[Pkg-samba-maint] Bug#454670: winbind: "wbinfo -r" fails / Same behavior in 3.0.28-1

aragon at jpberlin.de aragon at jpberlin.de
Thu Dec 13 15:21:43 UTC 2007


found 454670 3.0.28-1
found 454670 3.0.14a-3sarge11


Hello,

i have backported samba 3.0.28-1 from Sid to Etch with "apt-src install
samba" and "dpkg-buildpackage -rfakeroot". Then I did the same tests on
the same Host with the same configuration then last time.

This version fails at the same point.

The only difference is that we have deleted an recreated group
"inetuser" and user "usera" on the ADS in the meantime, so they get
different SIDs, UID, GID.

Here is the overview of the Test. The entries from winbindd.log level
10 that corresponds to the commands is attached.


First Example:
--------------
"wbinfo -r" fails to recognise the removal of user "karen" from group
"inetuser"

1) # wbinfo -r karen
3018
3019
3001
3049

2) # getent group inetuser
inetuser:x:3049:karen,ab

3) Removal of "karen" from group "inetuser" at one of our two ADS

4) # wbinfo -r karen
3018
3019
3001
3049

5) # getent group inetuser
inetuser:x:3049:ab


Second Example:
---------------
"wbinfo -r" fails to recognise the addition of user "guru" to group
"inetuser"

1) # wbinfo -r guru
3050
3018
3011
3019
3009
3026
3025
3021
3024

2) # getent group inetuser
inetuser:x:3049:karen,ab

3) Add "guru" to group "inetuser" on ADS

4) # wbinfo -r guru
3050
3018
3011
3019
3009
3026
3025
3021
3024

5) # getent group inetuser
inetuser:x:3049:karen,ab,guru


Third Example:
---------------
"wbinfo -r" successfully recognises the addition of user "usera" to group
"inetuser"

1) # wbinfo -r usera
3001

2) # getent group inetuser
inetuser:x:3049:karen,ab

3) Add "usera" to group "inetuser" on ADS

4) # wbinfo -r usera
3001
3049

5) # getent group inetuser
inetuser:x:3049:usera,karen,ab


=====================================================================

Please note another observation regarding this. On another ADS in
another Domain with 159 user running "Microsoft Windows Server 2003 -
Standard Edition - SP 1" I added all user to the new created group
"testgruppe" 

On an Debian Sarge fileserver running Samba 3.0.14a-3sarge11 i wrote a
small script that calls "wbinfo -r" for each user and counts how many
user are not recognised as member of "testgruppe"

At the first test, maybe 5 minutes after putting the last user into
"testgruppe", "getent group testgruppe" recognises all user as
members of this group. "wbinfo -r USERNAME" fails for 61 user.

Some minutes later "wbinfo -r USERNAME" only fails for 60 user.

And 6 days later "wbinfo -r USERNAME" fails for only 41 user.
"getent group testgruppe" seems not to change its behaviour during
this.


Regards,
Martin
-------------- next part --------------

First Example:
--------------
"wbinfo -r" fails to recognise the removal of user "karen" from group
"inetuser"

1) # wbinfo -r karen
3018
3019
3001
3049

[2007/12/12 18:59:09, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8391fd0
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/12 18:59:09, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/12 18:59:09, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 3204]: request interface version
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999905
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999866
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999840
[2007/12/12 18:59:09, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/12 18:59:09, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 3204]: request location of privileged pipe
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999762
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999729
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999669
[2007/12/12 18:59:09, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999618
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999590
[2007/12/12 18:59:09, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGROUPS
[2007/12/12 18:59:09, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
  [ 3204]: getgroups karen
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/997091
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8391fd0 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=64
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8391fd0
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8391fd0 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8391fd0
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8391fd0 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=225
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390b70
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390b70 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 18:59:09, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/12 18:59:09, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1379)
  Expanding our own local groups
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 83921e8
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 83921e8 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3172
[2007/12/12 18:59:09, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/12 18:59:09, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1389)
  Expanding our own BUILTIN groups
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390c70
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390c70 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3173
[2007/12/12 18:59:09, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/12 18:59:09, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1158 to a gid
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390cd0
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390cd0 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174
[2007/12/12 18:59:09, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1159 to a gid
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390d30
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390d30 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174
[2007/12/12 18:59:09, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-513 to a gid
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 836ea08
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 836ea08 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174
[2007/12/12 18:59:09, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1239 to a gid
[2007/12/12 18:59:09, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 836ea68
[2007/12/12 18:59:09, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 18:59:09, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 836ea68 "async_request_timeout"
[2007/12/12 18:59:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174



2) # getent group inetuser
inetuser:x:3049:karen,ab

[2007/12/12 19:01:14, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2007/12/12 19:01:14, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/12 19:01:14, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 3227]: request interface version
[2007/12/12 19:01:14, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/12 19:01:14, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 3227]: request location of privileged pipe
[2007/12/12 19:01:14, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2007/12/12 19:01:14, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGRNAM
[2007/12/12 19:01:14, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(475)
  [ 3227]: getgrnam inetuser
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:name_to_sid(1388)
  name_to_sid: [Cached] - doing backend query for name for domain DOMAIN
[2007/12/12 19:01:14, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(256)
  rpc: name_to_sid name=DOMAIN\inetuser
[2007/12/12 19:01:14, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(266)
  name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN
[2007/12/12 19:01:14, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1574)
  init_q_lookup_names
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_lookup_names 
[2007/12/12 19:01:14, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/12 19:01:14, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : c7da735a
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : 20d8
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 43f9
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : bf 76 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 0e 12 0a 83 42 a8 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0014 num_entries    : 00000001
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0018 num_entries2   : 00000001
[2007/12/12 19:01:14, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001c smb_io_unihdr hdr_name
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001c uni_str_len: 0028
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001e uni_max_len: 0028
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0020 buffer     : 00000001
[2007/12/12 19:01:14, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000024 smb_io_unistr2 dom_name
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0024 uni_max_len: 00000014
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0028 offset     : 00000000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          002c uni_str_len: 00000014
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0030 buffer     : D.O.M.A.I.N.\.i.n.e.t.u.s.e.r.
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0058 num_trans_entries : 00000000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      005c ptr_trans_sids : 00000000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0060 lookup_level   : 0001
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 mapped_count   : 00000000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0098
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0010
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000a
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000068
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000e
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000080 smb_io_rpc_hdr_auth hdr_auth
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0080 auth_type    : 09
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0081 auth_level   : 06
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0082 auth_pad_len : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0083 auth_reserved: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0084 auth_context_id: 00000001
[2007/12/12 19:01:14, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249)
  ntlmssp_seal_data: seal
[2007/12/12 19:01:14, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domai pipe \lsarpc fnum 0x8018
[2007/12/12 19:01:14, 5] lib/util.c:show_msg(484)
[2007/12/12 19:01:14, 5] lib/util.c:show_msg(494)
  size=234
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=30722
  smb_pid=3057
  smb_uid=10240
  smb_mid=19
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/12 19:01:14, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 98  00 10 00 0A 00 00 00 68  ........ .......h
  [020] 00 00 00 00 00 0E 00 7D  26 7F 23 F7 68 C5 49 2F  .......} &.#?h?I/
  [030] 97 94 BB 12 F4 09 D5 4A  09 4F E7 D5 7E 06 8D C5  ..?.?.?J .O??~..?
  [040] 25 BC CB D9 57 C4 4F 58  0A 46 8F 00 42 BD 65 5A  %???W?OX .F..B?eZ
  [050] 5D 14 30 BD E7 F2 98 12  AD C5 24 86 C2 12 C2 AB  ].0???.. ??$.?.??
  [060] 90 81 A7 F7 69 96 1D C3  B8 F6 C4 3E 77 E2 6D 09  ..??i..? ???>w?m.
  [070] 5F 0B FE 90 32 02 2E 28  E4 A9 7C B4 CE C3 C1 1D  _.?.2..( ??|????.
  [080] 57 35 24 CD 63 6F 39 6A  2C C7 BC FD AA FA AA 09  W5$?co9j ,??????.
  [090] 06 00 00 01 00 00 00 01  00 00 00 91 37 9C 6B D3  ........ ....7.k?
  [0A0] BB 83 72 03 00 00 00                              ?.r.... 
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 34
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/12 19:01:14, 10] lib/util.c:dump_data(2264)
  [000] 51 E4 F2 7D 24 BB 83 FD                           Q??}$?.? 
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 35 mid = 19
[2007/12/12 19:01:14, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(18,238)
[2007/12/12 19:01:14, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(18,238) wrote 238
[2007/12/12 19:01:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 232
[2007/12/12 19:01:14, 5] lib/util.c:show_msg(484)
[2007/12/12 19:01:14, 5] lib/util.c:show_msg(494)
  size=232
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=30722
  smb_pid=3057
  smb_uid=10240
  smb_mid=19
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  176 (0xB0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  176 (0xB0)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/12 19:01:14, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 B0 00 10 00 0A 00 00  ........ .?......
  [010] 00 80 00 00 00 00 00 00  00 E8 F7 2D 36 77 D9 CE  ........ .??-6w??
  [020] 9B 1E DF 43 65 3C 08 0B  61 68 01 BF 74 BC A0 A4  ..?Ce<.. ah.?t???
  [030] 29 29 47 63 21 03 8C 4C  37 15 F2 BA 21 A7 60 82  ))Gc!..L 7.??!?`.
  [040] C2 A5 26 9E F5 BD 30 6C  E3 B2 1B 0E B5 A3 C4 1F  ??&.??0l ??..???.
  [050] E7 DD 81 80 BB A2 39 11  2B 9D BA 20 AB CE 1B D6  ??..??9. +.? ??.?
  [060] 27 87 20 8A 44 3A EA 84  95 B9 43 FC 5E 13 C8 AB  '. .D:?. .?C?^.??
  [070] A6 E9 69 0C CA 7B 74 71  CD 80 37 B1 55 10 A3 35  ??i.?{tq ?.7?U.?5
  [080] 83 CF 9E B8 DE 4D AC 0F  3A 4D 95 24 F9 E8 37 E9  .?.??M?. :M.$??7?
  [090] 94 35 F7 5B E9 F0 43 45  27 09 06 00 00 01 00 00  .5?[??CE '.......
  [0A0] 00 01 00 00 00 08 AC 7D  47 D4 B3 46 99 03 00 00  ......?} G??F....
  [0B0] 00                                                . 
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 35 mid = 19
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 35
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 35: got good SMB signature of
[2007/12/12 19:01:14, 10] lib/util.c:dump_data(2264)
  [000] 8C 47 25 D0 9C 0E 8F 25                           .G%?...% 
[2007/12/12 19:01:14, 5] lib/util.c:show_msg(484)
[2007/12/12 19:01:14, 5] lib/util.c:show_msg(494)
  size=232
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=30722
  smb_pid=3057
  smb_uid=10240
  smb_mid=19
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  176 (0xB0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  176 (0xB0)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/12 19:01:14, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 B0 00 10 00 0A 00 00  ........ .?......
  [010] 00 80 00 00 00 00 00 00  00 E8 F7 2D 36 77 D9 CE  ........ .??-6w??
  [020] 9B 1E DF 43 65 3C 08 0B  61 68 01 BF 74 BC A0 A4  ..?Ce<.. ah.?t???
  [030] 29 29 47 63 21 03 8C 4C  37 15 F2 BA 21 A7 60 82  ))Gc!..L 7.??!?`.
  [040] C2 A5 26 9E F5 BD 30 6C  E3 B2 1B 0E B5 A3 C4 1F  ??&.??0l ??..???.
  [050] E7 DD 81 80 BB A2 39 11  2B 9D BA 20 AB CE 1B D6  ??..??9. +.? ??.?
  [060] 27 87 20 8A 44 3A EA 84  95 B9 43 FC 5E 13 C8 AB  '. .D:?. .?C?^.??
  [070] A6 E9 69 0C CA 7B 74 71  CD 80 37 B1 55 10 A3 35  ??i.?{tq ?.7?U.?5
  [080] 83 CF 9E B8 DE 4D AC 0F  3A 4D 95 24 F9 E8 37 E9  .?.??M?. :M.$??7?
  [090] 94 35 F7 5B E9 F0 43 45  27 09 06 00 00 01 00 00  .5?[??CE '.......
  [0A0] 00 01 00 00 00 08 AC 7D  47 D4 B3 46 99 03 00 00  ......?} G??F....
  [0B0] 00                                                . 
[2007/12/12 19:01:14, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 35 mid = 19
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 00b0
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0010
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000a
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000080
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000098 smb_io_rpc_hdr_auth hdr_auth
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0098 auth_type    : 09
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0099 auth_level   : 06
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      009a auth_pad_len : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      009b auth_reserved: 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      009c auth_context_id: 00000001
[2007/12/12 19:01:14, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310)
  ntlmssp_unseal_packet: seal
[2007/12/12 19:01:14, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223)
  ntlmssp_check_packet: NTLMSSP signature OK !
[2007/12/12 19:01:14, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0
[2007/12/12 19:01:14, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 176 at offset 0
[2007/12/12 19:01:14, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domai pipe \lsarpc fnum 0x8018 returned 256 bytes.
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_names 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00020000
[2007/12/12 19:01:14, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_dom_r_ref 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 num_ref_doms_1: 00000001
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 ptr_ref_dom   : 00020004
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c max_entries   : 00000020
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 num_ref_doms_2: 00000001
[2007/12/12 19:01:14, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000014 smb_io_unihdr dom_ref[0] 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0014 uni_str_len: 0016
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0016 uni_max_len: 0018
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0018 buffer     : 00020008
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c sid_ptr[0] : 0002000c
[2007/12/12 19:01:14, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_unistr2 dom_ref[0] 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 uni_max_len: 0000000c
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0024 offset     : 00000000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0028 uni_str_len: 0000000b
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              002c buffer     : D.O.M.A.I.N.
[2007/12/12 19:01:14, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000044 smb_io_dom_sid2 sid_ptr[0] 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 num_auths: 00000004
[2007/12/12 19:01:14, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000048 smb_io_dom_sid sid
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0048 sid_rev_num: 01
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0049 num_auths  : 04
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004a id_auth[0] : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004b id_auth[1] : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004c id_auth[2] : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004d id_auth[3] : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004e id_auth[4] : 00
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004f id_auth[5] : 05
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32s(997)
                  0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0060 num_entries: 00000001
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 ptr_entries: 00020010
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0068 num_entries2: 00000001
[2007/12/12 19:01:14, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00006c smb_io_dom_rid 
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          006c type   : 0002
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0070 rid    : 000004d7
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0074 rid_idx: 00000000
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0078 mapped_count: 00000001
[2007/12/12 19:01:14, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      007c status      : NT_STATUS_OK
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(399)
  fetch_cache_seqnum: timeout [DOMAIN][3129565 @ 1197482466]
[2007/12/12 19:01:14, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
  ads: fetch sequence_number for DOMAIN
[2007/12/12 19:01:14, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/12 19:01:14, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 35800 seconds (at 1197518274, time is now 1197482474)
[2007/12/12 19:01:14, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <> gave 1 replies
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(435)
  store_cache_seqnum: success [DOMAIN][3129565 @ 1197482474]
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3129565
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(819)
  wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(842)
  wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1239 -> inetuser
[2007/12/12 19:01:14, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1239]
[2007/12/12 19:01:14, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning valid cache entry: key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239, value = IDMAP/GID/3049, timeout = Wed Dec 12 19:12:26 2007
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(222)
  group SID S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1891)
  lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN
[2007/12/12 19:01:14, 10] nsswitch/winbindd_ads.c:lookup_groupmem(861)
  ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:01:14, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/12 19:01:14, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 35800 seconds (at 1197518274, time is now 1197482474)
[2007/12/12 19:01:14, 10] nsswitch/winbindd_ads.c:lookup_groupmem(901)
  Searching for attrs[0] = member, attrs[1] = usnChanged
[2007/12/12 19:01:14, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\D7\04\00\00) in <dc=DOMAIN> gave 1 replies
[2007/12/12 19:01:14, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/12 19:01:14, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Karen Marienhagen,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/12 19:01:14, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/12 19:01:14, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Anja Babst,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/12 19:01:14, 3] nsswitch/winbindd_ads.c:lookup_groupmem(995)
  ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: DOMAIN time ok
[2007/12/12 19:01:14, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3129565
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(369)
  looked up 2 names
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	               karen S-1-5-21-573177630-792016305-1830848205-1127 1
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                  ab S-1-5-21-573177630-792016305-1830848205-1125 1
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 6 = 6
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 3 = 9
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending karen at ndx 0
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending ab at ndx 6
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(443)
  num_mem = 2, len = 9, mem = karen,ab
[2007/12/12 19:01:14, 10] nsswitch/winbindd_group.c:fill_grent_mem(450)
  fill_grent_mem returning 1



