0110: 97 c4 f8 ca d9 e8 8d 4c c1 c4 54 e9 f0 c2 6f 09 .......L..T...o. 0120: 86 36 25 fc c1 86 89 4a e6 61 58 28 63 0e c5 24 .6%....J.aX(c..$ 0130: 0c 1c dd 28 03 ef b4 df b8 95 b1 93 37 9c 8c 84 ...(........7... 0140: 89 62 eb 3f 88 36 e3 51 ad 3e 67 4b e6 58 f1 3f .b.?.6.Q.>gK.X.? 0150: 2c 0a 74 db e5 83 d5 43 cb eb 84 3a c5 70 f7 e8 ,.t....C...:.p.. 0160: 5a 88 5d dd 33 f9 67 a6 78 40 ab b2 da e1 7d ae Z.].3.g.x@....}. 0170: f6 68 b9 8d cd 15 e7 d6 24 b3 fc cf 91 33 26 cd .h......$....3&. 0180: 38 1c 90 43 b9 54 9d 33 da 25 0a 1c 5e 0f 2b 50 8..C.T.3.%..^.+P 0190: 66 12 07 be 89 13 b2 ba ba f5 e0 46 20 fd 24 62 f..........F .$b 01a0: d1 0a 4a 4a c6 3c c4 10 a2 cb 00 7f 1c 82 91 ec ..JJ.<.......... 01b0: d7 be f0 be 56 ac c9 72 12 3e 3d b1 c1 89 85 e9 ....V..r.>=..... 01c0: fe 5e 3c b9 d1 0b 5a 20 f3 7e 6b af 7a ba 51 23 .^<...Z .~k.z.Q# 01d0: 97 85 fe 77 5d bc f1 f2 67 71 e3 19 ac ed 55 9d ...w]...gq....U. 01e0: a0 9f 1f fe 2b a7 06 76 19 80 f3 b9 5c 8f 85 af ....+..v....... 01f0: 42 6d 3f f7 9d c2 e8 bb 78 c2 d4 ec 0a bd 1f da Bm?.....x....... 0200: 0c ab 08 8b b7 57 ff 74 87 be 0c 07 40 e7 f4 d6 .....W.t....@... 0210: de 50 3b ca 05 83 55 3d 53 2d dc e0 61 d4 c1 bf .P;...U=S-..a... 0220: b9 f9 38 25 89 50 2c e0 d8 c0 99 28 28 93 19 63 ..8%.P,....((..c 0230: d5 53 0e 3e 7f 8f 5b 3b 5e 02 cb 7d 5f bf c9 bd .S.>..[;^..}_... 0240: 8e a9 79 bb 0a b0 6c 26 8e 9a c5 3d 17 03 6b e1 ..y...l&...=..k. 0250: 29 f8 0b 43 18 b3 42 05 1a 14 35 36 9a d3 58 91 )..C..B...56..X. 0260: 56 cc 06 f2 dd 2d de 4d 8d c5 f0 ac b9 63 be 35 V....-.M.....c.5 0270: 3a a2 64 a8 3c 0f 60 e4 bf 86 e3 e4 23 6e 19 d6 :.d.<.`.....#n.. 0280: 24 15 aa 28 64 9a cc fb e1 4d 3c f6 c2 58 51 8d $..(d....M<..XQ. 0290: ae 07 11 39 21 d4 ed 6c 80 84 35 4b 1f 63 58 65 ...9!..l..5K.cXe 02a0: f4 3a 42 76 6b 41 97 3b 1f d4 f3 db ca 49 3d ed .:BvkA.;.....I=. 02b0: 56 5c 38 fe 7d 1f 75 ab 6e 53 1e 5d 34 df 8b 42 V\8.}.u.nS.]4..B 02c0: d9 2d 79 eb 7c fa 83 5f f7 65 3a a6 9f e3 d5 b2 .-y.|.._.e:..... 02d0: 52 9b e9 cb b7 71 d1 8d e5 b1 eb aa 8e ac 14 65 R....q.........e 02e0: 05 41 54 83 ae e8 88 04 57 06 63 d1 14 ac 06 b1 .AT.....W.c..... 02f0: ec 90 38 9a f8 d6 e0 28 75 37 f8 9b 60 d1 e3 35 ..8....(u7..`..5 0300: 22 98 ec 7b 06 a5 1b 36 dc a6 e1 32 d0 22 93 e8 "..{...6...2.".. 0310: f6 77 ad 4e 2b e2 ef be 62 91 2c 5f b9 8c e7 50 .w.N+...b.,_...P 0320: af 46 4b e9 42 4f 2f d5 c5 89 e6 0d d4 d8 25 61 .FK.BO/.......%a 0330: 0f 98 03 99 91 76 7a 89 58 ca df 2a e6 0b 2a 08 .....vz.X..*..*. 0340: ad ed 44 fa 39 a5 d2 01 5d bd f9 48 a2 a3 ef 75 ..D.9...]..H...u 0350: 32 66 c3 d5 dd ad d0 b7 bf da 6b 87 9f 61 07 b8 2f........k..a.. 0360: 14 08 3e cc 58 a0 77 3f a6 57 19 8b 6b 17 f8 c9 ..>.X.w?.W..k... 0370: 2b ac 02 b6 ee 34 37 89 d4 6c 88 18 bb d6 b6 35 +....47..l.....5 0380: e1 4c 89 e3 8e 51 20 a9 04 50 36 0f 14 65 4f 25 .L...Q ..P6..eO% 0390: 52 17 c3 a0 3a c5 8a a3 e3 7d 7b 5c f1 5a c7 a3 R...:....}{.Z.. 03a0: be 62 b3 42 46 14 93 95 50 57 1c e8 fb 94 94 3f .b.BF...PW.....? 03b0: f0 62 54 90 ce b2 b0 1d 90 ed 57 ce 7a ce 33 cb .bT.......W.z.3. 03c0: 2a 0b 2f e9 41 b4 67 80 45 a4 23 fb 11 12 0a db *./.A.g.E.#..... 03d0: e3 d9 26 d0 88 45 22 77 19 86 95 95 8c 69 bc 55 ..