Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] net ads testjoin OK, net rpc testjoin fails
175 views
Skip to first unread message
Russell Ault via samba
Aug 11, 2016, 5:20:03 PM8/11/16
to
Hello (again) all!
After successfully joining my Debian Jessie box to my Server 2012R2-based domain as a domain member, I've run into another snag. The installation worked successful for a couple days as a file server, and then after a while I stopped being able to access the file server. After trying various trouble-shooting steps (including nuking the samba and winbind installations and reinstalling) I'm left in the following scenario:
root@domain-member:~# net ads testjoin
Join is OK
root@domain-member:~# net ads info
LDAP server: 192.168.0.34
LDAP server name: ad-domain-controller.domain.local
Realm: DOMAIN.LOCAL
Bind Path: dc=DOMAIN,dc=LOCAL
LDAP port: 389
Server time: Thu, 11 Aug 2016 14:57:38 MDT
KDC server: 192.168.0.34
Server time offset: 0
root@domain-member:~# net rpc testjoin -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
Processing section "[global]"
doing parameter netbios name = DOMAIN-MEMBER
doing parameter security = ADS
doing parameter workgroup = DOMAIN
doing parameter realm = DOMAIN.LOCAL
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config DOMAIN:backend = ad
doing parameter idmap config DOMAIN:schema_mode = rfc2307
doing parameter idmap config DOMAIN:range = 10000-99999
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind nss info = template
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter vfs objects = acl_xattr
doing parameter map acl inherit = yes
doing parameter store dos attributes = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="DOMAIN-MEMBER"
added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for DOMAIN: "Default-First-Site-Name"
dsgetdcname_internal: domain_name: DOMAIN, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40000000
debug_dsdcinfo_flags: 0x40000000
DS_RETURN_DNS_NAME
dsgetdcname_internal: domain_name: DOMAIN, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40000001
debug_dsdcinfo_flags: 0x40000001
DS_FORCE_REDISCOVERY DS_RETURN_DNS_NAME
dsgetdcname_rediscover
dns_send_req: Failed to resolve _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1c (sitename (null))
no entry for DOMAIN#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
discover_dc_netbios: failed to find DC
dsgetdcname_rediscover
dns_send_req: Failed to resolve _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1c (sitename (null))
no entry for DOMAIN#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
discover_dc_netbios: failed to find DC
return code = -1
Freeing parametrics:
root@domain-member:~# cat /etc/samba/smb.conf
[global]
netbios name = DOMAIN-MEMBER
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[upload]
path = /var/www/upload
read only = no
admin users = "@DOMAIN\Domain Admins"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
After successfully joining my Debian Jessie box to my Server 2012R2-based domain as a domain member, I've run into another snag. The installation worked successful for a couple days as a file server, and then after a while I stopped being able to access the file server. After trying various trouble-shooting steps (including nuking the samba and winbind installations and reinstalling) I'm left in the following scenario:
root@domain-member:~# net ads testjoin
Join is OK
root@domain-member:~# net ads info
LDAP server: 192.168.0.34
LDAP server name: ad-domain-controller.domain.local
Realm: DOMAIN.LOCAL
Bind Path: dc=DOMAIN,dc=LOCAL
LDAP port: 389
Server time: Thu, 11 Aug 2016 14:57:38 MDT
KDC server: 192.168.0.34
Server time offset: 0
root@domain-member:~# net rpc testjoin -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
Processing section "[global]"
doing parameter netbios name = DOMAIN-MEMBER
doing parameter security = ADS
doing parameter workgroup = DOMAIN
doing parameter realm = DOMAIN.LOCAL
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config DOMAIN:backend = ad
doing parameter idmap config DOMAIN:schema_mode = rfc2307
doing parameter idmap config DOMAIN:range = 10000-99999
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind nss info = template
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter vfs objects = acl_xattr
doing parameter map acl inherit = yes
doing parameter store dos attributes = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="DOMAIN-MEMBER"
added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for DOMAIN: "Default-First-Site-Name"
dsgetdcname_internal: domain_name: DOMAIN, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40000000
debug_dsdcinfo_flags: 0x40000000
DS_RETURN_DNS_NAME
dsgetdcname_internal: domain_name: DOMAIN, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40000001
debug_dsdcinfo_flags: 0x40000001
DS_FORCE_REDISCOVERY DS_RETURN_DNS_NAME
dsgetdcname_rediscover
dns_send_req: Failed to resolve _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1c (sitename (null))
no entry for DOMAIN#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
discover_dc_netbios: failed to find DC
dsgetdcname_rediscover
dns_send_req: Failed to resolve _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1c (sitename (null))
no entry for DOMAIN#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
discover_dc_netbios: failed to find DC
return code = -1
Freeing parametrics:
root@domain-member:~# cat /etc/samba/smb.conf
[global]
netbios name = DOMAIN-MEMBER
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[upload]
path = /var/www/upload
read only = no
admin users = "@DOMAIN\Domain Admins"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Russell Ault via samba
Aug 11, 2016, 7:30:03 PM8/11/16
to
Okay, here's another wrinkle: if I run 'net rpc testjoin' immediately after joining, it succeeds, but 'net rpc info' fails (see below for the -d10 output). 'net rpc testjoin' fails as described in my last message after a reboot.