3) Removal of "karen" from group "inetuser" at one of our two ADS


4) # wbinfo -r karen
3018
3019
3001
3049

[2007/12/12 19:04:01, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2007/12/12 19:04:01, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/12 19:04:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 3343]: request interface version
[2007/12/12 19:04:01, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/12 19:04:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 3343]: request location of privileged pipe
[2007/12/12 19:04:01, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2007/12/12 19:04:01, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGROUPS
[2007/12/12 19:04:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
  [ 3343]: getgroups karen
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8391050
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999977
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8391050 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8391050
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8391050 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=225
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390b68
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390b68 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3058
[2007/12/12 19:04:01, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/12 19:04:01, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1379)
  Expanding our own local groups
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 83921e8
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 83921e8 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3172
[2007/12/12 19:04:01, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/12 19:04:01, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1389)
  Expanding our own BUILTIN groups
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390c70
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390c70 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3173
[2007/12/12 19:04:01, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/12 19:04:01, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1158 to a gid
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390cd0
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390cd0 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174
[2007/12/12 19:04:01, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1159 to a gid
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8390d30
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8390d30 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174
[2007/12/12 19:04:01, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-513 to a gid
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 836ea08
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 836ea08 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174
[2007/12/12 19:04:01, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1239 to a gid
[2007/12/12 19:04:01, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 836ea68
[2007/12/12 19:04:01, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/12 19:04:01, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 836ea68 "async_request_timeout"
[2007/12/12 19:04:01, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3174


