Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
165 views
Skip to first unread message
Russell Ault
Jul 10, 2016, 2:50:04 AM7/10/16
to
Hi all!
I'm trying to join Debian Jessie to an existing AD domain as a member server (AD DC is Server 2012R2) to run it as a file server. I installed acl, samba, winbind, libnss-winbind, and krb5-user using APT, and configured /etc/samba/smb.conf according to the Samba wiki article.
The error the join command is producing is " Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." which isn't an error message that appeared in any of my searching, so I'm pretty stumped. I've attached my smb.conf and -d10 command output. Any thoughts?
Thanks!
Sincerely,
Russell Ault
Here is my (sanitized) smb.conf:
[global]
netbios name = HOSTNAME
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[storage]
path = /path
read only = no
admin users = "@DOMAIN\Domain Admins"
Here's the (sanitized) output of trying to join the domain:
root@hostname:~# net ads join -U administrator -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
Processing section "[global]"
doing parameter netbios name = HOSTNAME
doing parameter security = ADS
doing parameter workgroup = DOMAIN
doing parameter realm = DOMAIN.LOCAL
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config DOMAIN:backend = ad
doing parameter idmap config DOMAIN:schema_mode = rfc2307
doing parameter idmap config DOMAIN:range = 10000-99999
doing parameter winbind nss info = template
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter vfs objects = acl_xattr
doing parameter map acl inherit = yes
doing parameter store dos attributes = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="HOSTNAME"
added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Enter administrator's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'HOSTNAME'
domain_name : *
domain_name : 'DOMAIN.LOCAL'
account_ou : NULL
admin_account : 'administrator'
admin_domain : NULL
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40001011
debug_dsdcinfo_flags: 0x40001011
DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
dsgetdcname_rediscover
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 389]
LDAP ping to domain-controller.domain.local (192.168.0.34)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000f3fd (62461)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
forest : 'domain.local'
dns_domain : 'domain.local'
pdc_dns_name : 'domain-controller.domain.local'
domain_name : 'DOMAIN'
pdc_name : 'DOMAIN-CONTROLLER'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it
sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name], expire = [2085923199]
Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it
Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got it
sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2085923199]
Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got it
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
internal_resolve_name: looking up domain-controller.domain.local#20 (sitename Default-First-Site-Name)
Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the past)
no entry for domain-controller.domain.local#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name domain-controller.domain.local<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for domain-controller.domain.local#20: 192.168.0.34
Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 192.168.0.34:0
Connecting to 192.168.0.34 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
signed SMB2 message
signed SMB2 message
cli_init_creds: user administrator domain
signed SMB2 message
Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345778-1234-abcd-ef00-0123456789ab
if_version : 0x00000000 (0)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x0012e7d2 (1238994)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 00 00 ..
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-controller.domain.local and bound anonymously.
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x0000002c (44)
context_id : 0x0000 (0)
opnum : 0x0006 (6)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u. 3..@...]
[0010] 01 EA 3F 01 00 00 00 00 ..?.....
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
result : NT_STATUS_OK
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
level : LSA_POLICY_INFO_DNS (12)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000016 (22)
context_id : 0x0000 (0)
opnum : 0x002e (46)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 176
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x00c0 (192)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x000000a8 (168)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=168
<redacted>
Got pdu len 192, data_len 168
rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 168 bytes.
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0006 (6)
size : 0x0008 (8)
string : *
string : 'DOMAIN'
dns_domain: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'domain.local'
dns_forest: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'domain.local'
domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470
sid : *
sid : S-1-5-21-<redacted>-<redacted>-<redacted>
result : NT_STATUS_OK
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0000 (0)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
signed SMB2 message
create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain = DOMAIN
saf_fetch: failed to find server for "domain.local" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up domain.local#1c (sitename (null))
no entry for domain.local#1C found.
resolve_ads: Attempting to resolve KDCs for domain.local using DNS
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88]
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 1 addresses: 192.168.0.34:88
Adding 1 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain domain.local server 192.168.0.34
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 192.168.0.34:88
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000f3fd (62461)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
forest : 'domain.local'
dns_domain : 'domain.local'
pdc_dns_name : 'domain-controller.domain.local'
domain_name : 'DOMAIN'
pdc_name : 'DOMAIN-CONTROLLER'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
get_kdc_ip_string: Returning kdc = 192.168.0.34
create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list = kdc = 192.168.0.34
signed SMB2 message
Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345778-1234-abcd-ef00-0123456789ac
if_version : 0x00000001 (1)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x0012e7d3 (1238995)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 02 00 ..