Looking at the output from the failures, I notice that 'net rpc' is looking for SRV records at '_ldap._tcp.pdc._msdcs.DOMAIN' instead of '_ldap._tcp.pdc._msdcs.domain.local'. Needless to say, an SRV lookup for '_ldap._tcp.pdc._msdcs.DOMAIN' returns nothing, but an SRV lookup for '_ldap._tcp.pdc._msdcs.domain.local' returns my AD domain controller (which is why 'net ads testjoin' works). What would be causing 'net rpc' to be looking in the wrong place?
Thank you for any help you can give me!
Sincerely,
Russell Ault
root@domain-member:~# net ads join -Udomain-admin
Enter domain-admin's password:
Using short domain name -- DOMAIN
Joined 'DOMAIN-MEMBER' to dns domain 'domain.local'
info: struct netr_DsRGetDCNameInfo
dc_unc : *
dc_unc : 'ad-domain-controller.domain.local'
dc_address : *
dc_address : '\\192.168.0.34'
dc_address_type : DS_ADDRESS_TYPE_INET (1)
domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470
domain_name : *
domain_name : 'domain.local'
forest_name : *
forest_name : 'domain.local'
dc_flags : 0xe000f3fd (3758158845)
1: DS_SERVER_PDC
1: DS_SERVER_GC
1: DS_SERVER_LDAP
1: DS_SERVER_DS
1: DS_SERVER_KDC
1: DS_SERVER_TIMESERV
1: DS_SERVER_CLOSEST
1: DS_SERVER_WRITABLE
1: DS_SERVER_GOOD_TIMESERV
0: DS_SERVER_NDNC
0: DS_SERVER_SELECT_SECRET_DOMAIN_6
1: DS_SERVER_FULL_SECRET_DOMAIN_6
1: DS_SERVER_WEBSERV
1: DS_DNS_CONTROLLER
1: DS_DNS_DOMAIN
1: DS_DNS_FOREST_ROOT
dc_site_name : *
dc_site_name : 'Default-First-Site-Name'
client_site_name : *
client_site_name : 'Default-First-Site-Name'
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
internal_resolve_name: looking up ad-domain-controller.domain.local#20 (sitename Default-First-Site-Name)
name ad-domain-controller.domain.local#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 192.168.0.34 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
signed SMB2 message
signed SMB2 message
cli_init_creds: user DOMAIN-MEMBER$ domain DOMAIN
signed SMB2 message
Bind RPC Pipe: host ad-domain-controller.domain.local auth_type 0, auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345678-1234-abcd-ef00-01234567cffb
if_version : 0x00000001 (1)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00140a37 (1313335)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] C2 2D .-
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe netlogon to machine ad-domain-controller.domain.local and bound anonymously.
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e855a70
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e855b80
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:<none> 3:<none>
netr_ServerReqChallenge: struct netr_ServerReqChallenge
in: struct netr_ServerReqChallenge
server_name : *
server_name : '\\ad-domain-controller.domain.local'
computer_name : *
computer_name : 'DOMAIN-MEMBER'
credentials : *
credentials: struct netr_Credential
data : e5ed5db18a288f9c
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000074 (116)
context_id : 0x0000 (0)
opnum : 0x0004 (4)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 20
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0024 (36)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x0000000c (12)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=12
[0000] 19 3B 5B EB 2A F9 48 3F 00 00 00 00 .;[.*.H? ....