5) # getent group inetuser
inetuser:x:3049:ab

[2007/12/12 19:05:00, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2007/12/12 19:05:00, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/12 19:05:00, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 3380]: request interface version
[2007/12/12 19:05:00, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/12 19:05:00, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 3380]: request location of privileged pipe
[2007/12/12 19:05:00, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2007/12/12 19:05:00, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGRNAM
[2007/12/12 19:05:00, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(475)
  [ 3380]: getgrnam inetuser
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:name_to_sid(1388)
  name_to_sid: [Cached] - doing backend query for name for domain DOMAIN
[2007/12/12 19:05:00, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(256)
  rpc: name_to_sid name=DOMAIN\inetuser
[2007/12/12 19:05:00, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(266)
  name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN
[2007/12/12 19:05:00, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1574)
  init_q_lookup_names
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_lookup_names 
[2007/12/12 19:05:00, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/12 19:05:00, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : c7da735a
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : 20d8
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 43f9
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : bf 76 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 0e 12 0a 83 42 a8 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0014 num_entries    : 00000001
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0018 num_entries2   : 00000001
[2007/12/12 19:05:00, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001c smb_io_unihdr hdr_name
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001c uni_str_len: 0028
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001e uni_max_len: 0028
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0020 buffer     : 00000001
[2007/12/12 19:05:00, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000024 smb_io_unistr2 dom_name
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0024 uni_max_len: 00000014
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0028 offset     : 00000000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          002c uni_str_len: 00000014
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0030 buffer     : D.O.M.A.I.N.\.i.n.e.t.u.s.e.r.
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0058 num_trans_entries : 00000000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      005c ptr_trans_sids : 00000000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0060 lookup_level   : 0001
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 mapped_count   : 00000000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0098
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0010
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000b
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000068
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000e
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000080 smb_io_rpc_hdr_auth hdr_auth
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0080 auth_type    : 09
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0081 auth_level   : 06
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0082 auth_pad_len : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0083 auth_reserved: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0084 auth_context_id: 00000001
[2007/12/12 19:05:00, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249)
  ntlmssp_seal_data: seal
[2007/12/12 19:05:00, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domai pipe \lsarpc fnum 0x8018
[2007/12/12 19:05:00, 5] lib/util.c:show_msg(484)
[2007/12/12 19:05:00, 5] lib/util.c:show_msg(494)
  size=234
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=30722
  smb_pid=3057
  smb_uid=10240
  smb_mid=20
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/12 19:05:00, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 98  00 10 00 0B 00 00 00 68  ........ .......h
  [020] 00 00 00 00 00 0E 00 9B  A0 F7 86 E4 A6 C0 3F 2C  ........ ??.????,
  [030] 5E A5 1E E2 65 7C 73 86  B2 30 61 F8 DD 35 3F 80  ^?.?e|s. ?0a??5?.
  [040] C3 6D 4E F1 95 12 F3 22  62 F2 B0 C6 6C FB CC CE  ?mN?..?" b???l???
  [050] 64 95 FF 66 D9 F9 9A 36  C5 09 98 9C 9A CD 03 60  d.?f??.6 ?....?.`
  [060] 44 38 37 65 D4 A5 12 0F  65 2C 21 20 03 F4 A0 77  D87e??.. e,! .??w
  [070] 17 34 E5 A6 4C B6 A3 13  94 ED 2B A9 52 72 4A 58  .4??L??. .?+?RrJX
  [080] 40 9E 39 05 D7 29 AB 82  99 D0 88 43 92 87 37 09  @.9.?)?. .?.C..7.
  [090] 06 00 00 01 00 00 00 01  00 00 00 CB 24 2D A6 8E  ........ ...?$-?.
  [0A0] 2E FA 3A 04 00 00 00                              .?:.... 
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 36
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/12 19:05:00, 10] lib/util.c:dump_data(2264)
  [000] B7 B6 5E 6E 03 FF 0E 24                           ??^n.?.$ 
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 37 mid = 20
[2007/12/12 19:05:00, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(18,238)
[2007/12/12 19:05:00, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(18,238) wrote 238
[2007/12/12 19:05:00, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 232
[2007/12/12 19:05:00, 5] lib/util.c:show_msg(484)
[2007/12/12 19:05:00, 5] lib/util.c:show_msg(494)
  size=232
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=30722
  smb_pid=3057
  smb_uid=10240
  smb_mid=20
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  176 (0xB0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  176 (0xB0)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/12 19:05:00, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 B0 00 10 00 0B 00 00  ........ .?......
  [010] 00 80 00 00 00 00 00 00  00 70 53 3A 6B A1 37 A0  ........ .pS:k?7?
  [020] C0 7D D5 A5 B3 E5 79 A3  AF B9 6E 9E A2 B8 86 FC  ?}????y? ??n.??.?
  [030] 2B 72 32 F8 EB F4 D0 F3  92 78 21 7B 07 C2 A9 DA  +r2????? .x!{.???
  [040] A6 3A 72 D7 A6 EA 9B AC  32 94 45 D8 D2 BC 4C 13  ?:r???.? 2.E???L.
  [050] 48 4E 5C 43 3C 84 BE 6A  77 B4 D0 7F 88 22 F8 A9  HN\C<.?j w??.."??
  [060] 43 65 FA 5A 5D 1A 4B D5  D0 43 E5 5C CA A9 25 09  Ce?Z].K? ?C?\??%.
  [070] AC 9B 22 88 AE 2C 57 08  A1 31 44 6F 7D ED 45 4C  ?.".?,W. ?1Do}?EL
  [080] CE 2A 8B 08 2D 3A AC 32  49 B0 5D CA AA A1 26 ED  ?*..-:?2 I?]???&?
  [090] 36 26 7F A9 54 EA 46 B6  D8 09 06 00 00 01 00 00  6&.?T?F? ?.......
  [0A0] 00 01 00 00 00 FD 0E 47  9E B8 CA CD E8 04 00 00  .....?.G .????...
  [0B0] 00                                                . 
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 37 mid = 20
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 37
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 37: got good SMB signature of
[2007/12/12 19:05:00, 10] lib/util.c:dump_data(2264)
  [000] CC 34 ED DF F8 F7 6F A8                           ?4????o? 
[2007/12/12 19:05:00, 5] lib/util.c:show_msg(484)
[2007/12/12 19:05:00, 5] lib/util.c:show_msg(494)
  size=232
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=30722
  smb_pid=3057
  smb_uid=10240
  smb_mid=20
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  176 (0xB0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  176 (0xB0)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/12 19:05:00, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 B0 00 10 00 0B 00 00  ........ .?......
  [010] 00 80 00 00 00 00 00 00  00 70 53 3A 6B A1 37 A0  ........ .pS:k?7?
  [020] C0 7D D5 A5 B3 E5 79 A3  AF B9 6E 9E A2 B8 86 FC  ?}????y? ??n.??.?
  [030] 2B 72 32 F8 EB F4 D0 F3  92 78 21 7B 07 C2 A9 DA  +r2????? .x!{.???
  [040] A6 3A 72 D7 A6 EA 9B AC  32 94 45 D8 D2 BC 4C 13  ?:r???.? 2.E???L.
  [050] 48 4E 5C 43 3C 84 BE 6A  77 B4 D0 7F 88 22 F8 A9  HN\C<.?j w??.."??
  [060] 43 65 FA 5A 5D 1A 4B D5  D0 43 E5 5C CA A9 25 09  Ce?Z].K? ?C?\??%.
  [070] AC 9B 22 88 AE 2C 57 08  A1 31 44 6F 7D ED 45 4C  ?.".?,W. ?1Do}?EL
  [080] CE 2A 8B 08 2D 3A AC 32  49 B0 5D CA AA A1 26 ED  ?*..-:?2 I?]???&?
  [090] 36 26 7F A9 54 EA 46 B6  D8 09 06 00 00 01 00 00  6&.?T?F? ?.......
  [0A0] 00 01 00 00 00 FD 0E 47  9E B8 CA CD E8 04 00 00  .....?.G .????...
  [0B0] 00                                                . 
[2007/12/12 19:05:00, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 37 mid = 20
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 00b0
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0010
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000b
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000080
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000098 smb_io_rpc_hdr_auth hdr_auth
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0098 auth_type    : 09
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0099 auth_level   : 06
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      009a auth_pad_len : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      009b auth_reserved: 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      009c auth_context_id: 00000001
[2007/12/12 19:05:00, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310)
  ntlmssp_unseal_packet: seal
[2007/12/12 19:05:00, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223)
  ntlmssp_check_packet: NTLMSSP signature OK !
[2007/12/12 19:05:00, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0
[2007/12/12 19:05:00, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 176 at offset 0
[2007/12/12 19:05:00, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domai pipe \lsarpc fnum 0x8018 returned 256 bytes.
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_names 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00020000
[2007/12/12 19:05:00, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_dom_r_ref 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 num_ref_doms_1: 00000001
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 ptr_ref_dom   : 00020004
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c max_entries   : 00000020
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 num_ref_doms_2: 00000001
[2007/12/12 19:05:00, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000014 smb_io_unihdr dom_ref[0] 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0014 uni_str_len: 0016
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0016 uni_max_len: 0018
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0018 buffer     : 00020008
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c sid_ptr[0] : 0002000c
[2007/12/12 19:05:00, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_unistr2 dom_ref[0] 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 uni_max_len: 0000000c
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0024 offset     : 00000000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0028 uni_str_len: 0000000b
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              002c buffer     : D.O.M.A.I.N.
[2007/12/12 19:05:00, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000044 smb_io_dom_sid2 sid_ptr[0] 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 num_auths: 00000004
[2007/12/12 19:05:00, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000048 smb_io_dom_sid sid
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0048 sid_rev_num: 01
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0049 num_auths  : 04
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004a id_auth[0] : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004b id_auth[1] : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004c id_auth[2] : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004d id_auth[3] : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004e id_auth[4] : 00
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004f id_auth[5] : 05
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32s(997)
                  0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0060 num_entries: 00000001
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 ptr_entries: 00020010
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0068 num_entries2: 00000001
[2007/12/12 19:05:00, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00006c smb_io_dom_rid 
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          006c type   : 0002
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0070 rid    : 000004d7
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0074 rid_idx: 00000000
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0078 mapped_count: 00000001
[2007/12/12 19:05:00, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      007c status      : NT_STATUS_OK
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(399)
  fetch_cache_seqnum: timeout [DOMAIN][3129571 @ 1197482671]
[2007/12/12 19:05:00, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
  ads: fetch sequence_number for DOMAIN
[2007/12/12 19:05:00, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/12 19:05:00, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 35574 seconds (at 1197518274, time is now 1197482700)
[2007/12/12 19:05:00, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <> gave 1 replies
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(435)
  store_cache_seqnum: success [DOMAIN][3129571 @ 1197482700]
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3129571
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(819)
  wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(842)
  wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1239 -> inetuser
[2007/12/12 19:05:00, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1239]
[2007/12/12 19:05:00, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning valid cache entry: key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239, value = IDMAP/GID/3049, timeout = Wed Dec 12 19:12:26 2007
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(222)
  group SID S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1891)
  lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN
[2007/12/12 19:05:00, 10] nsswitch/winbindd_ads.c:lookup_groupmem(861)
  ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:05:00, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/12 19:05:00, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 35574 seconds (at 1197518274, time is now 1197482700)
[2007/12/12 19:05:00, 10] nsswitch/winbindd_ads.c:lookup_groupmem(901)
  Searching for attrs[0] = member, attrs[1] = usnChanged
[2007/12/12 19:05:00, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\D7\04\00\00) in <dc=DOMAIN> gave 1 replies
[2007/12/12 19:05:00, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/12 19:05:00, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Anja Babst,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/12 19:05:00, 3] nsswitch/winbindd_ads.c:lookup_groupmem(995)
  ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: DOMAIN time ok
[2007/12/12 19:05:00, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3129571
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(369)
  looked up 1 names
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                  ab S-1-5-21-573177630-792016305-1830848205-1125 1
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 3 = 3
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending ab at ndx 0
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(443)
  num_mem = 1, len = 3, mem = ab
[2007/12/12 19:05:00, 10] nsswitch/winbindd_group.c:fill_grent_mem(450)
  fill_grent_mem returning 1



Second Example:
---------------
"wbinfo -r" fails to recognise the addition of user "guru" to group
"inetuser"

1) # wbinfo -r guru
3050
3018
3011
3019
3009
3026
3025
3021
3024


[2007/12/13 14:41:43, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:41:43, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:41:43, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 5967]: request interface version
[2007/12/13 14:41:43, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:41:43, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 5967]: request location of privileged pipe
[2007/12/13 14:41:43, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:41:43, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGROUPS
[2007/12/13 14:41:43, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
  [ 5967]: getgroups guru
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=269
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999977
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=181
[2007/12/13 14:41:43, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1379)
  Expanding our own local groups
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3632
[2007/12/13 14:41:43, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:41:43, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1389)
  Expanding our own BUILTIN groups
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3633
[2007/12/13 14:41:43, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1240 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1158 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-512 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1159 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-519 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1202 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1199 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999980
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1170 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cdf0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cdf0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:41:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1198 to a gid
[2007/12/13 14:41:43, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839cfc0
[2007/12/13 14:41:43, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:41:43, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839cfc0 "async_request_timeout"
[2007/12/13 14:41:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634