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-controller.domain.local and bound anonymously.
samr_Connect2: struct samr_Connect2
in: struct samr_Connect2
system_name : *
system_name : 'domain-controller.domain.local'
access_mask : 0x00000030 (48)
0: SAMR_ACCESS_CONNECT_TO_SERVER
0: SAMR_ACCESS_SHUTDOWN_SERVER
0: SAMR_ACCESS_INITIALIZE_SERVER
0: SAMR_ACCESS_CREATE_DOMAIN
1: SAMR_ACCESS_ENUM_DOMAINS
1: SAMR_ACCESS_LOOKUP_DOMAIN
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000006 (6)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000044 (68)
context_id : 0x0000 (0)
opnum : 0x0039 (57)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000006 (6)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y ...C.15.
[0010] 6F DB 2D 8C 00 00 00 00 o.-.....
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_Connect2: struct samr_Connect2
out: struct samr_Connect2
connect_handle : *
connect_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
result : NT_STATUS_OK
samr_OpenDomain: struct samr_OpenDomain
in: struct samr_OpenDomain
connect_handle : *
connect_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
access_mask : 0x00000211 (529)
1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
0: SAMR_DOMAIN_ACCESS_SET_INFO_1
0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
0: SAMR_DOMAIN_ACCESS_SET_INFO_2
1: SAMR_DOMAIN_ACCESS_CREATE_USER
0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
0: SAMR_DOMAIN_ACCESS_SET_INFO_3
sid : *
sid : S-1-5-21-<redacted>-<redacted>-<redacted>
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000007 (7)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000034 (52)
context_id : 0x0000 (0)
opnum : 0x0007 (7)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000007 (7)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........ P..K.b~X
[0010] ED BE BA 7D 00 00 00 00 ...}....
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_OpenDomain: struct samr_OpenDomain
out: struct samr_OpenDomain
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
result : NT_STATUS_OK
Creating account with desired access mask: -536543056
samr_CreateUser2: struct samr_CreateUser2
in: struct samr_CreateUser2
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
account_name : *
account_name: struct lsa_String
length : 0x001c (28)
size : 0x001c (28)
string : *
string : 'hostname$'
acct_flags : 0x00000080 (128)
0: ACB_DISABLED
0: ACB_HOMDIRREQ
0: ACB_PWNOTREQ
0: ACB_TEMPDUP
0: ACB_NORMAL
0: ACB_MNS
0: ACB_DOMTRUST
1: ACB_WSTRUST
0: ACB_SVRTRUST
0: ACB_PWNOEXP
0: ACB_AUTOLOCK
0: ACB_ENC_TXT_PWD_ALLOWED
0: ACB_SMARTCARD_REQUIRED
0: ACB_TRUSTED_FOR_DELEGATION
0: ACB_NOT_DELEGATED
0: ACB_USE_DES_KEY_ONLY
0: ACB_DONT_REQUIRE_PREAUTH
0: ACB_PW_EXPIRED
0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
0: ACB_NO_AUTH_DATA_REQD
0: ACB_PARTIAL_SECRETS_ACCOUNT
0: ACB_USE_AES_KEYS
access_mask : 0xe00500b0 (3758424240)
0: SAMR_USER_ACCESS_GET_NAME_ETC
0: SAMR_USER_ACCESS_GET_LOCALE
0: SAMR_USER_ACCESS_SET_LOC_COM
0: SAMR_USER_ACCESS_GET_LOGONINFO
1: SAMR_USER_ACCESS_GET_ATTRIBUTES
1: SAMR_USER_ACCESS_SET_ATTRIBUTES
0: SAMR_USER_ACCESS_CHANGE_PASSWORD
1: SAMR_USER_ACCESS_SET_PASSWORD
0: SAMR_USER_ACCESS_GET_GROUPS
0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000008 (8)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x0000004c (76)
context_id : 0x0000 (0)
opnum : 0x0032 (50)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 40
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0038 (56)
auth_length : 0x0000 (0)
call_id : 0x00000008 (8)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000020 (32)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=32
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........ d...4...