&..E"w.....i.U 03e0: 3d 2e 4d 78 20 b0 69 d8 c8 33 68 f8 64 b9 8a 5c =.Mx .i..3h.d..\ 03f0: 49 da 8d 28 fe 3f 67 a8 d3 71 fd fd 20 c8 36 39 I..(.?g..q.. .69 0400: 12 26 03 c8 d5 53 df 4e 18 c2 55 91 9c 23 f3 6e .&...S.N..U..#.n 0410: 2a db f8 eb 43 2a 14 9c e7 b9 43 2a 2a bc 6a 26 *...C*....C**.j& 0420: 03 2b 2f e7 6b bd 7a c7 3a 79 1e 95 9d 01 09 9e .+/.k.z.:y...... 0430: 3a 73 a0 c2 10 4e 47 03 ff f6 b7 33 bb 73 96 2b :s...NG....3.s.+ 0440: 3e 70 08 a9 9f 0a 4a 47 54 2d 16 a1 ad 90 fd 32 >p....JGT-.....2 0450: eb 9c e2 35 35 73 bf 41 4f 6a fa 9c f2 78 83 00 ...55s.AOj...x.. 0460: 66 bd 8b d4 ca b6 87 6f 93 63 ed e4 54 d9 03 cc f......o.c..T... 0470: df 6a 5c 52 df a8 76 f9 d0 56 c4 9a c5 3c cc 36 .j\R..v..V...<.6 0480: 4e 1d 18 b6 47 d2 2b 23 d0 ac 7f 02 db ad 57 4f N...G.+#......WO 0490: 01 0b 0d 27 fd e2 08 80 5f 1d 45 db 38 d6 ae 13 ...'...._.E.8... 04a0: 46 46 ef 82 f4 02 f3 a4 81 e2 30 81 df a0 03 02 FF........0..... 04b0: 01 12 a2 81 d7 04 81 d4 aa ad 5b d7 ec 84 8d 0e ..........[..... 04c0: 37 dc eb c3 e5 17 a1 c6 8d 09 b7 28 a0 e3 99 93 7..........(.... 04d0: 71 be d5 17 71 01 31 d5 7d 3c 96 61 49 25 23 a2 q...q.1.}<.aI%#. 04e0: 2a 80 0f 56 ef 81 d3 f5 b8 5d 07 fa da 1e d7 06 *..V.....]...... 04f0: 4c 80 eb 37 10 19 e1 97 10 9a fa 20 f4 8a f0 e3 L..7....... .... 0500: c1 8b 7a 30 5b a2 1b fe 4f ac 5b 13 ea 2f f3 f9 ..z0[...O.[../.. 0510: 3a 11 a3 07 43 b2 ff cd ec 14 ff d3 e9 f5 c8 ff :...C........... 0520: 48 21 72 6c 15 b6 ce 32 85 36 70 a3 39 28 e8 48 H!rl...2.6p.9(.H 0530: 92 1f 8f 60 7e 4a 1a 23 31 4a 0d 64 db 21 9b 16 ...`~J.#1J.d.!.. 0540: 29 3c 0e 3e fd b2 ad 69 5d 3b 8e fb aa b4 8a 83 )<.>...i];...... 0550: b6 bc 5c 23 4e 35 0b ce ae d1 9f 9f 73 48 b8 c1 ..#N5......sH.. 0560: 61 82 78 c0 fe b3 c4 cf 2e 24 26 3a ac 53 d7 e2 a.x......$&:.S.. 0570: d2 93 db 70 ef f6 88 03 b1 b3 08 17 03 ba 30 83 ...p..........0. 0580: 8a 1a 02 62 a7 85 57 25 a6 71 85 c3 ...b..W%.q.. ldap_result ld 0x1ad7210 msgid 1 wait4msg ld 0x1ad7210 msgid 1 (infinite timeout) wait4msg continue ld 0x1ad7210 msgid 1 all 1 ** ld 0x1ad7210 Connections: * host: adserver.domain.local port: 389 (default) refcnt: 2 status: Connected last used: Fri Dec 20 16:18:34 2013
** ld 0x1ad7210 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x1ad7210 request count 1 (abandoned 0) ** ld 0x1ad7210 Response Queue: Empty ld 0x1ad7210 response count 0 ldap_chkResponseList ld 0x1ad7210 msgid 1 all 1 ldap_chkResponseList returns ld 0x1ad7210 NULL ldap_int_select read1msg: ld 0x1ad7210 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 84 00 00 00 76 02 01 0....v.. ldap_read: want=116, got=116 0000: 01 61 84 00 00 00 6d 0a 01 0e 04 00 04 00 87 64 .a....m........d 0010: 60 62 06 09 2a 86 48 86 f7 12 01 02 02 03 00 7e `b..*.H........~ 0020: 53 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 11 18 S0Q............. 0030: 0f 32 30 31 33 31 32 32 30 32 32 31 38 33 34 5a .20131220221834Z 0040: a5 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 1b 09 .....@.....).... 0050: 50 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 03 02 DOMAIN.LOCAL..0.... 