Got pdu len 36, data_len 12
rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 12 bytes.
netr_ServerReqChallenge: struct netr_ServerReqChallenge
out: struct netr_ServerReqChallenge
return_credentials : *
return_credentials: struct netr_Credential
data : 193b5beb2af9483f
result : NT_STATUS_OK
netr_ServerAuthenticate3: struct netr_ServerAuthenticate3
in: struct netr_ServerAuthenticate3
server_name : *
server_name : '\\ad-domain-controller.domain.local'
account_name : *
account_name : 'DOMAIN-MEMBER$'
secure_channel_type : SEC_CHAN_WKSTA (2)
computer_name : *
computer_name : 'DOMAIN-MEMBER'
credentials : *
credentials: struct netr_Credential
data : cd5a19a5b07d0661
negotiate_flags : *
negotiate_flags : 0x610fffff (1628438527)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
1: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x000000a4 (164)
context_id : 0x0000 (0)
opnum : 0x001a (26)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 28
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x002c (44)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=20
[0000] 31 6C B5 6D 1E C0 23 B6 FF FF 0F 61 69 06 00 00 1l.m..#. ...ai...
[0010] 00 00 00 00 ....
Got pdu len 44, data_len 20
rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 20 bytes.
netr_ServerAuthenticate3: struct netr_ServerAuthenticate3
out: struct netr_ServerAuthenticate3
return_credentials : *
return_credentials: struct netr_Credential
data : 316cb56d1ec023b6
negotiate_flags : *
negotiate_flags : 0x610fffff (1628438527)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
1: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
rid : *
rid : 0x00000669 (1641)
result : NT_STATUS_OK
check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85dc20
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85dc20
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
rpccli_setup_netlogon_creds: using new netlogon_creds cli[DOMAIN-MEMBER$/DOMAIN-MEMBER] to ad-domain-controller.domain.local
signed SMB2 message
signed SMB2 message
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85a740
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
Starting GENSEC mechanism schannel
Bind RPC Pipe: host ad-domain-controller.domain.local auth_type 68, auth_level 6
create_generic_auth_rpc_bind_req: generate first token
&r: struct dcerpc_auth
auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
auth_pad_length : 0x00 (0)
auth_reserved : 0x00 (0)
auth_context_id : 0x00000001 (1)
credentials : DATA_BLOB length=26
[two lines redacted]
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x07 (7)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x006a (106)
auth_length : 0x001a (26)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345678-1234-abcd-ef00-01234567cffb
if_version : 0x00000001 (1)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=34
[three lines redacted]
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 72
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x07 (7)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0058 (88)
auth_length : 0x000c (12)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00140a38 (1313336)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 00 00 ..
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=20
[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........
[0010] 00 00 00 00 ....
rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 88 bytes.
check_bind_response: accepted!
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85d8f0
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e854160
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
in: struct netr_LogonGetCapabilities
server_name : *
server_name : '\\ad-domain-controller.domain.local'
computer_name : *
computer_name : 'DOMAIN-MEMBER'
credential : *
credential: struct netr_Authenticator
cred: struct netr_Credential
data : a1c18004b72a07ad
timestamp : Thu Aug 11 04:48:28 PM 2016 MDT
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : 0000000000000000
timestamp : (time_t)0
query_level : 0x00000001 (1)
t: struct dcerpc_sec_verification_trailer
_pad : DATA_BLOB length=0
magic : 0000000000000000
count: struct dcerpc_sec_vt_count
count : 0x0002 (2)
commands: ARRAY(2)
commands: struct dcerpc_sec_vt
command : 0x0001 (1)
0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
0: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union dcerpc_sec_vt_union(case 0x1)
bitmask1 : 0x00000001 (1)
1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
commands: struct dcerpc_sec_vt
command : 0x4002 (16386)
0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
1: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union dcerpc_sec_vt_union(case 0x2)
pcontext: struct dcerpc_sec_vt_pcontext
abstract_syntax: struct ndr_syntax_id
uuid : 12345678-1234-abcd-ef00-01234567cffb
if_version : 0x00000001 (1)
transfer_syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0038 (56)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x000000c4 (196)
context_id : 0x0000 (0)
opnum : 0x0015 (21)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
&r: struct dcerpc_auth
auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
auth_pad_length : 0x0c (12)
auth_reserved : 0x00 (0)
auth_context_id : 0x00000001 (1)
credentials : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 104
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0078 (120)
auth_length : 0x0038 (56)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=96
[0000] E3 C7 8E AA 89 29 C1 09 55 0C 58 4B D6 D4 14 B3 .....).. U.XK....