Got pdu len 56, data_len 32
rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 32 bytes.
samr_CreateUser2: struct samr_CreateUser2
out: struct samr_CreateUser2
user_handle : *
user_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
access_granted : *
access_granted : 0x00000000 (0)
rid : *
rid : 0x00000664 (1636)
result : NT_STATUS_OBJECT_NAME_NOT_FOUND
Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000009 (9)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0001 (1)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000009 (9)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x0000000a (10)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0001 (1)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x0000000a (10)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
signed SMB2 message
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'DOMAIN'
dns_domain_name : 'domain.local'
forest_name : 'domain.local'
dn : NULL
domain_sid : *
domain_sid : S-1-5-21-<redacted>-<redacted>-<redacted>
modified_config : 0x00 (0)
error_string : 'failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.'
domain_is_ad : 0x01 (1)
result : WERR_BADFILE
Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.
return code = -1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I'm trying to join Debian Jessie to an existing AD domain as a member server (AD DC is Server 2012R2) to run it as a file server. I installed acl, samba, winbind, libnss-winbind, and krb5-user using APT, and configured /etc/samba/smb.conf according to the Samba wiki article.
The error the join command is producing is " Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." which isn't an error message that appeared in any of my searching, so I'm pretty stumped. I've attached my smb.conf and -d10 command output. Any thoughts?
Thanks!
Sincerely,
Russell Ault
Here is my (sanitized) smb.conf:
[global]
netbios name = HOSTNAME
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[storage]
path = /path
read only = no
admin users = "@DOMAIN\Domain Admins"
Here's the (sanitized) output of trying to join the domain:
root@hostname:~# net ads join -U administrator -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
Processing section "[global]"
doing parameter netbios name = HOSTNAME
doing parameter security = ADS
doing parameter workgroup = DOMAIN
doing parameter realm = DOMAIN.LOCAL
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config DOMAIN:backend = ad
doing parameter idmap config DOMAIN:schema_mode = rfc2307
doing parameter idmap config DOMAIN:range = 10000-99999
doing parameter winbind nss info = template
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter vfs objects = acl_xattr
doing parameter map acl inherit = yes
doing parameter store dos attributes = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="HOSTNAME"
added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Enter administrator's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'HOSTNAME'
domain_name : *
domain_name : 'DOMAIN.LOCAL'
account_ou : NULL
admin_account : 'administrator'
admin_domain : NULL
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40001011
debug_dsdcinfo_flags: 0x40001011
DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
dsgetdcname_rediscover
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 389]
LDAP ping to domain-controller.domain.local (192.168.0.34)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000f3fd (62461)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
forest : 'domain.local'
dns_domain : 'domain.local'
pdc_dns_name : 'domain-controller.domain.local'
domain_name : 'DOMAIN'
pdc_name : 'DOMAIN-CONTROLLER'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it
sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name], expire = [2085923199]
Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it
Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got it
sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2085923199]
Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got it
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
internal_resolve_name: looking up domain-controller.domain.local#20 (sitename Default-First-Site-Name)
Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the past)
no entry for domain-controller.domain.local#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name domain-controller.domain.local<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for domain-controller.domain.local#20: 192.168.0.34
Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 192.168.0.34:0
Connecting to 192.168.0.34 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
signed SMB2 message
signed SMB2 message
cli_init_creds: user administrator domain
signed SMB2 message
Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345778-1234-abcd-ef00-0123456789ab
if_version : 0x00000000 (0)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x0012e7d2 (1238994)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 00 00 ..
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-controller.domain.local and bound anonymously.
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x0000002c (44)
context_id : 0x0000 (0)
opnum : 0x0006 (6)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u. 3..@...]
[0010] 01 EA 3F 01 00 00 00 00 ..?.....
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
result : NT_STATUS_OK
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
level : LSA_POLICY_INFO_DNS (12)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000016 (22)
context_id : 0x0000 (0)
opnum : 0x002e (46)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 176
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x00c0 (192)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x000000a8 (168)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=168
<redacted>
Got pdu len 192, data_len 168
rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 168 bytes.