0060: 01 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 76 6d ....0...ageo01vm 0070: 77 31 30 24 w10$ ber_get_next: tag 0x30 len 118 contents: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4ce0 end=0x1ae4d56 len=118 0000: 02 01 01 61 84 00 00 00 6d 0a 01 0e 04 00 04 00 ...a....m....... 0010: 87 64 60 62 06 09 2a 86 48 86 f7 12 01 02 02 03 .d`b..*.H....... 0020: 00 7e 53 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 .~S0Q........... 0030: 11 18 0f 32 30 31 33 31 32 32 30 32 32 31 38 33 ...2013122022183 0040: 34 5a a5 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 4Z.....@.....).. 0050: 1b 09 50 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 ..DOMAIN.LOCAL..0.. 0060: 03 02 01 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 ......0...clie 0070: 76 6d 77 31 30 24 nt$ read1msg: ld 0x1ad7210 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4ce3 end=0x1ae4d56 len=115 0000: 61 84 00 00 00 6d 0a 01 0e 04 00 04 00 87 64 60 a....m........d` 0010: 62 06 09 2a 86 48 86 f7 12 01 02 02 03 00 7e 53 b..*.H........~S 0020: 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 11 18 0f 0Q.............. 0030: 32 30 31 33 31 32 32 30 32 32 31 38 33 34 5a a5 20131220221834Z. 0040: 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 1b 09 50 ....@.....)....D 0050: 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 03 02 01 OMAIN.LOCAL..0..... 0060: 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 76 6d 77 ...0...clie 0070: 31 30 24 10$ read1msg: ld 0x1ad7210 0 new referrals read1msg: mark request completed, ld 0x1ad7210 msgid 1 request done: ld 0x1ad7210 msgid 1 res_errno: 14, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_sasl_bind_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4ce3 end=0x1ae4d56 len=115 0000: 61 84 00 00 00 6d 0a 01 0e 04 00 04 00 87 64 60 a....m........d` 0010: 62 06 09 2a 86 48 86 f7 12 01 02 02 03 00 7e 53 b..*.H........~S 0020: 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 11 18 0f 0Q.............. 0030: 32 30 31 33 31 32 32 30 32 32 31 38 33 34 5a a5 20131220221834Z. 0040: 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 1b 09 50 ....@.....)....P 0050: 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 03 02 01 2P.LOCAL..0..... 0060: 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 76 6d 77 ...0...ageo01vmw 0070: 31 30 24 10$ ber_scanf fmt (O) ber: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4cf0 end=0x1ae4d56 len=102 0000: 87 64 60 62 06 09 2a 86 48 86 f7 12 01 02 02 03 .d`b..*.H....... 0010: 00 7e 53 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 .~S0Q........... 0020: 11 18 0f 32 30 31 33 31 32 32 30 32 32 31 38 33 ...2013122022183 0030: 34 5a a5 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 4Z.....@.....).. 0040: 1b 09 50 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 ..domain.LOCAL..0.. 0050: 03 02 01 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 ......0...ageo01 0060: 76 6d 77 31 30 24 vmw10$ ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4ce3 end=0x1ae4d56 len=115 0000: 61 84 00 00 00 6d 0a 01 0e 04 00 04 00 87 64 60 a....m........d` 0010: 62 06 09 2a 86 48 86 f7 12 01 02 02 03 00 7e 53 b..*.H........