[0010] FF AA 91 EA C4 29 33 ED CD F5 47 91 61 96 29 5C .....)3. ..G.a.)\
[0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........
[0030] 80 52 FF 1E DB 8E 5B 39 6A 01 7C 4C D5 B1 11 30 .R....[9 j.|L...0
[0040] A6 4C 4E D6 10 0E A3 68 3E 0E 09 D0 10 F2 9B 92 .LN....h >.......
[0050] 60 7F 93 E5 90 2E 91 0B DD 41 53 3C 25 61 DE 55 `....... .AS<%a.U
Requested Privacy.
GENSEC auth
Got pdu len 120, data_len 24
rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 24 bytes.
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
out: struct netr_LogonGetCapabilities
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : a2d85dbd1f68bd57
timestamp : (time_t)0
capabilities : *
capabilities : union netr_Capabilities(case 1)
server_capabilities : 0x610fffff (1628438527)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
1: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
result : NT_STATUS_OK
check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85e120
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85e120
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
cli_rpc_pipe_open_schannel_with_key: opened pipe netlogon to machine ad-domain-controller.domain.local for domain DOMAIN and bound using schannel.
signed SMB2 message
Join to 'DOMAIN' is OK
return code = 0
Freeing parametrics:
root@domain-member:~# net rpc info -d10
internal_resolve_name: looking up DOMAIN#1b (sitename (null))
resolve_ads: Attempting to resolve PDC for DOMAIN using DNS
dns_send_req: Failed to resolve _ldap._tcp.pdc._msdcs.DOMAIN (Success)
no entry for DOMAIN#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1b>
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1b>
Unable to resolve PDC server address
Unable to find a suitable server for domain DOMAIN
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
Looking at the output from the failures, I notice that 'net rpc' is looking for SRV records at '_ldap._tcp.pdc._msdcs.DOMAIN' instead of '_ldap._tcp.pdc._msdcs.domain.local'. Needless to say, an SRV lookup for '_ldap._tcp.pdc._msdcs.DOMAIN' returns nothing, but an SRV lookup for '_ldap._tcp.pdc._msdcs.domain.local' returns my AD domain controller (which is why 'net ads testjoin' works). What would be causing 'net rpc' to be looking in the wrong place?
Thank you for any help you can give me!
Sincerely,
Russell Ault
root@domain-member:~# net ads join -Udomain-admin
Enter domain-admin's password:
Using short domain name -- DOMAIN
Joined 'DOMAIN-MEMBER' to dns domain 'domain.local'
root@domain-member:~# net ads testjoin
Join is OK
Join is OK
dc_unc : *
dc_unc : 'ad-domain-controller.domain.local'
dc_address : *
dc_address : '\\192.168.0.34'
dc_address_type : DS_ADDRESS_TYPE_INET (1)
domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470
domain_name : *
domain_name : 'domain.local'
forest_name : *
forest_name : 'domain.local'
dc_flags : 0xe000f3fd (3758158845)
1: DS_SERVER_PDC
1: DS_SERVER_GC
1: DS_SERVER_LDAP
1: DS_SERVER_DS
1: DS_SERVER_KDC
1: DS_SERVER_TIMESERV
1: DS_SERVER_CLOSEST
1: DS_SERVER_WRITABLE
1: DS_SERVER_GOOD_TIMESERV
0: DS_SERVER_NDNC
0: DS_SERVER_SELECT_SECRET_DOMAIN_6
1: DS_SERVER_FULL_SECRET_DOMAIN_6
1: DS_SERVER_WEBSERV
1: DS_DNS_CONTROLLER
1: DS_DNS_DOMAIN
1: DS_DNS_FOREST_ROOT
dc_site_name : *
dc_site_name : 'Default-First-Site-Name'
client_site_name : *
client_site_name : 'Default-First-Site-Name'
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
internal_resolve_name: looking up ad-domain-controller.domain.local#20 (sitename Default-First-Site-Name)
name ad-domain-controller.domain.local#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 192.168.0.34 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
signed SMB2 message
signed SMB2 message
cli_init_creds: user DOMAIN-MEMBER$ domain DOMAIN
signed SMB2 message
Bind RPC Pipe: host ad-domain-controller.domain.local auth_type 0, auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345678-1234-abcd-ef00-01234567cffb
if_version : 0x00000001 (1)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00140a37 (1313335)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] C2 2D .-
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe netlogon to machine ad-domain-controller.domain.local and bound anonymously.