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0006 (6)
size : 0x0008 (8)
string : *
string : 'DOMAIN'
dns_domain: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'domain.local'
dns_forest: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'domain.local'
domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470
sid : *
sid : S-1-5-21-<redacted>-<redacted>-<redacted>
result : NT_STATUS_OK
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0000 (0)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
signed SMB2 message
create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain = DOMAIN
saf_fetch: failed to find server for "domain.local" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up domain.local#1c (sitename (null))
no entry for domain.local#1C found.
resolve_ads: Attempting to resolve KDCs for domain.local using DNS
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88]
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 1 addresses: 192.168.0.34:88
Adding 1 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain domain.local server 192.168.0.34
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 192.168.0.34:88
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000f3fd (62461)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470
forest : 'domain.local'
dns_domain : 'domain.local'
pdc_dns_name : 'domain-controller.domain.local'
domain_name : 'DOMAIN'
pdc_name : 'DOMAIN-CONTROLLER'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
get_kdc_ip_string: Returning kdc = 192.168.0.34
create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list = kdc = 192.168.0.34
signed SMB2 message
Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid : 12345778-1234-abcd-ef00-0123456789ac
if_version : 0x00000001 (1)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000005 (5)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x0012e7d3 (1238995)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 02 00 ..
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
reason : union dcerpc_bind_ack_reason(case 0)
value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
syntax: struct ndr_syntax_id
uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-controller.domain.local and bound anonymously.
samr_Connect2: struct samr_Connect2
in: struct samr_Connect2
system_name : *
system_name : 'domain-controller.domain.local'
access_mask : 0x00000030 (48)
0: SAMR_ACCESS_CONNECT_TO_SERVER
0: SAMR_ACCESS_SHUTDOWN_SERVER
0: SAMR_ACCESS_INITIALIZE_SERVER
0: SAMR_ACCESS_CREATE_DOMAIN
1: SAMR_ACCESS_ENUM_DOMAINS
1: SAMR_ACCESS_LOOKUP_DOMAIN
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000006 (6)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000044 (68)
context_id : 0x0000 (0)
opnum : 0x0039 (57)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000006 (6)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y ...C.15.
[0010] 6F DB 2D 8C 00 00 00 00 o.-.....
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_Connect2: struct samr_Connect2
out: struct samr_Connect2
connect_handle : *
connect_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
result : NT_STATUS_OK
samr_OpenDomain: struct samr_OpenDomain
in: struct samr_OpenDomain
connect_handle : *
connect_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
access_mask : 0x00000211 (529)
1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
0: SAMR_DOMAIN_ACCESS_SET_INFO_1
0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
0: SAMR_DOMAIN_ACCESS_SET_INFO_2
1: SAMR_DOMAIN_ACCESS_CREATE_USER
0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
0: SAMR_DOMAIN_ACCESS_SET_INFO_3
sid : *
sid : S-1-5-21-<redacted>-<redacted>-<redacted>
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000007 (7)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000034 (52)
context_id : 0x0000 (0)
opnum : 0x0007 (7)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000007 (7)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........ P..K.b~X
[0010] ED BE BA 7D 00 00 00 00 ...}....
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_OpenDomain: struct samr_OpenDomain
out: struct samr_OpenDomain
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
result : NT_STATUS_OK
Creating account with desired access mask: -536543056
samr_CreateUser2: struct samr_CreateUser2
in: struct samr_CreateUser2
domain_handle : *
domain_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
account_name : *
account_name: struct lsa_String
length : 0x001c (28)
size : 0x001c (28)
string : *
string : 'hostname$'
acct_flags : 0x00000080 (128)
0: ACB_DISABLED
0: ACB_HOMDIRREQ
0: ACB_PWNOTREQ
0: ACB_TEMPDUP
0: ACB_NORMAL
0: ACB_MNS
0: ACB_DOMTRUST
1: ACB_WSTRUST
0: ACB_SVRTRUST
0: ACB_PWNOEXP
0: ACB_AUTOLOCK
0: ACB_ENC_TXT_PWD_ALLOWED
0: ACB_SMARTCARD_REQUIRED
0: ACB_TRUSTED_FOR_DELEGATION
0: ACB_NOT_DELEGATED
0: ACB_USE_DES_KEY_ONLY
0: ACB_DONT_REQUIRE_PREAUTH
0: ACB_PW_EXPIRED
0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
0: ACB_NO_AUTH_DATA_REQD
0: ACB_PARTIAL_SECRETS_ACCOUNT
0: ACB_USE_AES_KEYS
access_mask : 0xe00500b0 (3758424240)
0: SAMR_USER_ACCESS_GET_NAME_ETC
0: SAMR_USER_ACCESS_GET_LOCALE
0: SAMR_USER_ACCESS_SET_LOC_COM
0: SAMR_USER_ACCESS_GET_LOGONINFO
1: SAMR_USER_ACCESS_GET_ATTRIBUTES
1: SAMR_USER_ACCESS_SET_ATTRIBUTES
0: SAMR_USER_ACCESS_CHANGE_PASSWORD
1: SAMR_USER_ACCESS_SET_PASSWORD
0: SAMR_USER_ACCESS_GET_GROUPS
0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000008 (8)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x0000004c (76)
context_id : 0x0000 (0)
opnum : 0x0032 (50)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 40
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0038 (56)
auth_length : 0x0000 (0)
call_id : 0x00000008 (8)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000020 (32)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=32
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........ d...4...