2) # getent group inetuser
inetuser:x:3049:karen,ab

[2007/12/13 14:43:13, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:43:13, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:43:13, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 5979]: request interface version
[2007/12/13 14:43:13, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:43:13, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 5979]: request location of privileged pipe
[2007/12/13 14:43:13, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:43:13, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGRNAM
[2007/12/13 14:43:13, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(475)
  [ 5979]: getgrnam inetuser
[2007/12/13 14:43:13, 10] nsswitch/winbindd_cache.c:name_to_sid(1388)
  name_to_sid: [Cached] - doing backend query for name for domain DOMAIN
[2007/12/13 14:43:13, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(256)
  rpc: name_to_sid name=DOMAIN\inetuser
[2007/12/13 14:43:13, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(266)
  name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN
[2007/12/13 14:43:13, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 22
[2007/12/13 14:43:13, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:13, 10] lib/util.c:dump_data(2264)
  [000] 0E 58 DB 12 43 B2 B2 14                           .X..C... 
[2007/12/13 14:43:13, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 23 mid = 13
[2007/12/13 14:43:13, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,104)
[2007/12/13 14:43:13, 0] lib/util_sock.c:write_data(564)
  write_data: write failure. Error = Connection reset by peer
[2007/12/13 14:43:13, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,104) wrote -1
[2007/12/13 14:43:13, 0] libsmb/clientgen.c:write_socket(159)
  write_socket: Error writing 104 bytes to socket 19: ERRNO = Connection reset by peer
[2007/12/13 14:43:13, 0] libsmb/clientgen.c:cli_send_smb(189)
  Error writing 104 bytes to client. -1 (Connection reset by peer)
[2007/12/13 14:43:13, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
  cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine ad1.domain.  Error was Write error: Connection reset by peer
[2007/12/13 14:43:13, 10] nsswitch/winbindd_cm.c:cm_connect_lsa(1867)
  cm_connect_lsa: failed to connect to LSA pipe for domain DOMAIN using NTLMSSP authenticated pipe: user DOMAIN\UPUAUT$. Error was NT_STATUS_UNEXPECTED_NETWORK_ERROR. Trying schannel.
[2007/12/13 14:43:13, 3] nsswitch/winbindd_cm.c:connection_ok(1455)
  connection_ok: Connection to ad1.domain for domain DOMAIN has died or was never started (fd == -1)
[2007/12/13 14:43:13, 10] lib/gencache.c:gencache_get(226)
  Returning expired cache entry: key = SAF/DOMAIN/DOMAIN, value = 192.168.XX.10, timeout = Thu Dec 13 12:03:00 2007
[2007/12/13 14:43:13, 5] libsmb/namequery.c:saf_fetch(133)
  saf_fetch: failed to find server for "DOMAIN" domain
[2007/12/13 14:43:13, 10] nsswitch/winbindd_cm.c:cm_open_connection(1312)
  cm_open_connection: dcname is 'ad1.domain' for domain DOMAIN
[2007/12/13 14:43:13, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOMAIN, value = Kaltenkirchen, timeout = Tue Jan 19 04:14:07 2038
[2007/12/13 14:43:13, 5] libads/dns.c:sitename_fetch(677)
  sitename_fetch: Returning sitename for DOMAIN: "Kaltenkirchen"
[2007/12/13 14:43:13, 10] libsmb/namequery.c:internal_resolve_name(1166)
  internal_resolve_name: looking up ad1.domain#20 (sitename Kaltenkirchen)
[2007/12/13 14:43:13, 10] lib/gencache.c:gencache_get(226)
  Returning expired cache entry: key = NBT/DJHUTI.DOMAIN#20, value = 192.168.XX.4:0, timeout = Thu Dec 13 11:43:25 2007
[2007/12/13 14:43:13, 5] libsmb/namecache.c:namecache_fetch(210)
  no entry for ad1.domain#20 found.
[2007/12/13 14:43:13, 3] libsmb/namequery.c:resolve_wins(863)
  resolve_wins: Attempting wins lookup for name ad1.domain<0x20>
[2007/12/13 14:43:13, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = WINS_SRV_DEAD/192.168.XX.30,0.0.0.0 couldn't be found
[2007/12/13 14:43:13, 4] lib/wins_srv.c:wins_srv_is_dead(111)
  wins_srv_is_dead: 192.168.XX.30 is alive
[2007/12/13 14:43:13, 6] lib/wins_srv.c:wins_srv_ip_tag(311)
  Current wins server for tag '*' with source 0.0.0.0 is 192.168.XX.30
[2007/12/13 14:43:13, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = WINS_SRV_DEAD/192.168.XX.30,0.0.0.0 couldn't be found
[2007/12/13 14:43:13, 4] lib/wins_srv.c:wins_srv_is_dead(111)
  wins_srv_is_dead: 192.168.XX.30 is alive
[2007/12/13 14:43:13, 3] libsmb/namequery.c:resolve_wins(902)
  resolve_wins: using WINS server 192.168.XX.30 and tag '*'
[2007/12/13 14:43:13, 10] lib/util_sock.c:open_socket_in(839)
  bind succeeded on port 0
[2007/12/13 14:43:13, 5] libsmb/nmblib.c:send_udp(777)
  Sending a packet of len 50 to (192.168.XX.30) on port 137
[2007/12/13 14:43:13, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:13, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:13, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:13, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:13, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:13, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:14, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 5] libsmb/nmblib.c:send_udp(777)
  Sending a packet of len 50 to (192.168.XX.30) on port 137
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:15, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:16, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 5] libsmb/nmblib.c:send_udp(777)
  Sending a packet of len 50 to (192.168.XX.30) on port 137
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:17, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:18, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:19, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:19, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:19, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:19, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:19, 2] lib/util_tdb.c:tdb_log(664)
  tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = WINS_SRV_DEAD/192.168.XX.30,0.0.0.0 couldn't be found
[2007/12/13 14:43:19, 4] lib/wins_srv.c:wins_srv_is_dead(111)
  wins_srv_is_dead: 192.168.XX.30 is alive
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = WINS_SRV_DEAD/192.168.XX.30,0.0.0.0; value = DOWN and timeout = Thu Dec 13 14:53:19 2007
   (600 seconds ahead)
[2007/12/13 14:43:19, 4] lib/wins_srv.c:wins_srv_died(148)
  Marking wins server 192.168.XX.30 dead for 600 seconds from source 192.168.XX.30
[2007/12/13 14:43:19, 3] libsmb/namequery.c:resolve_hosts(1029)
  resolve_hosts: Attempting host lookup for name ad1.domain<0x20>
[2007/12/13 14:43:19, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/12/13 14:43:19, 5] libsmb/namecache.c:namecache_store(135)
  namecache_store: storing 1 address for ad1.domain#20: 192.168.XX.4:0
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = NBT/DJHUTI.DOMAIN#20; value = 192.168.XX.4:0 and timeout = Thu Dec 13 14:54:19 2007
   (660 seconds ahead)
[2007/12/13 14:43:19, 10] libsmb/namequery.c:internal_resolve_name(1293)
  internal_resolve_name: returning 1 addresses: 192.168.XX.4:0 
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cm.c:cm_prepare_connection(612)
  cm_prepare_connection: connecting to DC ad1.domain for domain DOMAIN
[2007/12/13 14:43:19, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(504)
  cm_get_ipc_userpass: Retrieved auth-user from secrets.tdb [DOMAIN\guru]
[2007/12/13 14:43:19, 10] passdb/secrets.c:secrets_named_mutex(929)
  secrets_named_mutex: got mutex for ad1.domain
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,194)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,194) wrote 194
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 176
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=176
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=2865
  smb_uid=0
  smb_mid=1
  smt_wct=17
  smb_vwv[ 0]=    9 (0x9)
  smb_vwv[ 1]=12815 (0x320F)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 12 A0 85 5C 81 E7 52 4F  93 01 E9 7F 0F E5 93 E1  ...\..RO ........
  [010] 60 59 06 06 2B 06 01 05  05 02 A0 4F 30 4D A0 30  `Y..+... ...O0M.0
  [020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
  [030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
  [040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
  [050] A3 19 30 17 A0 15 1B 13  64 6A 68 75 74 69 24 40  ..0..... ad1$@
  [060] 44 41 54 41 53 59 53 54  45 4D 45                 DATASYST EME
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=176
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=2865
  smb_uid=0
  smb_mid=1
  smt_wct=17
  smb_vwv[ 0]=    9 (0x9)
  smb_vwv[ 1]=12815 (0x320F)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 12 A0 85 5C 81 E7 52 4F  93 01 E9 7F 0F E5 93 E1  ...\..RO ........
  [010] 60 59 06 06 2B 06 01 05  05 02 A0 4F 30 4D A0 30  `Y..+... ...O0M.0
  [020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
  [030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
  [040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
  [050] A3 19 30 17 A0 15 1B 13  64 6A 68 75 74 69 24 40  ..0..... ad1$@
  [060] 44 41 54 41 53 59 53 54  45 4D 45                 DATASYST EME
[2007/12/13 14:43:19, 5] nsswitch/winbindd_cm.c:cm_prepare_connection(698)
  connecting to ad1.domain from UPUAUT with kerberos principal [UPUAUT$@DOMAIN]
[2007/12/13 14:43:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(793)
  Doing spnego session setup (blob length=107)
[2007/12/13 14:43:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 48018 1 2 2
[2007/12/13 14:43:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 113554 1 2 2
[2007/12/13 14:43:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 113554 1 2 2 3
[2007/12/13 14:43:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 3 6 1 4 1 311 2 2 10
[2007/12/13 14:43:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(826)
  got principal=ad1$@DOMAIN
[2007/12/13 14:43:19, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
  kerberos_kinit_password: using [MEMORY:cliconnect] as ccache and config [/var/run/samba/smb_krb5/krb5.conf.DOMAIN]
[2007/12/13 14:43:19, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
  Doing kerberos session setup
[2007/12/13 14:43:19, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 14 Dec 2007 00:43:19 CET
[2007/12/13 14:43:19, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
  ads_krb5_mk_req: Ticket (ad1$@DOMAIN) in ccache (MEMORY:cliconnect) is valid until: (Fri, 14 Dec 2007 00:43:19 CET - 1197589399)
[2007/12/13 14:43:19, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
  Got KRB5 session key of length 16
[2007/12/13 14:43:19, 5] libsmb/smb_signing.c:set_smb_signing_real_common(141)
  Mandatory SMB signing enabled!
[2007/12/13 14:43:19, 5] libsmb/smb_signing.c:set_smb_signing_real_common(145)
  SMB signing enabled!
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:cli_simple_set_signing(490)
  cli_simple_set_signing: user_session_key
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 16 B6 45 0B 3A 39 F7 49  77 48 64 CD 3E E5 83 D5  ..E.:9.I wHd.>...
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:cli_simple_set_signing(498)
  cli_simple_set_signing: NULL response_data
[2007/12/13 14:43:19, 10] libsmb/cliconnect.c:cli_session_setup_blob(572)
  cli_session_setup_blob: Remaining (0) sending (1162) current (1162)
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 0
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] AE 5A D6 68 86 8D 52 9D                           .Z.h..R. 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 1 mid = 2
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,1248)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,1248) wrote 1248
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 197
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=197
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=0
  smb_pid=2865
  smb_uid=10243
  smb_mid=2
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  197 (0xC5)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=   26 (0x1A)
  smb_bcc=154
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] A1 18 30 16 A0 03 0A 01  00 A1 0B 06 09 2A 86 48  ..0..... .....*.H
  [010] 82 F7 12 01 02 02 A2 02  04 00 87 57 00 69 00 6E  ........ ...W.i.n
  [020] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
  [030] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
  [040] 00 20 00 33 00 37 00 39  00 30 00 20 00 53 00 65  . .3.7.9 .0. .S.e
  [050] 00 72 00 76 00 69 00 63  00 65 00 20 00 50 00 61  .r.v.i.c .e. .P.a
  [060] 00 63 00 6B 00 20 00 32  00 00 00 57 00 69 00 6E  .c.k. .2 ...W.i.n
  [070] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
  [080] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
  [090] 00 20 00 35 00 2E 00 32  00 00                    . .5...2 ..
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 1 mid = 2
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 1
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 1: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] BC 94 91 89 BC AA E8 E3                           ........ 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=197
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=0
  smb_pid=2865
  smb_uid=10243
  smb_mid=2
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  197 (0xC5)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=   26 (0x1A)
  smb_bcc=154
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] A1 18 30 16 A0 03 0A 01  00 A1 0B 06 09 2A 86 48  ..0..... .....*.H
  [010] 82 F7 12 01 02 02 A2 02  04 00 87 57 00 69 00 6E  ........ ...W.i.n
  [020] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
  [030] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
  [040] 00 20 00 33 00 37 00 39  00 30 00 20 00 53 00 65  . .3.7.9 .0. .S.e
  [050] 00 72 00 76 00 69 00 63  00 65 00 20 00 50 00 61  .r.v.i.c .e. .P.a
  [060] 00 63 00 6B 00 20 00 32  00 00 00 57 00 69 00 6E  .c.k. .2 ...W.i.n
  [070] 00 64 00 6F 00 77 00 73  00 20 00 53 00 65 00 72  .d.o.w.s . .S.e.r
  [080] 00 76 00 65 00 72 00 20  00 32 00 30 00 30 00 33  .v.e.r.  .2.0.0.3
  [090] 00 20 00 35 00 2E 00 32  00 00                    . .5...2 ..
[2007/12/13 14:43:19, 10] libsmb/clientgen.c:cli_init_creds(254)
  cli_init_creds: user UPUAUT$ domain DOMAIN
[2007/12/13 14:43:19, 10] libsmb/namequery.c:saf_store(74)
  saf_store: domain = [DOMAIN], server = [ad1.domain], expire = [1197554299]
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/DOMAIN; value = ad1.domain and timeout = Thu Dec 13 14:58:19 2007
   (900 seconds ahead)
[2007/12/13 14:43:19, 10] libsmb/namequery.c:saf_store(74)
  saf_store: domain = [domain], server = [ad1.domain], expire = [1197554299]
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/DOMAIN; value = ad1.domain and timeout = Thu Dec 13 14:58:19 2007
   (900 seconds ahead)
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 2
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 65 1A 31 CE A7 16 E3 9E                           e.1..... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 3 mid = 3
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,104)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,104) wrote 104
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 56
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=56
  smb_com=0x75
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=3
  smt_wct=7
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=   56 (0x38)
  smb_vwv[ 2]=    1 (0x1)
  smb_vwv[ 3]=  511 (0x1FF)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=  511 (0x1FF)
  smb_vwv[ 6]=    0 (0x0)
  smb_bcc=7
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 49 50 43 00 00 00 00                              IPC.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 3 mid = 3
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 3
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 3: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 18 40 EF BC FB 95 F0 7E                           . at .....~ 
[2007/12/13 14:43:19, 10] passdb/secrets.c:secrets_named_mutex_release(941)
  secrets_named_mutex: released mutex for ad1.domain
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cm.c:set_domain_online(359)
  set_domain_online: called for domain DOMAIN
[2007/12/13 14:43:19, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285)
  Using cleartext machine password
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 4
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 44 D2 C5 EA 31 E3 27                           .D...1.' 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 5 mid = 4
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,108)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,108) wrote 108
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 103
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=103
  smb_com=0xa2
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=4
  smt_wct=34
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  103 (0x67)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]=  448 (0x1C0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 5 mid = 4
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 5
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 5: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 9B AB 29 5F 6E 19 78 C0                           ..)_n.x. 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044)
  Bind RPC Pipe[c001]: \NETLOGON auth_type 0, auth_level 0
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647)
  Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB  EF 00 01 23 45 67 CF FB  xV4.4... ...#Eg..
  [010] 01 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650)
  Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
  [010] 02 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0048
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000006
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_rb 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0018 num_contexts: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      001c context_id  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      001e num_transfer_syntaxes: 01
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001f smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 data   : 12345678
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0024 data   : 1234
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0026 data   : abcd
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0028 data   : ef 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              002a data   : 01 23 45 67 cf fb 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0030 version: 00000001
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000034 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000034 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0034 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0038 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              003a data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003c data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003e data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0044 version: 00000002
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=154
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=5
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   72 (0x48)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 0B 03 10 00 00 00 48  00 00 00 06 00 00 00 B8  .......H ........
  [020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
  [030] 56 34 12 34 12 CD AB EF  00 01 23 45 67 CF FB 01  V4.4.... ..#Eg...
  [040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
  [050] 10 48 60 02 00 00 00                              .H`.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 6
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 86 B7 8E 5A 72 67 99 52                           ...Zrg.R 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 7 mid = 5
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,158)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,158) wrote 158
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 124
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=124
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=5
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   68 (0x44)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 06 00 00  ........ .D......
  [010] 00 B8 10 B8 10 E9 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00                                    `.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 7 mid = 5
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 7
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 7: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 56 29 EE 00 8C 30 3B 30                           V)...0;0 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=124
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=5
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   68 (0x44)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 06 00 00  ........ .D......
  [010] 00 B8 10 B8 10 E9 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00                                    `.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 7 mid = 5
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0044
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000006
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 68 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001 returned 68 bytes.
[2007/12/13 14:43:19, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001 bind request returned ok.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0044
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000006
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_ba 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 000068e9
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000018 smb_io_rpc_addr_str 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0018 len: 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          001a str: \PIPE\lsass.
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000026 smb_io_rpc_results 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
          0028 num_results: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002c result     : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002e reason     : 0000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000030 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000030 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0030 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0034 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0036 data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0038 data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003a data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0040 version: 00000002
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:check_bind_response(1701)