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e855a70
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e855b80
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:<none> 3:<none>
netr_ServerReqChallenge: struct netr_ServerReqChallenge
in: struct netr_ServerReqChallenge
server_name : *
server_name : '\\ad-domain-controller.domain.local'
computer_name : *
computer_name : 'DOMAIN-MEMBER'
credentials : *
credentials: struct netr_Credential
data : e5ed5db18a288f9c
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000074 (116)
context_id : 0x0000 (0)
opnum : 0x0004 (4)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 20
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0024 (36)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x0000000c (12)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=12
[0000] 19 3B 5B EB 2A F9 48 3F 00 00 00 00 .;[.*.H? ....
Got pdu len 36, data_len 12
rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 12 bytes.
netr_ServerReqChallenge: struct netr_ServerReqChallenge
out: struct netr_ServerReqChallenge
return_credentials : *
return_credentials: struct netr_Credential
data : 193b5beb2af9483f
result : NT_STATUS_OK
netr_ServerAuthenticate3: struct netr_ServerAuthenticate3
in: struct netr_ServerAuthenticate3
server_name : *
server_name : '\\ad-domain-controller.domain.local'
account_name : *
account_name : 'DOMAIN-MEMBER$'
secure_channel_type : SEC_CHAN_WKSTA (2)
computer_name : *
computer_name : 'DOMAIN-MEMBER'
credentials : *
credentials: struct netr_Credential
data : cd5a19a5b07d0661
negotiate_flags : *
negotiate_flags : 0x610fffff (1628438527)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
1: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x000000a4 (164)
context_id : 0x0000 (0)
opnum : 0x001a (26)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 28
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x002c (44)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=20
[0000] 31 6C B5 6D 1E C0 23 B6 FF FF 0F 61 69 06 00 00 1l.m..#. ...ai...
[0010] 00 00 00 00 ....
Got pdu len 44, data_len 20
rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 20 bytes.
netr_ServerAuthenticate3: struct netr_ServerAuthenticate3
out: struct netr_ServerAuthenticate3
return_credentials : *
return_credentials: struct netr_Credential
data : 316cb56d1ec023b6
negotiate_flags : *
negotiate_flags : 0x610fffff (1628438527)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
1: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
rid : *
rid : 0x00000669 (1641)
result : NT_STATUS_OK
check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85dc20
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85dc20
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
rpccli_setup_netlogon_creds: using new netlogon_creds cli[DOMAIN-MEMBER$/DOMAIN-MEMBER] to ad-domain-controller.domain.local
signed SMB2 message
signed SMB2 message
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85a740
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
Starting GENSEC mechanism schannel
Bind RPC Pipe: host ad-domain-controller.domain.local auth_type 68, auth_level 6
create_generic_auth_rpc_bind_req: generate first token
&r: struct dcerpc_auth
auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
auth_pad_length : 0x00 (0)
auth_reserved : 0x00 (0)
auth_context_id : 0x00000001 (1)
credentials : DATA_BLOB length=26
[two lines redacted]
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x07 (7)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x006a (106)
auth_length : 0x001a (26)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345678-1234-abcd-ef00-01234567cffb
if_version : 0x00000001 (1)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=34
[three lines redacted]
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 72
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x07 (7)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0058 (88)
auth_length : 0x000c (12)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00140a38 (1313336)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 00 00 ..
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=20
[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........
[0010] 00 00 00 00 ....
rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 88 bytes.
check_bind_response: accepted!