~S 0020: 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 11 18 0f 0Q.............. 0030: 32 30 31 33 31 32 32 30 32 32 31 38 33 34 5a a5 20131220221834Z. 0040: 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 1b 09 50 ....@.....)....P 0050: 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 03 02 01 2P.LOCAL..0..... 0060: 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 76 6d 77 ...0...ageo01vmw 0070: 31 30 24 nt$ ber_scanf fmt (x) ber: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4cf0 end=0x1ae4d56 len=102 0000: 87 64 60 62 06 09 2a 86 48 86 f7 12 01 02 02 03 .d`b..*.H....... 0010: 00 7e 53 30 51 a0 03 02 01 05 a1 03 02 01 1e a4 .~S0Q........... 0020: 11 18 0f 32 30 31 33 31 32 32 30 32 32 31 38 33 ...2013122022183 0030: 34 5a a5 05 02 03 0a 40 93 a6 03 02 01 29 a9 0b 4Z.....@.....).. 0040: 1b 09 50 32 50 2e 4c 4f 43 41 4c aa 19 30 17 a0 ..DOMAIN.LOCAL..0.. 0050: 03 02 01 01 a1 10 30 0e 1b 0c 61 67 65 6f 30 31 ......0...cli 0060: 76 6d 77 31 30 24 ent$ ber_scanf fmt (}) ber: ber_dump: buf=0x1ae4ce0 ptr=0x1ae4d56 end=0x1ae4d56 len=0
ldap_msgfree sasl_client_step: -1 ldap_err2string ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Message stream modified)
Bryan
On Dec 19, 2013, at 12:30 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Dec 18, 2013 at 10:38:39PM +0000, Bryan Harris wrote: Hi Jakub, On Dec 18, 2013, at 03:35 AM, Jakub Hrozek jhrozek@redhat.com wrote: On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote: On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote:
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal
5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without. btw keytabs that are generated with Samba or realmd should already contain this principal. In general, I think using Samba or realmd is even easier and should be recommended. When I try using the commands from the guide for using Samba, this is the output I receive for doing with -U Administrator (see below for -k method). net ads join -U Administrator Enter Administrator's password: [2013/12/18 16:35:48.221674, 0] libads/sasl.c:821(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials When I try using the -k method, this is the output. kinit administrator Password for administrator@DOMAIN.LOCAL: root@client:/var/log/sssd# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@DOMAIN.LOCAL Valid starting Expires Service principal 12/18/13 16:34:33 12/19/13 02:34:34 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 16:34:33 root@client:/var/log/sssd# net ads join -k Failed to join domain: failed to lookup DC info for domain 'DOMAIN.LOCAL' over rpc: Logon failure Any ideas? Do you think it means I have a firewall problem? It lets me have a kerberos ticket at least, I guess that's good? Bryan
Sorry, this is out of my domain of expertise. Maybe passing the -d parameter to net ads would reveal some more info?
Or perhaps some of the Samba developers lurking on this list could help.. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Fri, 2013-12-20 at 22:29 +0000, Bryan Harris wrote:
Hi Jakub,
I re-ran the command with -d 255 and tried my best to sanitize, here it is. I am just posting this here in case someone with more expertise knows what to do or has seen the same thing. Thanks again.