  check_bind_response: accepted!
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277)
  cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ad1.domain and bound anonymously.
[2007/12/13 14:43:19, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46)
  cli_net_req_chal: LSA Request Challenge from UPUAUT to \\ad1.domain
[2007/12/13 14:43:19, 5] rpc_parse/parse_net.c:init_q_req_chal(679)
  init_q_req_chal: 679
[2007/12/13 14:43:19, 5] rpc_parse/parse_net.c:init_q_req_chal(688)
  init_q_req_chal: 688
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_q_req_chal 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 undoc_buffer: 00000001
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 smb_io_unistr2 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 uni_max_len: 00000015
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c uni_str_len: 00000015
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0010 buffer     : \.\.d.j.h.u.t.i...d.a.t.a.s.y.s.t.e.m.e...
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00003a smb_io_unistr2 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          003c uni_max_len: 00000007
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0040 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0044 uni_str_len: 00000007
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0048 buffer     : U.P.U.A.U.T...
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000056 smb_io_chal 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0056 data: 5d 96 ef dd d4 b9 86 7a 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0076
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000007
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 0000005e
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 0004
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=200
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=6
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  118 (0x76)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 76  00 00 00 07 00 00 00 5E  .......v .......^
  [020] 00 00 00 00 00 04 00 01  00 00 00 15 00 00 00 00  ........ ........
  [030] 00 00 00 15 00 00 00 5C  00 5C 00 64 00 6A 00 68  .......\ .\.d.j.h
  [040] 00 75 00 74 00 69 00 2E  00 64 00 61 00 74 00 61  .u.t.i.. .d.a.t.a
  [050] 00 73 00 79 00 73 00 74  00 65 00 6D 00 65 00 00  .s.y.s.t .e.m.e..
  [060] 00 00 00 07 00 00 00 00  00 00 00 07 00 00 00 55  ........ .......U
  [070] 00 50 00 55 00 41 00 55  00 54 00 00 00 5D 96 EF  .P.U.A.U .T...]..
  [080] DD D4 B9 86 7A                                    ....z 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 8
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 4A 78 44 AF FD B0 46 35                           JxD...F5 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 9 mid = 6
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,204)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,204) wrote 204
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 92
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=92
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=6
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   36 (0x24)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   36 (0x24)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 24 00 00 00 07 00 00  ........ .$......
  [010] 00 0C 00 00 00 00 00 00  00 6C 95 29 89 BE 53 60  ........ .l.)..S`
  [020] 96 00 00 00 00                                    ..... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 9 mid = 6
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 9
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 9: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 5A 25 33 85 A5 AF 8F 8B                           Z%3..... 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=92
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=6
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   36 (0x24)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   36 (0x24)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 24 00 00 00 07 00 00  ........ .$......
  [010] 00 0C 00 00 00 00 00 00  00 6C 95 29 89 BE 53 60  ........ .l.)..S`
  [020] 96 00 00 00 00                                    ..... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 9 mid = 6
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0024
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000007
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 0000000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 36 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001 returned 24 bytes.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_r_req_chal 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_chal 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0000 data: 6c 95 29 89 be 53 60 96 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      0008 status: NT_STATUS_OK
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_init(288)
  creds_client_init: neg_flags : 400701ff
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_init(289)
  creds_client_init: client chal : 5D96EFDDD4B9867A
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_init(290)
  creds_client_init: server chal : 6C952989BE536096
[2007/12/13 14:43:19, 5] libsmb/credentials.c:creds_init_64(119)
  creds_init_64
[2007/12/13 14:43:19, 5] libsmb/credentials.c:creds_init_64(120)
  	clnt_chal_in: 5D96EFDDD4B9867A
[2007/12/13 14:43:19, 5] libsmb/credentials.c:creds_init_64(121)
  	srv_chal_in : 6C952989BE536096
[2007/12/13 14:43:19, 5] libsmb/credentials.c:creds_init_64(122)
  	clnt+srv : C92B1967920DE710
[2007/12/13 14:43:19, 5] libsmb/credentials.c:creds_init_64(123)
  	sess_key_out : 2575CCC1264F83A9
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_init(308)
  creds_client_init: clnt : 2C792578E283EEB9
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_init(309)
  creds_client_init: server : 36EA6569BA493C71
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_init(310)
  creds_client_init: seed : 2C792578E283EEB9
[2007/12/13 14:43:19, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170)
  cli_net_auth2: srv:\\ad1.domain acct:UPUAUT$ sc:2 mc: UPUAUT neg: 400701ff
[2007/12/13 14:43:19, 5] rpc_parse/parse_net.c:init_q_auth_2(800)
  init_q_auth_2: 800
[2007/12/13 14:43:19, 5] rpc_parse/parse_misc.c:init_log_info(1450)
  make_log_info 1450
[2007/12/13 14:43:19, 5] rpc_parse/parse_net.c:init_q_auth_2(806)
  init_q_auth_2: 806
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_q_auth_2 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_log_info 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 undoc_buffer: 00000001
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_unistr2 unistr2
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 uni_max_len: 00000015
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0008 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              000c uni_str_len: 00000015
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              0010 buffer     : \.\.d.j.h.u.t.i...d.a.t.a.s.y.s.t.e.m.e...
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          00003a smb_io_unistr2 unistr2
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              003c uni_max_len: 00000008
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0040 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 uni_str_len: 00000008
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              0048 buffer     : U.P.U.A.U.T.$...
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0058 sec_chan: 0002
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          00005a smb_io_unistr2 unistr2
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              005c uni_max_len: 00000007
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0060 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0064 uni_str_len: 00000007
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              0068 buffer     : U.P.U.A.U.T...
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000076 smb_io_chal 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0076 data: 2c 79 25 78 e2 83 ee b9 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00007e net_io_neg_flags 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0080 neg_flags: 400701ff
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 009c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000008
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000084
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000f
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=238
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=7
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  156 (0x9C)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 9C  00 00 00 08 00 00 00 84  ........ ........
  [020] 00 00 00 00 00 0F 00 01  00 00 00 15 00 00 00 00  ........ ........
  [030] 00 00 00 15 00 00 00 5C  00 5C 00 64 00 6A 00 68  .......\ .\.d.j.h
  [040] 00 75 00 74 00 69 00 2E  00 64 00 61 00 74 00 61  .u.t.i.. .d.a.t.a
  [050] 00 73 00 79 00 73 00 74  00 65 00 6D 00 65 00 00  .s.y.s.t .e.m.e..
  [060] 00 00 00 08 00 00 00 00  00 00 00 08 00 00 00 55  ........ .......U
  [070] 00 50 00 55 00 41 00 55  00 54 00 24 00 00 00 02  .P.U.A.U .T.$....
  [080] 00 00 00 07 00 00 00 00  00 00 00 07 00 00 00 55  ........ .......U
  [090] 00 50 00 55 00 41 00 55  00 54 00 00 00 2C 79 25  .P.U.A.U .T...,y%
  [0A0] 78 E2 83 EE B9 00 00 FF  01 07 40                 x....... ..@
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 10
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] F7 ED 3A 7A DF 5B 6D 93                           ..:z.[m. 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 11 mid = 7
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,242)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,242) wrote 242
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 96
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=96
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=7
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   40 (0x28)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   40 (0x28)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 28 00 00 00 08 00 00  ........ .(......
  [010] 00 10 00 00 00 00 00 00  00 36 EA 65 69 BA 49 3C  ........ .6.ei.I<
  [020] 71 FF 01 07 40 00 00 00  00                       q... at ... .
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 11 mid = 7
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 11
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 11: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 2D F1 91 0B 80 76 E1 E5                           -....v.. 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=96
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=7
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   40 (0x28)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   40 (0x28)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 28 00 00 00 08 00 00  ........ .(......
  [010] 00 10 00 00 00 00 00 00  00 36 EA 65 69 BA 49 3C  ........ .6.ei.I<
  [020] 71 FF 01 07 40 00 00 00  00                       q... at ... .
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 11 mid = 7
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0028
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000008
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000010
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 40 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc001 returned 32 bytes.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_r_auth_2 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_chal 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          0000 data: 36 ea 65 69 ba 49 3c 71 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000008 net_io_neg_flags 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 neg_flags: 400701ff
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      000c status: NT_STATUS_OK
[2007/12/13 14:43:19, 10] libsmb/credentials.c:creds_client_check(327)
  creds_client_check: credentials check OK.
[2007/12/13 14:43:19, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346)
  rpccli_netlogon_setup_creds: server ad1.domain credential chain established.
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 12
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 95 59 15 24 88 AB 85 C0                           .Y.$.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 13 mid = 8
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,108)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,108) wrote 108
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 103
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=103
  smb_com=0xa2
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=8
  smt_wct=34
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  103 (0x67)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=  448 (0x1C0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 13 mid = 8
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 13
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 13: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 33 DD FD C1 14 48 F5 1C                           3....H.. 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044)
  Bind RPC Pipe[c000]: \NETLOGON auth_type 2, auth_level 6
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647)
  Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB  EF 00 01 23 45 67 CF FB  xV4.4... ...#Eg..
  [010] 01 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650)
  Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
  [010] 02 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_auth_schannel_neg schannel_neg
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 type1: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0004 type2: 00000003
[2007/12/13 14:43:19, 6] lib/util.c:dump_data(2264)
  [000] 44 41 54 41 53 59 53 54  45 4D 45                 DATASYST EME
[2007/12/13 14:43:19, 6] lib/util.c:dump_data(2264)
  [000] 55 50 55 41 55 54                                 UPUAUT 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 006b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 001b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000009
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_rb 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0018 num_contexts: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      001c context_id  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      001e num_transfer_syntaxes: 01
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001f smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 data   : 12345678
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0024 data   : 1234
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0026 data   : abcd
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0028 data   : ef 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              002a data   : 01 23 45 67 cf fb 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0030 version: 00000001
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000034 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000034 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0034 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0038 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              003a data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003c data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003e data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0044 version: 00000002
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000048 smb_io_rpc_hdr_auth hdr_auth
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0048 auth_type    : 44
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0049 auth_level   : 06
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      004a auth_pad_len : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      004b auth_reserved: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      004c auth_context_id: 00000001
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc000
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=189
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=9
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  107 (0x6B)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 0B 03 10 00 00 00 6B  00 1B 00 09 00 00 00 B8  .......k ........
  [020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
  [030] 56 34 12 34 12 CD AB EF  00 01 23 45 67 CF FB 01  V4.4.... ..#Eg...
  [040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
  [050] 10 48 60 02 00 00 00 44  06 00 00 01 00 00 00 00  .H`....D ........
  [060] 00 00 00 03 00 00 00 44  41 54 41 53 59 53 54 45  .......D ATASYSTE
  [070] 4D 45 00 55 50 55 41 55  54 00                    ME.UPUAU T.
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 14
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] C7 DE 2F 19 07 4D 96 B3                           ../..M.. 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 15 mid = 9
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,193)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,193) wrote 193
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 144
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=144
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=9
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   88 (0x58)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   88 (0x58)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 58 00 0C 00 09 00 00  ........ .X......
  [010] 00 B8 10 B8 10 EA 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00 44 06 00  00 01 00 00 00 01 00 00  `....D.. ........
  [050] 00 00 00 00 00 00 00 01  23                       ........ #
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 15 mid = 9
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 15
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 15: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 16 61 FF 1D E9 1B 10 36                           .a.....6 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=144
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=9
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   88 (0x58)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   88 (0x58)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 58 00 0C 00 09 00 00  ........ .X......
  [010] 00 B8 10 B8 10 EA 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00 44 06 00  00 01 00 00 00 01 00 00  `....D.. ........
  [050] 00 00 00 00 00 00 00 01  23                       ........ #
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 15 mid = 9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0058
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000009
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 88 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \NETLOGON fnum 0xc000 returned 88 bytes.
[2007/12/13 14:43:19, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine ad1.domain pipe \NETLOGON fnum 0xc000 bind request returned ok.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0058
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000009
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_ba 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 000068ea
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000018 smb_io_rpc_addr_str 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0018 len: 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          001a str: \PIPE\lsass.
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000026 smb_io_rpc_results 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
          0028 num_results: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002c result     : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002e reason     : 0000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000030 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000030 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0030 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0034 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0036 data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0038 data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003a data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0040 version: 00000002
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:check_bind_response(1701)
  check_bind_response: accepted!
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2543)
  cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ad1.domain for domain DOMAIN and bound using schannel.
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 16
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 03 AD 3F 23 88 4B 93 2C                           ..?#.K., 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 17 mid = 10
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,45)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,45) wrote 45
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 35
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=35
  smb_com=0x4
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=10
  smt_wct=0
  smb_bcc=0
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 17 mid = 10
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 17
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 17: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 11 74 0E FE FA 45 92 1C                           .t...E.. 
[2007/12/13 14:43:19, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395)
  cli_rpc_pipe_close: closed pipe \NETLOGON to machine ad1.domain
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 18
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] E9 27 34 10 AF B2 BC 58                           .'4....X 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 19 mid = 11
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,104)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,104) wrote 104
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 103
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=103
  smb_com=0xa2
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=11
  smt_wct=34
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  103 (0x67)
  smb_vwv[ 2]= 1536 (0x600)
  smb_vwv[ 3]=  448 (0x1C0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 19 mid = 11
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 19
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 19: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] DD 16 ED 0A 08 F0 BE 71                           .......q 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044)
  Bind RPC Pipe[c006]: \lsarpc auth_type 2, auth_level 6
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647)
  Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AB  xW4.4... ...#Eg..
  [010] 00 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650)
  Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