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85d8f0
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e854160
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
in: struct netr_LogonGetCapabilities
server_name : *
server_name : '\\ad-domain-controller.domain.local'
computer_name : *
computer_name : 'DOMAIN-MEMBER'
credential : *
credential: struct netr_Authenticator
cred: struct netr_Credential
data : a1c18004b72a07ad
timestamp : Thu Aug 11 04:48:28 PM 2016 MDT
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : 0000000000000000
timestamp : (time_t)0
query_level : 0x00000001 (1)
t: struct dcerpc_sec_verification_trailer
_pad : DATA_BLOB length=0
magic : 0000000000000000
count: struct dcerpc_sec_vt_count
count : 0x0002 (2)
commands: ARRAY(2)
commands: struct dcerpc_sec_vt
command : 0x0001 (1)
0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
0: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union dcerpc_sec_vt_union(case 0x1)
bitmask1 : 0x00000001 (1)
1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
commands: struct dcerpc_sec_vt
command : 0x4002 (16386)
0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
1: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union dcerpc_sec_vt_union(case 0x2)
pcontext: struct dcerpc_sec_vt_pcontext
abstract_syntax: struct ndr_syntax_id
uuid : 12345678-1234-abcd-ef00-01234567cffb
if_version : 0x00000001 (1)
transfer_syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0038 (56)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x000000c4 (196)
context_id : 0x0000 (0)
opnum : 0x0015 (21)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
&r: struct dcerpc_auth
auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
auth_pad_length : 0x0c (12)
auth_reserved : 0x00 (0)
auth_context_id : 0x00000001 (1)
credentials : DATA_BLOB length=0
rpc_api_pipe: host ad-domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 104
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0078 (120)
auth_length : 0x0038 (56)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=96
[0000] E3 C7 8E AA 89 29 C1 09 55 0C 58 4B D6 D4 14 B3 .....).. U.XK....
[0010] FF AA 91 EA C4 29 33 ED CD F5 47 91 61 96 29 5C .....)3. ..G.a.)\
[0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........
[0030] 80 52 FF 1E DB 8E 5B 39 6A 01 7C 4C D5 B1 11 30 .R....[9 j.|L...0
[0040] A6 4C 4E D6 10 0E A3 68 3E 0E 09 D0 10 F2 9B 92 .LN....h >.......
[0050] 60 7F 93 E5 90 2E 91 0B DD 41 53 3C 25 61 DE 55 `....... .AS<%a.U
Requested Privacy.
GENSEC auth
Got pdu len 120, data_len 24
rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK
rpc_api_pipe: host ad-domain-controller.domain.local returned 24 bytes.
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
out: struct netr_LogonGetCapabilities
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : a2d85dbd1f68bd57
timestamp : (time_t)0
capabilities : *
capabilities : union netr_Capabilities(case 1)
server_capabilities : 0x610fffff (1628438527)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
1: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
result : NT_STATUS_OK
check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85e120
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb
lock order: 1:<none> 2:<none> 3:<none>
check lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:/var/run/samba/g_lock.tdb 3:<none>
Locking key 434C495B43412D45444D
Allocated locked data 0x0x7f025e85e120
Unlocking key 434C495B43412D45444D
release lock order 2 for /var/run/samba/g_lock.tdb
lock order: 1:<none> 2:<none> 3:<none>
cli_rpc_pipe_open_schannel_with_key: opened pipe netlogon to machine ad-domain-controller.domain.local for domain DOMAIN and bound using schannel.
signed SMB2 message
Join to 'DOMAIN' is OK
return code = 0
Freeing parametrics:
root@domain-member:~# net rpc info -d10
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
no entry for DOMAIN#1B found.
Opening cache file at /var/run/samba/gencache_notrans.tdb
resolve_ads: Attempting to resolve PDC for DOMAIN using DNS
dns_send_req: Failed to resolve _ldap._tcp.pdc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1b (sitename (null))
no entry for DOMAIN#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1b>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1b>
Unable to resolve PDC server address
Unable to find a suitable server for domain DOMAIN
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
return code = -1
Freeing parametrics:
root@domain-member:~#
Freeing parametrics:
root@domain-member:~#
0 new messages