Also I noticed that just adserver does not resolve in DNS. I am _forced_ to use the FQDN like adserver.domain.local if I do a dig to find the A record. Does that make any difference? I could put it in my /etc/hosts or I could login to the AD server and run the DNS management GUI to find out what is going on.
Oh on second thought, never mind my previous paragraph. After I put a "search domain.local" in my /etc/resolv.conf now I can resolve just the short host name.
Is your domain really called ".local" ? That can cause quite some trouble on the Windows side, as .local is generally reserved for mDNS ... https://en.wikipedia.org/wiki/.local
Simo.
Hi Simo,
On Dec 23, 2013, at 08:21 AM, Simo Sorce simo@redhat.com wrote:
On Fri, 2013-12-20 at 22:29 +0000, Bryan Harris wrote: Hi Jakub, I re-ran the command with -d 255 and tried my best to sanitize, here it is. I am just posting this here in case someone with more expertise knows what to do or has seen the same thing. Thanks again. Also I noticed that just adserver does not resolve in DNS. I am _forced_ to use the FQDN like adserver.domain.local if I do a dig to find the A record. Does that make any difference? I could put it in my /etc/hosts or I could login to the AD server and run the DNS management GUI to find out what is going on. Oh on second thought, never mind my previous paragraph. After I put a "search domain.local" in my /etc/resolv.conf now I can resolve just the short host name. Is your domain really called ".local" ? That can cause quite some trouble on the Windows side, as .local is generally reserved for mDNS ... https://en.wikipedia.org/wiki/.local
Well, I had originally tried for something else, but it was not up to me and for whatever reason the .local in the domain was decided upon at some point by the customer. To be honest the thought of the domain causing problems has not even crossed my mind until your email. I suppose that I would need to know for sure that this would all work with a different domain name, which I may not be able to do.
Thanks for your response. I will try and remember this next time someone tries to use a .local for the domain. Bryan
Simo Sorce wrote:
On Fri, 2013-12-20 at 22:29 +0000, Bryan Harris wrote:
I re-ran the command with -d 255 and tried my best to sanitize, here it is. I am just posting this here in case someone with more expertise knows what to do or has seen the same thing. Thanks again.
Also I noticed that just adserver does not resolve in DNS. I am _forced_ to use the FQDN like adserver.domain.local if I do a dig to find the A record. Does that make any difference? I could put it in my /etc/hosts or I could login to the AD server and run the DNS management GUI to find out what is going on.
Oh on second thought, never mind my previous paragraph. After I put a "search domain.local" in my /etc/resolv.conf now I can resolve just the short host name.
Is your domain really called ".local" ? That can cause quite some trouble on the Windows side, as .local is generally reserved for mDNS ... https://en.wikipedia.org/wiki/.local
Yes, one should remove any references to mdns related modules in /etc/nsswitch.conf when using top-level domain .local.
(BTW: Is anybody really using mDNS/zero-conf? I really wonder why everybody has to disable this cruft.)
Ciao, Michael.
Hello Sumit,
Thanks for your reply! I will comment in-line below.
On Dec 18, 2013, at 02:42 AM, Sumit Bose sbose@redhat.com wrote:
On Wed, Dec 18, 2013 at 12:54:37AM +0000, Bryan Harris wrote: root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
You need CLIENT$@AD.EXAMPLE.COM in the keytab as well. Any chance you used -setupn with the ktpass command? If yes, please try without. Here are the commands I used. Unless it is implied or enabled by default, I did not use the -setupn (at least not on purpose).
client = sssd Debian server hostname
setspn -A host/client.domain.local@DOMAIN.LOCAL client setspn -L client ktpass /princ host/client.domain.local@DOMAIN.LOCAL /out c:\client-host.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -desonly /mapuser DOMAIN\client$ /pass *
Also, when I run ktpass I get this message. Just thought I would mention in case it's important.
WARNING: Account AGEO01VMW03$ is not a user account (uacflags=0x11001). WARNING: Resetting AGEO01VMW03$'s password may cause authentication problems if AGEO01VMW03$ is being used as a server.
Bryan
PS - I have the AD server IP address in my resolv.conf (it's the only name server). Not sure if that matters or not. I can do normal DNS lookups plus I can successfully lookup things like _kerberos._tcp.domain.local. I can give more DNS details if needed.