  [010] 02 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_auth_schannel_neg schannel_neg
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 type1: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0004 type2: 00000003
[2007/12/13 14:43:19, 6] lib/util.c:dump_data(2264)
  [000] 44 41 54 41 53 59 53 54  45 4D 45                 DATASYST EME
[2007/12/13 14:43:19, 6] lib/util.c:dump_data(2264)
  [000] 55 50 55 41 55 54                                 UPUAUT 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 006b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 001b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000a
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_rb 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0018 num_contexts: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      001c context_id  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      001e num_transfer_syntaxes: 01
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001f smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 data   : 12345778
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0024 data   : 1234
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0026 data   : abcd
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0028 data   : ef 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              002a data   : 01 23 45 67 89 ab 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0030 version: 00000000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000034 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000034 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0034 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0038 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              003a data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003c data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003e data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0044 version: 00000002
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000048 smb_io_rpc_hdr_auth hdr_auth
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0048 auth_type    : 44
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0049 auth_level   : 06
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      004a auth_pad_len : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      004b auth_reserved: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      004c auth_context_id: 00000001
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc006
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=189
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=12
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  107 (0x6B)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 0B 03 10 00 00 00 6B  00 1B 00 0A 00 00 00 B8  .......k ........
  [020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
  [030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AB 00  W4.4.... ..#Eg...
  [040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
  [050] 10 48 60 02 00 00 00 44  06 00 00 01 00 00 00 00  .H`....D ........
  [060] 00 00 00 03 00 00 00 44  41 54 41 53 59 53 54 45  .......D ATASYSTE
  [070] 4D 45 00 55 50 55 41 55  54 00                    ME.UPUAU T.
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 20
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 78 05 C8 D8 E0 04 06 1C                           x....... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 21 mid = 12
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,193)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,193) wrote 193
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 144
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=144
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=12
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   88 (0x58)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   88 (0x58)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 58 00 0C 00 0A 00 00  ........ .X......
  [010] 00 B8 10 B8 10 EB 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 CD  AB 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00 44 06 00  00 01 00 00 00 01 00 00  `....D.. ........
  [050] 00 00 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 21 mid = 12
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 21
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 21: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 2E 64 B1 3D 8A 60 45 86                           .d.=.`E. 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=144
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=12
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   88 (0x58)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   88 (0x58)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 58 00 0C 00 0A 00 00  ........ .X......
  [010] 00 B8 10 B8 10 EB 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 CD  AB 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00 44 06 00  00 01 00 00 00 01 00 00  `....D.. ........
  [050] 00 00 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 21 mid = 12
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0058
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000a
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 88 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc006 returned 88 bytes.
[2007/12/13 14:43:19, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine ad1.domain pipe \lsarpc fnum 0xc006 bind request returned ok.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0058
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000a
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_ba 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 000068eb
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000018 smb_io_rpc_addr_str 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0018 len: 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          001a str: \PIPE\lsass.
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000026 smb_io_rpc_results 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
          0028 num_results: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002c result     : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002e reason     : 0000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000030 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000030 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0030 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0034 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0036 data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0038 data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003a data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0040 version: 00000002
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:check_bind_response(1701)
  check_bind_response: accepted!
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2543)
  cli_rpc_pipe_open_schannel_with_key: opened pipe \lsarpc to machine ad1.domain for domain DOMAIN and bound using schannel.
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cm.c:cm_connect_lsa(1908)
  cm_connect_lsa: connected to LSA pipe for domain DOMAIN using schannel.
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185)
  init_lsa_sec_qos
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304)
  init_open_pol: attr:0 da:33554432
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236)
  init_lsa_obj_attr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_open_pol 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr       : 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0004 system_name: 005c
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000008 lsa_io_obj_attr 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 len         : 00000018
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c ptr_root_dir: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 ptr_obj_name: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 attributes  : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0018 ptr_sec_desc: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c ptr_sec_qos : 00000001
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 lsa_io_obj_qos sec_qos
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 len           : 0000000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0024 sec_imp_level : 0002
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
              0026 sec_ctxt_mode : 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
              0027 effective_only: 00
[2007/12/13 14:43:19, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0028 des_access: 02000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0070
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0020
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 0000002c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 0006
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000048 smb_io_rpc_hdr_auth hdr_auth
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0048 auth_type    : 44
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0049 auth_level   : 06
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      004a auth_pad_len : 04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      004b auth_reserved: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      004c auth_context_id: 00000001
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1357)
  add_schannel_auth_footer: SCHANNEL seq_num=0
[2007/12/13 14:43:19, 10] rpc_parse/parse_prs.c:schannel_encode(1656)
  SCHANNEL: schannel_encode seq_num=0 data_len=48
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000050 smb_io_rpc_auth_schannel_chk 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0050 sig  : 77 00 7a 00 ff ff 00 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0058 seq_num: 60 a5 07 1d 89 92 fc d9 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0060 packet_digest: d5 12 30 81 dc 90 e9 d4 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0068 confounder: 27 d1 1b 0c a4 a0 b8 d2 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc006
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=194
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=13
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  112 (0x70)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 70  00 20 00 0B 00 00 00 2C  .......p . .....,
  [020] 00 00 00 00 00 06 00 AD  7F 0A 0A 84 3F 7F 95 21  ........ ....?..!
  [030] 4B 36 89 14 95 DE A7 40  85 4C 75 D2 3F 21 52 52  K6.....@ .Lu.?!RR
  [040] 70 24 15 30 A1 5C 12 57  9C F5 27 92 7A 3C B3 C1  p$.0.\.W ..'.z<..
  [050] A9 79 B1 14 C7 29 C2 44  06 04 00 01 00 00 00 77  .y...).D .......w
  [060] 00 7A 00 FF FF 00 00 60  A5 07 1D 89 92 FC D9 D5  .z.....` ........
  [070] 12 30 81 DC 90 E9 D4 27  D1 1B 0C A4 A0 B8 D2     .0.....' .......
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 22
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 35 A2 43 D1 C0 86 6A A6                           5.C...j. 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 23 mid = 13
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,198)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,198) wrote 198
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 152
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=152
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=13
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   96 (0x60)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   96 (0x60)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 60 00 20 00 0B 00 00  ........ .`. ....
  [010] 00 18 00 00 00 00 00 00  00 90 CC 5B B8 CF 4F F9  ........ ...[..O.
  [020] 12 94 FE 7A AD 88 C7 F5  44 C5 27 B2 BD 22 F4 A1  ...z.... D.'.."..
  [030] 41 3B A9 80 99 68 D3 EB  A8 44 06 08 00 01 00 00  A;...h.. .D......
  [040] 00 77 00 7A 00 FF FF 00  00 AA 11 B8 2B F2 C7 CB  .w.z.... ....+...
  [050] 28 83 F4 4A 18 7B 21 87  02 97 91 A7 E9 B5 DB B3  (..J.{!. ........
  [060] 45                                                E 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 23 mid = 13
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 23
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 23: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] E7 60 74 E2 49 3F 73 B7                           .`t.I?s. 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=152
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=13
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   96 (0x60)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   96 (0x60)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 60 00 20 00 0B 00 00  ........ .`. ....
  [010] 00 18 00 00 00 00 00 00  00 90 CC 5B B8 CF 4F F9  ........ ...[..O.
  [020] 12 94 FE 7A AD 88 C7 F5  44 C5 27 B2 BD 22 F4 A1  ...z.... D.'.."..
  [030] 41 3B A9 80 99 68 D3 EB  A8 44 06 08 00 01 00 00  A;...h.. .D......
  [040] 00 77 00 7A 00 FF FF 00  00 AA 11 B8 2B F2 C7 CB  .w.z.... ....+...
  [050] 28 83 F4 4A 18 7B 21 87  02 97 91 A7 E9 B5 DB B3  (..J.{!. ........
  [060] 45                                                E 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 23 mid = 13
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0060
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0020
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000018
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000038 smb_io_rpc_hdr_auth hdr_auth
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0038 auth_type    : 44
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0039 auth_level   : 06
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      003a auth_pad_len : 08
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      003b auth_reserved: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      003c auth_context_id: 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000040 smb_io_rpc_auth_schannel_chk 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0040 sig  : 77 00 7a 00 ff ff 00 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0048 seq_num: aa 11 b8 2b f2 c7 cb 28 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0050 packet_digest: 83 f4 4a 18 7b 21 87 02 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
      0058 confounder: 97 91 a7 e9 b5 db b3 45 
[2007/12/13 14:43:19, 10] rpc_parse/parse_prs.c:schannel_decode(1733)
  SCHANNEL: schannel_decode seq_num=1 data_len=32
[2007/12/13 14:43:19, 10] rpc_parse/parse_prs.c:schannel_decode(1753)
  SCHANNEL: schannel_decode seq_num=1 data_len=32
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 96, data_len 24, ss_len 8
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 96 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc006 returned 48 bytes.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_open_pol 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : 00 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 00 00 00 00 00 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      0014 status: NT code 0xc0020041
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cm.c:cm_connect_lsa(1918)
  cm_connect_lsa: rpccli_lsa_open_policy failed, trying anonymous
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 24
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 95 1E 9D B8 67 A1 DF C4                           ....g... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 25 mid = 14
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,45)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,45) wrote 45
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 35
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=35
  smb_com=0x4
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=14
  smt_wct=0
  smb_bcc=0
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 25 mid = 14
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 25
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 25: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 30 89 4D A6 BB BF 27 6D                           0.M...'m 
[2007/12/13 14:43:19, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395)
  cli_rpc_pipe_close: closed pipe \lsarpc to machine ad1.domain
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 26
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 65 3B 78 12 1E C3 84 FE                           e;x..... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 27 mid = 15
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,104)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,104) wrote 104
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 103
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=103
  smb_com=0xa2
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=15
  smt_wct=34
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  103 (0x67)
  smb_vwv[ 2]=  512 (0x200)
  smb_vwv[ 3]=  448 (0x1C0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 27 mid = 15
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 27
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 27: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 8F 41 1A 5A ED B9 72 82                           .A.Z..r. 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044)
  Bind RPC Pipe[c002]: \lsarpc auth_type 0, auth_level 0
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647)
  Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AB  xW4.4... ...#Eg..
  [010] 00 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650)
  Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
  [010] 02 00 00 00                                       .... 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0048
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_rb 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0018 num_contexts: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      001c context_id  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      001e num_transfer_syntaxes: 01
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001f smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 data   : 12345778
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0024 data   : 1234
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0026 data   : abcd
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0028 data   : ef 00 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              002a data   : 01 23 45 67 89 ab 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0030 version: 00000000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000034 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000034 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0034 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0038 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              003a data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003c data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003e data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0044 version: 00000002
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=154
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=16
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   72 (0x48)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 0B 03 10 00 00 00 48  00 00 00 0C 00 00 00 B8  .......H ........
  [020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
  [030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AB 00  W4.4.... ..#Eg...
  [040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
  [050] 10 48 60 02 00 00 00                              .H`.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 28
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] E1 0F 27 A5 39 92 83 14                           ..'.9... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 29 mid = 16
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,158)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,158) wrote 158
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 124
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=124
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=16
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   68 (0x44)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 0C 00 00  ........ .D......
  [010] 00 B8 10 B8 10 EC 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 F5  44 01 00 00 00 00 00 00  \lsass.. D.......
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00                                    `.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 29 mid = 16
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 29
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 29: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] F5 2D 4D D3 5E A1 56 02                           .-M.^.V. 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=124
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=16
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   68 (0x44)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 0C 00 00  ........ .D......
  [010] 00 B8 10 B8 10 EC 68 00  00 0C 00 5C 50 49 50 45  ......h. ...\PIPE
  [020] 5C 6C 73 61 73 73 00 F5  44 01 00 00 00 00 00 00  \lsass.. D.......
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00                                    `.... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 29 mid = 16
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0044
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000c
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 68 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 returned 68 bytes.
[2007/12/13 14:43:19, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 bind request returned ok.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 0c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0044
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_ba 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000010 smb_io_rpc_hdr_bba 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0010 max_tsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0012 max_rsize: 10b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 assoc_gid: 000068ec
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000018 smb_io_rpc_addr_str 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          0018 len: 000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
          001a str: \PIPE\lsass.
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000026 smb_io_rpc_results 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
          0028 num_results: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002c result     : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          002e reason     : 0000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000030 smb_io_rpc_iface 
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000030 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0030 data   : 8a885d04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0034 data   : 1ceb
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0036 data   : 11c9