Got pdu len 56, data_len 32
rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 32 bytes.
samr_CreateUser2: struct samr_CreateUser2
out: struct samr_CreateUser2
user_handle : *
user_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
access_granted : *
access_granted : 0x00000000 (0)
rid : *
rid : 0x00000664 (1636)
result : NT_STATUS_OBJECT_NAME_NOT_FOUND
Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000009 (9)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0001 (1)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000009 (9)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
samr_Close: struct samr_Close
in: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : <redacted>
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x0000000a (10)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0001 (1)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host domain-controller.domain.local
signed SMB2 message
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
1: DCERPC_PFC_FLAG_FIRST
1: DCERPC_PFC_FLAG_LAST
0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
0: DCERPC_PFC_FLAG_CONC_MPX
0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
0: DCERPC_PFC_FLAG_MAYBE
0: DCERPC_PFC_FLAG_OBJECT_UUID
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x0000000a (10)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
signed SMB2 message
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'DOMAIN'
dns_domain_name : 'domain.local'
forest_name : 'domain.local'
dn : NULL
domain_sid : *
domain_sid : S-1-5-21-<redacted>-<redacted>-<redacted>
modified_config : 0x00 (0)
error_string : 'failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.'
domain_is_ad : 0x01 (1)
result : WERR_BADFILE
Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.
return code = -1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Russell Ault
Jul 18, 2016, 1:20:05 AM7/18/16
to
Hi all!
To clarify, it must have been removed from the copy-pasta, but “net ads join -U” did produce a password prompt as expected.
The dig command produced the following:
root@host:~$ dig -t SRV _ldap._tcp.domain.local
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;_ldap._tcp.domain.local. IN SRV
;; ANSWER SECTION:
_ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-controller.domain.local.
;; ADDITIONAL SECTION:
domain-controller.domain.local. 3600 IN A 192.168.0.34
;; Query time: 0 msec
;; SERVER: 192.168.0.34#53(192.168.0.34)
;; WHEN: Sun Jul 17 23:23:47 MDT 2016
;; MSG SIZE rcvd: 107
And "kinit administrator" gave me a valid ticket according to klist.
When I ran "net ads join -k" I got the same error: "Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." The -d10 output looks pretty much like the one I posted in my first e-mail message.
Any thoughts? Is there something in my domain that could be misconfigured? What does "The object name is not found." even mean?
Thanks!
Sincerely,
Russell Ault
From: mathias dufresne [mailto:infra...@gmail.com]
Sent: July 11, 2016 06:53
To: Russell Ault
Cc: sa...@lists.samba.org
Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The object name is not found."
I found strange to not see password prompt right after your "net ads join" command. As you did used -U a password should have been asked, at least that's what I believe.
Before joining AD your Linux must be well configured. DNS and Kerberos are the first points.
DNS:
dig -t SRV _ldap._tcp.<your>.<domain>.<tld>
must work.
Kerberos:
kinit administartor
must also work.
Then once these commands worked you should have a valid kerberos ticket (generated during kinit). You can verify Kerbreos ticket status with "klist", if you have one valid you can retry net ads join using kerberos auth:
net ads join -k
To clarify, it must have been removed from the copy-pasta, but “net ads join -U” did produce a password prompt as expected.
The dig command produced the following:
root@host:~$ dig -t SRV _ldap._tcp.domain.local
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;_ldap._tcp.domain.local. IN SRV
;; ANSWER SECTION:
_ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-controller.domain.local.