Hello all,
I wasn't sure who to reply to so here goes. I have tried an alternative method of kinit arguments, and received a ticket back this time. I just wanted to mention it and show the output, even though it seems now that I may want to use the Samba tools to do these steps anyway.
Here it is, sanitized.
client = Linux Debian sssd client domain.local is the AD domain
kinit -k 'host/client.domain.local@DOMAIN.LOCAL' klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: host/client.domain.local@DOMAIN.LOCAL
Valid starting Expires Service principal 12/18/13 17:06:16 12/19/13 03:06:14 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 17:06:16
Bryan
On Dec 17, 2013, at 06:54 PM, Bryan Harris bryanlharris@me.com wrote:
Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a 2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd to authenticate with a Windows 2008 Domain Server" found on the sssd website on fedorahosted.org. Here is the link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20...
I'm at the step where I run kinit -k CLIENT$@AD.EXAMPLE.COM. Unfortunately it's not working for me. When I run the command on the client I get this: kinit: Client not found in Kerberos database while getting initial credentials The Windows server is running Windows 2008 R2, for forest functional level I selected 2008 R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
I had a similar problem a while back, and I even mailed the list for help. In that case however, I was able to get things to work by simply re-running the setspn and ktpass commands. However, that workaround is not fixing the issue this time.
Any help would be greatly appreciated. Bryan _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I am running: sssd.x86_64: 1.9.2-82.4.el6_4
On scientific linux 6.4.
I do not have sssd and sudo integration because sudo is not available in our AD/ldap provided by the university. I have added a couple usernames unto the local sudoers file. I also haven't set any of the sudo options in my sssd.conf
I set to use local files only for sudo in nsswitch sudoers: files
However, whenever i call sudo as a user authenticated through sssd, sssd reaches out and does tons ( at least 54 ) of ldap searches, which return empty because sudo does not exist in the ldap, then i can eventually enter my password and use sudo.
Here's a section of my sssd log. When this returns that "ldap_result found nothing" i can enter my password to proceed with local sudo.
(Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=dhe,DC=duke,DC=edu] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectSID=S-edited)(objectclass=group)(name=*))][DC=dhe,DC=duke,DC=edu]. (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 54 (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 0 results. (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[(nil)], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
How can i prevent these queries and just use the local sudoers files as indicated in nsswitch?
thank, -Chris
On 12/19/2013 11:20 AM, Chris Petty wrote:
I am running: sssd.x86_64: 1.9.2-82.4.el6_4
On scientific linux 6.4.
I do not have sssd and sudo integration because sudo is not available in our AD/ldap provided by the university. I have added a couple usernames unto the local sudoers file. I also haven't set any of the sudo options in my sssd.conf
I set to use local files only for sudo in nsswitch sudoers: files
However, whenever i call sudo as a user authenticated through sssd, sssd reaches out and does tons ( at least 54 ) of ldap searches, which return empty because sudo does not exist in the ldap, then i can eventually enter my password and use sudo.
Here's a section of my sssd log. When this returns that "ldap_result found nothing" i can enter my password to proceed with local sudo.
(Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=dhe,DC=duke,DC=edu] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectSID=S-edited)(objectclass=group)(name=*))][DC=dhe,DC=duke,DC=edu]. (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 54 (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 0 results. (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[(nil)], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
How can i prevent these queries and just use the local sudoers files as indicated in nsswitch?
thank, -Chris _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I do not think it searches for sudo information. On every login SSSD refreshes data about user and groups to be able to serve most recent information about a user. The volume of the searches is probably related to the resolution of the nexted groups and group membership which indicates to me that you are using LDAP back end rather than and AD back end for AD communication. sssd.conf would be helpful to prove this theory.
If it is try then there are two issues: a) Many lookups - switch to AD back end for that b) sudo is not working - does it or you are just concerned about the noise?