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              0038 data   : 9f e8 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              003a data   : 08 00 2b 10 48 60 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0040 version: 00000002
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:check_bind_response(1701)
  check_bind_response: accepted!
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277)
  cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine ad1.domain and bound anonymously.
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185)
  init_lsa_sec_qos
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304)
  init_open_pol: attr:0 da:33554432
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236)
  init_lsa_obj_attr
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_open_pol 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr       : 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0004 system_name: 005c
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000008 lsa_io_obj_attr 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 len         : 00000018
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c ptr_root_dir: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 ptr_obj_name: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0014 attributes  : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0018 ptr_sec_desc: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c ptr_sec_qos : 00000001
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 lsa_io_obj_qos sec_qos
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 len           : 0000000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0024 sec_imp_level : 0002
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
              0026 sec_ctxt_mode : 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
              0027 effective_only: 00
[2007/12/13 14:43:19, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0028 des_access: 02000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0044
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000d
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 0000002c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 0006
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=150
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=17
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 44  00 00 00 0D 00 00 00 2C  .......D .......,
  [020] 00 00 00 00 00 06 00 01  00 00 00 5C 00 00 00 18  ........ ...\....
  [030] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [040] 00 00 00 01 00 00 00 0C  00 00 00 02 00 01 00 00  ........ ........
  [050] 00 00 02                                          ... 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 30
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] E7 88 70 65 B4 27 76 0A                           ..pe.'v. 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 31 mid = 17
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,154)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,154) wrote 154
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 104
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=104
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=17
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   48 (0x30)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   48 (0x30)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 0D 00 00  ........ .0......
  [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 B8 11 FA  ........ ........
  [020] 31 A5 D2 D3 40 B0 0C 87  BD 33 41 49 BC 00 00 00  1... at ... .3AI....
  [030] 00                                                . 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 31 mid = 17
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 31
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 31: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 1A B3 90 91 98 64 76 0A                           .....dv. 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=104
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=17
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   48 (0x30)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   48 (0x30)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 0D 00 00  ........ .0......
  [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 B8 11 FA  ........ ........
  [020] 31 A5 D2 D3 40 B0 0C 87  BD 33 41 49 BC 00 00 00  1... at ... .3AI....
  [030] 00                                                . 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 31 mid = 17
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0030
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000d
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000018
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 48 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 returned 48 bytes.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_open_pol 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : 31fa11b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : d2a5
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 40d3
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : b0 0c 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 87 bd 33 41 49 bc 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      0014 status: NT_STATUS_OK
[2007/12/13 14:43:19, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1574)
  init_q_lookup_names
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_lookup_names 
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : 31fa11b8
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : d2a5
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 40d3
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : b0 0c 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 87 bd 33 41 49 bc 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0014 num_entries    : 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0018 num_entries2   : 00000001
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001c smb_io_unihdr hdr_name
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001c uni_str_len: 0028
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001e uni_max_len: 0028
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0020 buffer     : 00000001
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000024 smb_io_unistr2 dom_name
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0024 uni_max_len: 00000014
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0028 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          002c uni_str_len: 00000014
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0030 buffer     : D.O.M.A.I.N.\.i.n.e.t.u.s.e.r.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0058 num_trans_entries : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      005c ptr_trans_sids : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0060 lookup_level   : 0001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 mapped_count   : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0080
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000e
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000068
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000e
[2007/12/13 14:43:19, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=210
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=18
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  128 (0x80)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 80  00 00 00 0E 00 00 00 68  ........ .......h
  [020] 00 00 00 00 00 0E 00 00  00 00 00 B8 11 FA 31 A5  ........ ......1.
  [030] D2 D3 40 B0 0C 87 BD 33  41 49 BC 01 00 00 00 01  .. at ....3 AI......
  [040] 00 00 00 28 00 28 00 01  00 00 00 14 00 00 00 00  ...(.(.. ........
  [050] 00 00 00 14 00 00 00 44  00 41 00 54 00 41 00 53  .......D .A.T.A.S
  [060] 00 59 00 53 00 54 00 45  00 4D 00 45 00 5C 00 69  .Y.S.T.E .M.E.\.i
  [070] 00 6E 00 65 00 74 00 75  00 73 00 65 00 72 00 00  .n.e.t.u .s.e.r..
  [080] 00 00 00 00 00 00 00 01  00 00 00 00 00 00 00     ........ .......
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 32
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 9A 4A A5 B0 8D 28 9C E3                           .J...(.. 
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 33 mid = 18
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,214)
[2007/12/13 14:43:19, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,214) wrote 214
[2007/12/13 14:43:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 208
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=18
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 0E 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 A7 E9 04 00 00  .S.T.E.M .E......
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 33 mid = 18
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 33
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 33: got good SMB signature of
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] BE 3E 7B 9C C5 C0 E5 04                           .>{..... 
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(484)
[2007/12/13 14:43:19, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=18
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:43:19, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 0E 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 A7 E9 04 00 00  .S.T.E.M .E......
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:43:19, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 33 mid = 18
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0098
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000e
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000080
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 152, data_len 128, ss_len 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 152 at offset 0
[2007/12/13 14:43:19, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 returned 256 bytes.
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_names 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00020000
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_dom_r_ref 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 num_ref_doms_1: 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 ptr_ref_dom   : 00020004
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c max_entries   : 00000020
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 num_ref_doms_2: 00000001
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000014 smb_io_unihdr dom_ref[0] 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0014 uni_str_len: 0016
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0016 uni_max_len: 0018
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0018 buffer     : 00020008
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c sid_ptr[0] : 0002000c
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_unistr2 dom_ref[0] 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 uni_max_len: 0000000c
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0024 offset     : 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0028 uni_str_len: 0000000b
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              002c buffer     : D.O.M.A.I.N.
[2007/12/13 14:43:19, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000044 smb_io_dom_sid2 sid_ptr[0] 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 num_auths: 00000004
[2007/12/13 14:43:19, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000048 smb_io_dom_sid sid
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0048 sid_rev_num: 01
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0049 num_auths  : 04
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004a id_auth[0] : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004b id_auth[1] : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004c id_auth[2] : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004d id_auth[3] : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004e id_auth[4] : 00
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004f id_auth[5] : 05
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32s(997)
                  0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0060 num_entries: 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 ptr_entries: 00020010
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0068 num_entries2: 00000001
[2007/12/13 14:43:19, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00006c smb_io_dom_rid 
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          006c type   : 0002
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0070 rid    : 000004d7
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0074 rid_idx: 00000000
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0078 mapped_count: 00000001
[2007/12/13 14:43:19, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      007c status      : NT_STATUS_OK
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(399)
  fetch_cache_seqnum: timeout [DOMAIN][3134095 @ 1197553303]
[2007/12/13 14:43:19, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
  ads: fetch sequence_number for DOMAIN
[2007/12/13 14:43:19, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:43:19, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 25481 seconds (at 1197578880, time is now 1197553399)
[2007/12/13 14:43:19, 3] libads/ldap.c:ads_do_paged_search_args(696)
  ads_do_paged_search_args: ldap_search_with_timeout((objectclass=*)) -> Can't contact LDAP server
[2007/12/13 14:43:19, 3] libads/ldap_utils.c:ads_do_search_retry_internal(76)
  Reopening ads connection to realm 'DOMAIN' after error Can't contact LDAP server
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOMAIN, value = Kaltenkirchen, timeout = Tue Jan 19 04:14:07 2038
[2007/12/13 14:43:19, 5] libads/dns.c:sitename_fetch(677)
  sitename_fetch: Returning sitename for domain: "Kaltenkirchen"
[2007/12/13 14:43:19, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for realm 'domain'
[2007/12/13 14:43:19, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
  get_sorted_dc_list: attempting lookup for name domain (sitename Kaltenkirchen) using [ads]
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = SAF/DOMAIN/DOMAIN, value = ad1.domain, timeout = Thu Dec 13 14:58:19 2007
[2007/12/13 14:43:19, 5] libsmb/namequery.c:saf_fetch(136)
  saf_fetch: Returning "ad1.domain" for "domain" domain
[2007/12/13 14:43:19, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "ad1.domain, *"
[2007/12/13 14:43:19, 10] libsmb/namequery.c:internal_resolve_name(1166)
  internal_resolve_name: looking up domain#1c (sitename Kaltenkirchen)
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_get(226)
  Returning expired cache entry: key = NBT/DOMAIN#1C, value = 192.168.XX.10:389,192.168.XX.4:389, timeout = Thu Dec 13 11:59:00 2007
[2007/12/13 14:43:19, 5] libsmb/namecache.c:namecache_fetch(210)
  no entry for domain#1C found.
[2007/12/13 14:43:19, 5] libsmb/namequery.c:resolve_ads(1066)
  resolve_ads: Attempting to resolve DC's for domain using DNS
[2007/12/13 14:43:19, 4] libads/dns.c:ads_dns_lookup_srv(356)
  ads_dns_lookup_srv: 2 records returned in the answer section.
[2007/12/13 14:43:19, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/12/13 14:43:19, 5] libsmb/namecache.c:namecache_store(135)
  namecache_store: storing 2 addresses for domain#1c: 192.168.XX.10:389,192.168.XX.4:389
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = NBT/DOMAIN#1C; value = 192.168.XX.10:389,192.168.XX.4:389 and timeout = Thu Dec 13 14:54:19 2007
   (660 seconds ahead)
[2007/12/13 14:43:19, 10] libsmb/namequery.c:internal_resolve_name(1293)
  internal_resolve_name: returning 2 addresses: 192.168.XX.10:389 192.168.XX.4:389 
[2007/12/13 14:43:19, 8] libsmb/namequery.c:get_dc_list(1505)
  Adding 2 DC's from auto lookup
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOMAIN, value = Kaltenkirchen, timeout = Tue Jan 19 04:14:07 2038
[2007/12/13 14:43:19, 5] libads/dns.c:sitename_fetch(677)
  sitename_fetch: Returning sitename for DOMAIN: "Kaltenkirchen"
[2007/12/13 14:43:19, 10] libsmb/namequery.c:internal_resolve_name(1166)
  internal_resolve_name: looking up ad1.domain#20 (sitename Kaltenkirchen)
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = NBT/DJHUTI.DOMAIN#20, value = 192.168.XX.4:0, timeout = Thu Dec 13 14:54:19 2007
[2007/12/13 14:43:19, 5] libsmb/namecache.c:namecache_fetch(214)
  name ad1.domain#20 found.
[2007/12/13 14:43:19, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/12/13 14:43:19, 4] libsmb/namequery.c:get_dc_list(1599)
  get_dc_list: returning 2 ip addresses in an ordered list
[2007/12/13 14:43:19, 4] libsmb/namequery.c:get_dc_list(1600)
  get_dc_list: 192.168.XX.4:389 192.168.XX.10:389 
[2007/12/13 14:43:19, 5] libads/ldap.c:ads_try_connect(180)
  ads_try_connect: sending CLDAP request to 192.168.XX.4 (realm: domain)
[2007/12/13 14:43:19, 10] libads/dns.c:sitename_store(638)
  sitename_store: realm = [DOMAIN], sitename = [Kaltenkirchen], expire = [2147483647]
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = AD_SITENAME/DOMAIN/DOMAIN; value = Kaltenkirchen and timeout = Tue Jan 19 04:14:07 2038
   (949930248 seconds ahead)
[2007/12/13 14:43:19, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 192.168.XX.4
[2007/12/13 14:43:19, 10] libads/ldap.c:ads_closest_dc(149)
  ads_closest_dc: ADS_CLOSEST flag set
[2007/12/13 14:43:19, 10] libsmb/namequery.c:saf_store(74)
  saf_store: domain = [domain], server = [192.168.XX.4], expire = [1197554299]
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/DOMAIN; value = 192.168.XX.4 and timeout = Thu Dec 13 14:58:19 2007
   (900 seconds ahead)
[2007/12/13 14:43:19, 10] libsmb/namequery.c:saf_store(74)
  saf_store: domain = [domain], server = [192.168.XX.4], expire = [1197554299]
[2007/12/13 14:43:19, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/DOMAIN; value = 192.168.XX.4 and timeout = Thu Dec 13 14:58:19 2007
   (900 seconds ahead)
[2007/12/13 14:43:19, 4] libads/ldap.c:ads_current_time(2414)
  time offset is 0 seconds
[2007/12/13 14:43:19, 4] libads/sasl.c:ads_sasl_bind(521)
  Found SASL mechanism GSS-SPNEGO
[2007/12/13 14:43:19, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/12/13 14:43:19, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/12/13 14:43:19, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/12/13 14:43:19, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/12/13 14:43:19, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = ad1$@DOMAIN
[2007/12/13 14:43:19, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 14 Dec 2007 00:43:19 CET
[2007/12/13 14:43:19, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
  ads_krb5_mk_req: Ticket (ad1$@DOMAIN) in ccache (MEMORY:cliconnect) is valid until: (Fri, 14 Dec 2007 00:43:19 CET - 1197589399)
[2007/12/13 14:43:19, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
  Got KRB5 session key of length 16
[2007/12/13 14:43:19, 5] libads/ldap_utils.c:ads_do_search_retry_internal(106)
  Search for filter: (objectclass=*), base:  gave 1 replies
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(435)
  store_cache_seqnum: success [DOMAIN][3134100 @ 1197553399]
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134100
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(819)
  wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(842)
  wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1239 -> inetuser
[2007/12/13 14:43:19, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1239]
[2007/12/13 14:43:19, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning expired cache entry: key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239, value = IDMAP/GID/3049, timeout = Wed Dec 12 19:12:26 2007
[2007/12/13 14:43:19, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1115)
  Query backends to map sids->ids
[2007/12/13 14:43:19, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1140)
  SID S-1-5-21-573177630-792016305-1830848205-1239 is being handled by DOMAIN
[2007/12/13 14:43:19, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1161)
  Query ids from domain DOMAIN
[2007/12/13 14:43:19, 10] nsswitch/idmap_tdb.c:idmap_tdb_sid_to_id(750)
  Fetching record S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:43:19, 10] nsswitch/idmap_tdb.c:idmap_tdb_sid_to_id(770)
  Found gid record S-1-5-21-573177630-792016305-1830848205-1239 -> GID 3049 
[2007/12/13 14:43:19, 10] nsswitch/idmap_cache.c:idmap_cache_set(151)
  Adding cache entry with key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239; value =   1197554299/IDMAP/GID/3049 and timeout = Thu Dec 13 14:58:19 2007
   (900 seconds ahead)
[2007/12/13 14:43:19, 10] nsswitch/idmap_cache.c:idmap_cache_set(176)
  Adding cache entry with key = IDMAP/GID/3049; value =   1197554299/IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239 and timeout = Thu Dec 13 14:58:19 2007
   (900 seconds ahead)
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(222)
  group SID S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1891)
  lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN
[2007/12/13 14:43:19, 10] nsswitch/winbindd_ads.c:lookup_groupmem(861)
  ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:43:19, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:43:19, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 25481 seconds (at 1197578880, time is now 1197553399)
[2007/12/13 14:43:19, 10] nsswitch/winbindd_ads.c:lookup_groupmem(901)
  Searching for attrs[0] = member, attrs[1] = usnChanged
[2007/12/13 14:43:19, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\D7\04\00\00) in <dc=DOMAIN> gave 1 replies
[2007/12/13 14:43:19, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:43:19, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Karen Marienhagen,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:43:19, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:43:19, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Anja Babst,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:43:19, 3] nsswitch/winbindd_ads.c:lookup_groupmem(995)
  ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: DOMAIN time ok
[2007/12/13 14:43:19, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134100
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(369)
  looked up 2 names
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	               karen S-1-5-21-573177630-792016305-1830848205-1127 1
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                  ab S-1-5-21-573177630-792016305-1830848205-1125 1
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 6 = 6
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 3 = 9
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending karen at ndx 0
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending ab at ndx 6
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(443)
  num_mem = 2, len = 9, mem = karen,ab
[2007/12/13 14:43:19, 10] nsswitch/winbindd_group.c:fill_grent_mem(450)
  fill_grent_mem returning 1