;; ADDITIONAL SECTION:
domain-controller.domain.local. 3600 IN A 192.168.0.34
;; Query time: 0 msec
;; SERVER: 192.168.0.34#53(192.168.0.34)
;; WHEN: Sun Jul 17 23:23:47 MDT 2016
;; MSG SIZE rcvd: 107
And "kinit administrator" gave me a valid ticket according to klist.
When I ran "net ads join -k" I got the same error: "Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." The -d10 output looks pretty much like the one I posted in my first e-mail message.
Any thoughts? Is there something in my domain that could be misconfigured? What does "The object name is not found." even mean?
Thanks!
Sincerely,
Russell Ault
From: mathias dufresne [mailto:infra...@gmail.com]
Sent: July 11, 2016 06:53
To: Russell Ault
Cc: sa...@lists.samba.org
Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The object name is not found."
I found strange to not see password prompt right after your "net ads join" command. As you did used -U a password should have been asked, at least that's what I believe.
Before joining AD your Linux must be well configured. DNS and Kerberos are the first points.
DNS:
dig -t SRV _ldap._tcp.<your>.<domain>.<tld>
must work.
Kerberos:
kinit administartor
must also work.
Then once these commands worked you should have a valid kerberos ticket (generated during kinit). You can verify Kerbreos ticket status with "klist", if you have one valid you can retry net ads join using kerberos auth:
net ads join -k
Rowland penny
Jul 18, 2016, 4:10:04 AM7/18/16
to
Does your /etc/resolv.conf point at the DC ?
Rowland
L.P.H. van Belle
Jul 18, 2016, 4:30:05 AM7/18/16
to
I'll bet static ip, with correct resolv.conf hosts and nsswitch.conf and krb5.conf.
This must be the clue...
Russelt, can you try again with debug 10 and post both logs.
net ads join -UAdministrator
and
net ads join -UAdministratos -S YOUR_ADDC.domain.tld.
Or if i may say mail them to Rowland.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Rowland penny
> Verzonden: maandag 18 juli 2016 9:57
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] Debian Jessie joining AD as member fails with "The
This must be the clue...
> Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
So the join reaches the AD but here something happens.
Russelt, can you try again with debug 10 and post both logs.
net ads join -UAdministrator
and
net ads join -UAdministratos -S YOUR_ADDC.domain.tld.
Or if i may say mail them to Rowland.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Rowland penny
> Verzonden: maandag 18 juli 2016 9:57
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] Debian Jessie joining AD as member fails with "The
> object name is not found."
>
>
Russell Ault
Jul 19, 2016, 1:10:04 AM7/19/16
to
Hi all!
I had originally been using a DHCP-assigned address. I have now switched to a static IP, but that didn't solve the problem (same error message).
I'm attaching my resolv.conf, nsswitch.conf and krb5.conf files. I have not manually altered either of them, although krb5.conf appears to have been updated by some tool somewhere along the way because my domain is listed as the default_realm. The output of "net ads join -UAdministrator -d10" was attached to my first e-mail (and at over 1000 lines long I don't want to litter people's inboxes with a second copy, to say nothing of the time it takes to sanitize that much output) and the output of the "-S domain-controller.domain.local" version of the command produces an apparently identical output, so I haven't included it either.
root@host:~# cat /etc/resolv.conf
domain my-domain.local
search my-domain.local
nameserver 192.168.0.34
root@host:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
root@host:~# cat /etc/krb5.conf
[libdefaults]
default_realm = MY-DOMAIN.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = kerberos.andrew.cmu.edu
kdc = kerberos2.andrew.cmu.edu
kdc = kerberos3.andrew.cmu.edu
admin_server = kerberos.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementix.org
kdc = kerberos2.dementix.org
admin_server = kerberos.dementix.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
master_kdc = krb5auth1.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
UTORONTO.CA = {
kdc = kerberos1.utoronto.ca
kdc = kerberos2.utoronto.ca
kdc = kerberos3.utoronto.ca
admin_server = kerberos1.utoronto.ca
default_domain = utoronto.ca
}
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
.toronto.edu = UTORONTO.CA
.utoronto.ca = UTORONTO.CA
[login]
krb4_convert = true
krb4_get_tickets = false
I agree that the join is reaching AD before failing, which is why I'm beginning to suspect that there's a configuration issue with the domain itself that is preventing the Samba join, but if there is such a problem, it hasn't caused any issues when joining Windows clients. Are there certain specific configuration requirements of a Windows Server-based AD that are required to join a Samba client? I've already given all my users (including the administrator user I'm using to try the net ads join command with) RFC2307 UID and GID numbers. Is there anything else I have to do?