here's my sssd.conf .... sudo eventually works, just after a long timeout
[sssd] config_file_version = 2 services = nss, pam domains = default
[nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd override_shell = /bin/bash override_homedir = /mnt/nfs_home/%u/linux
[pam]
[domain/default] debug_level = 8 id_provider = ad auth_provider = ad access_provider = ldap chpass_provider = ad ad_domain = edited ldap_search_base = edited ldap_idmap_default_domain = edited ldap_sasl_mech = GSSAPI ldap_sasl_authid = edited ldap_account_expire_policy = ad ldap_access_order = expire ldap_schema = ad ldap_referrals = False ldap_id_mapping = True ldap_force_upper_case_realm = True ldap_user_search_base = edited ldap_idmap_default_domain_sid = edited ldap_tls_reqcert = never case_sensitive = False krb5_lifetime = 10h krb5_renewable_lifetime = 7d krb5_renew_interval = 3600 ldap_account_expire_policy = ad krb5_realm = DHE.DUKE.EDU #these will go away with IDMU uid ldap_idmap_range_size = 20000000 ldap_idmap_range_min = 0 ldap_idmap_range_max = 2000000000 min_id = 500 override_gid = 197250
On 12/19/2013 11:43 AM, Dmitri Pal wrote:
On 12/19/2013 11:20 AM, Chris Petty wrote:
I am running: sssd.x86_64: 1.9.2-82.4.el6_4
On scientific linux 6.4.
I do not have sssd and sudo integration because sudo is not available in our AD/ldap provided by the university. I have added a couple usernames unto the local sudoers file. I also haven't set any of the sudo options in my sssd.conf
I set to use local files only for sudo in nsswitch sudoers: files
However, whenever i call sudo as a user authenticated through sssd, sssd reaches out and does tons ( at least 54 ) of ldap searches, which return empty because sudo does not exist in the ldap, then i can eventually enter my password and use sudo.
Here's a section of my sssd log. When this returns that "ldap_result found nothing" i can enter my password to proceed with local sudo.
(Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=dhe,DC=duke,DC=edu] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectSID=S-edited)(objectclass=group)(name=*))][DC=dhe,DC=duke,DC=edu]. (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 54 (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[0x2563870], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 0 results. (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x21309c0], connected[1], ops[(nil)], ldap[0x265b420] (Thu Dec 19 11:12:22 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
How can i prevent these queries and just use the local sudoers files as indicated in nsswitch?
thank, -Chris _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I do not think it searches for sudo information. On every login SSSD refreshes data about user and groups to be able to serve most recent information about a user. The volume of the searches is probably related to the resolution of the nexted groups and group membership which indicates to me that you are using LDAP back end rather than and AD back end for AD communication. sssd.conf would be helpful to prove this theory.
If it is try then there are two issues: a) Many lookups - switch to AD back end for that b) sudo is not working - does it or you are just concerned about the noise?
On Thu, Dec 19, 2013 at 11:42:54AM -0500, Dmitri Pal wrote:
I do not think it searches for sudo information. On every login SSSD refreshes data about user and groups to be able to serve most recent information about a user. The volume of the searches is probably related to the resolution of the nexted groups and group membership which indicates to me that you are using LDAP back end rather than and AD back end for AD communication. sssd.conf would be helpful to prove this theory.
If it is try then there are two issues: a) Many lookups - switch to AD back end for that b) sudo is not working - does it or you are just concerned about the noise?
Right, I also suspect the noise is due to initgroups or looking up other information about the user or his groups. I suspect the latter, because initgroups are really fast with ID mapping and in the log snippet I saw a request by SID.
It would be nice to also see what's in the sssd_nss log, then we might see what requests exactly come to the SSSD.
Here is what was printed to the sssd_nss log at level 5 when i ran a sudo command.
Also, the full sssd.conf that i am currently running on this machine.
-chris
On 12/19/2013 01:27 PM, Jakub Hrozek wrote:
On Thu, Dec 19, 2013 at 11:42:54AM -0500, Dmitri Pal wrote:
I do not think it searches for sudo information. On every login SSSD refreshes data about user and groups to be able to serve most recent information about a user. The volume of the searches is probably related to the resolution of the nexted groups and group membership which indicates to me that you are using LDAP back end rather than and AD back end for AD communication. sssd.conf would be helpful to prove this theory.
If it is try then there are two issues: a) Many lookups - switch to AD back end for that b) sudo is not working - does it or you are just concerned about the noise?
Right, I also suspect the noise is due to initgroups or looking up other information about the user or his groups. I suspect the latter, because initgroups are really fast with ID mapping and in the log snippet I saw a request by SID.
It would be nice to also see what's in the sssd_nss log, then we might see what requests exactly come to the SSSD. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Thu, Dec 19, 2013 at 06:48:41PM +0000, Chris Petty wrote:
Here is what was printed to the sssd_nss log at level 5 when i ran a sudo command.
Also, the full sssd.conf that i am currently running on this machine.
-chris
Seems like there is a lot of requests coming in for groups-by-gid. I'm not sure if these come from sudo or elsewhere, but group requests can can be really slow if the groups are huge and/or nested.
Do you rely on the groups members being returned? If not, you could set: ignore_group_members = True
From man sssd.conf:
ignore_group_members (bool) Do not return group members for group lookups.
If set to TRUE, the group membership attribute is not requested from the ldap server, and group members are not returned when processing group lookup calls.
Default: FALSE
But this option is only available starting with RHEL 6.5, given you run Scientific Linux, you might need to wait a bit (or rebuild the RHEL SRPM yourself). Or alternatively try the custom RPMs I built a while ago: http://jhrozek.fedorapeople.org/sssd-test-builds/ignore-member/x86_64/
On Wed, Dec 18, 2013 at 11:11:12PM +0000, Bryan Harris wrote:
Hello all,
I wasn't sure who to reply to so here goes. I have tried an alternative method of kinit arguments, and received a ticket back this time. I just wanted to mention it and show the output, even though it seems now that I may want to use the Samba tools to do these steps anyway.
Here it is, sanitized.
client = Linux Debian sssd client domain.local is the AD domain
kinit -k 'host/client.domain.local@DOMAIN.LOCAL' klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: host/client.domain.local@DOMAIN.LOCAL
Valid starting Expires Service principal 12/18/13 17:06:16 12/19/13 03:06:14 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 17:06:16
Bryan
Are you able to request service tickets using this principal? Would ldapsearch with "-Y GSSAPI" work with this ticket?
Hi Jakub,
Thank you for your help. Here is the command I run and the result. Do you think sssd v1.2.1-4+squeeze1 is not high enough? That is what I have installed. I can also mention my SASL library is called libsasl2-2 and the version is 2.1.23.dfsg1-7.
/usr/bin/ldapsearch -LLL -H ldap://adserver.domain.local/ -Y GSSAPI -N -b "dc=domain,dc=local" cn SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Message stream modified Bryan
On Dec 19, 2013, at 12:29 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Dec 18, 2013 at 11:11:12PM +0000, Bryan Harris wrote: Hello all, I wasn't sure who to reply to so here goes. I have tried an alternative method of kinit arguments, and received a ticket back this time. I just wanted to mention it and show the output, even though it seems now that I may want to use the Samba tools to do these steps anyway. Here it is, sanitized. client = Linux Debian sssd client domain.local is the AD domain kinit -k 'host/client.domain.local@DOMAIN.LOCAL' klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: host/client.domain.local@DOMAIN.LOCAL Valid starting Expires Service principal 12/18/13 17:06:16 12/19/13 03:06:14 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 12/25/13 17:06:16 Bryan
Are you able to request service tickets using this principal? Would ldapsearch with "-Y GSSAPI" work with this ticket? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Bryan Harris wrote:
Do you think sssd v1.2.1-4+squeeze1 is not high enough? That is what I have installed.
You should seriously consider upgrading. This old version has bugs in the caching code which leads to user/groups to be still present even when deleted in the LDAP server.
Ciao, Michael.
Thanks Michael. Ever since I saw that the version was so low compared to what I'd used on RHEL 6 I've suspected the same. We aren't allowed here to use PPAs. One of my coworkers searched sssd in back ports of Debian 6 and couldn't find it. Oh well, maybe there is an easier more established way of doing simple AD auth in Debian 6 than sssd. (-:
Bryan
On Dec 21, 2013, at 9:09 AM, Michael Ströder michael@stroeder.com wrote:
Bryan Harris wrote:
Do you think sssd v1.2.1-4+squeeze1 is not high enough? That is what I have installed.
You should seriously consider upgrading. This old version has bugs in the caching code which leads to user/groups to be still present even when deleted in the LDAP server.
Ciao, Michael.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi Michael,
On Dec 21, 2013, at 09:09 AM, Michael Ströder michael@stroeder.com wrote:
Bryan Harris wrote: Do you think sssd v1.2.1-4+squeeze1 is not high enough? That is what I have installed.
You should seriously consider upgrading. This old version has bugs in the caching code which leads to user/groups to be still present even when deleted in the LDAP server. Does anyone happen to have a PPA where I can get a newer SSSD without compiling from source myself? I am on Debian 6. Bryan
sssd-users@lists.fedorahosted.org
-
Bryan Harris -
Chris Petty -
Dmitri Pal -
Jakub Hrozek -
John Hodrien -
Michael Ströder -
Ondrej Valousek -
Simo Sorce -
Sumit Bose