Thanks!
Sincerely,
Russell Ault
I had originally been using a DHCP-assigned address. I have now switched to a static IP, but that didn't solve the problem (same error message).
I'm attaching my resolv.conf, nsswitch.conf and krb5.conf files. I have not manually altered either of them, although krb5.conf appears to have been updated by some tool somewhere along the way because my domain is listed as the default_realm. The output of "net ads join -UAdministrator -d10" was attached to my first e-mail (and at over 1000 lines long I don't want to litter people's inboxes with a second copy, to say nothing of the time it takes to sanitize that much output) and the output of the "-S domain-controller.domain.local" version of the command produces an apparently identical output, so I haven't included it either.
root@host:~# cat /etc/resolv.conf
domain my-domain.local
search my-domain.local
nameserver 192.168.0.34
root@host:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
root@host:~# cat /etc/krb5.conf
[libdefaults]
default_realm = MY-DOMAIN.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = kerberos.andrew.cmu.edu
kdc = kerberos2.andrew.cmu.edu
kdc = kerberos3.andrew.cmu.edu
admin_server = kerberos.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementix.org
kdc = kerberos2.dementix.org
admin_server = kerberos.dementix.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
master_kdc = krb5auth1.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
UTORONTO.CA = {
kdc = kerberos1.utoronto.ca
kdc = kerberos2.utoronto.ca
kdc = kerberos3.utoronto.ca
admin_server = kerberos1.utoronto.ca
default_domain = utoronto.ca
}
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
.toronto.edu = UTORONTO.CA
.utoronto.ca = UTORONTO.CA
[login]
krb4_convert = true
krb4_get_tickets = false
I agree that the join is reaching AD before failing, which is why I'm beginning to suspect that there's a configuration issue with the domain itself that is preventing the Samba join, but if there is such a problem, it hasn't caused any issues when joining Windows clients. Are there certain specific configuration requirements of a Windows Server-based AD that are required to join a Samba client? I've already given all my users (including the administrator user I'm using to try the net ads join command with) RFC2307 UID and GID numbers. Is there anything else I have to do?
Thanks!
Sincerely,
Russell Ault
Russell Ault
Jul 19, 2016, 4:40:04 PM7/19/16
to
Hi all!
I just wanted to report that I have successfully joined the computer to the domain. I want to provide an explanation of what happened in case some future person runs into the same problem.
I noticed in the libnet_join output section of the net ads join log (which is to say, the last few lines) had the "dn" section listed as "NULL". Since "dn" should be the LDAP container for the new computer, a NULL here would reasonably be expected to cause a "the object name is not found" error.
I then remembered that I had configured the domain to redirect newly-joined computers into a specific LDAP OU using the redircmp command (see https://support.microsoft.com/en-us/kb/324949/ for more information). As a trouble-shooting step I undid using the same command. I then ran the net ads join command again it succeeded immediately.
TL;DR: Redirecting CN=Computers to a specified OU caused Samba to produce a NULL dn which caused the join to fail. Given that this is a fully supported option in a Windows Domain environment (and has never prevented a Windows client from joining the domain), this is probably a bug, and I will look into filling a report for it.
Thank you all for your help!
I just wanted to report that I have successfully joined the computer to the domain. I want to provide an explanation of what happened in case some future person runs into the same problem.
I noticed in the libnet_join output section of the net ads join log (which is to say, the last few lines) had the "dn" section listed as "NULL". Since "dn" should be the LDAP container for the new computer, a NULL here would reasonably be expected to cause a "the object name is not found" error.
I then remembered that I had configured the domain to redirect newly-joined computers into a specific LDAP OU using the redircmp command (see https://support.microsoft.com/en-us/kb/324949/ for more information). As a trouble-shooting step I undid using the same command. I then ran the net ads join command again it succeeded immediately.
TL;DR: Redirecting CN=Computers to a specified OU caused Samba to produce a NULL dn which caused the join to fail. Given that this is a fully supported option in a Windows Domain environment (and has never prevented a Windows client from joining the domain), this is probably a bug, and I will look into filling a report for it.
Thank you all for your help!
0 new messages