3) Add "guru" to group "inetuser" on ADS


4) # wbinfo -r guru
3050
3018
3011
3019
3009
3026
3025
3021
3024


[2007/12/13 14:50:25, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:50:25, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:50:25, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 6082]: request interface version
[2007/12/13 14:50:25, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:50:25, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 6082]: request location of privileged pipe
[2007/12/13 14:50:25, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:50:25, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGROUPS
[2007/12/13 14:50:25, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
  [ 6082]: getgroups guru
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839c5a0
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839c5a0 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839c5a0
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839c5a0 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=269
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399670
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399670 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=181
[2007/12/13 14:50:25, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1379)
  Expanding our own local groups
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3632
[2007/12/13 14:50:25, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:50:25, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1389)
  Expanding our own BUILTIN groups
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3633
[2007/12/13 14:50:25, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1240 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1158 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-512 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1159 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-519 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1202 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1199 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1170 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399a90
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399a90 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:50:25, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1198 to a gid
[2007/12/13 14:50:25, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839fb78
[2007/12/13 14:50:25, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:50:25, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839fb78 "async_request_timeout"
[2007/12/13 14:50:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634


5) # getent group inetuser
inetuser:x:3049:karen,ab,guru

[2007/12/13 14:51:24, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:51:24, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839f7a8
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999975
[2007/12/13 14:51:24, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:51:24, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 6090]: request interface version
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999902
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999860
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999833
[2007/12/13 14:51:24, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:51:24, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 6090]: request location of privileged pipe
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999753
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999715
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999653
[2007/12/13 14:51:24, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999601
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999571
[2007/12/13 14:51:24, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGRNAM
[2007/12/13 14:51:24, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(475)
  [ 6090]: getgrnam inetuser
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:name_to_sid(1388)
  name_to_sid: [Cached] - doing backend query for name for domain DOMAIN
[2007/12/13 14:51:24, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(256)
  rpc: name_to_sid name=DOMAIN\inetuser
[2007/12/13 14:51:24, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(266)
  name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN
[2007/12/13 14:51:24, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1574)
  init_q_lookup_names
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_lookup_names 
[2007/12/13 14:51:24, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/13 14:51:24, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : 31fa11b8
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : d2a5
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 40d3
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : b0 0c 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 87 bd 33 41 49 bc 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0014 num_entries    : 00000001
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0018 num_entries2   : 00000001
[2007/12/13 14:51:24, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001c smb_io_unihdr hdr_name
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001c uni_str_len: 0028
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001e uni_max_len: 0028
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0020 buffer     : 00000001
[2007/12/13 14:51:24, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000024 smb_io_unistr2 dom_name
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0024 uni_max_len: 00000014
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0028 offset     : 00000000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          002c uni_str_len: 00000014
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0030 buffer     : D.O.M.A.I.N.\.i.n.e.t.u.s.e.r.
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0058 num_trans_entries : 00000000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      005c ptr_trans_sids : 00000000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0060 lookup_level   : 0001
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 mapped_count   : 00000000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0080
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000f
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000068
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000e
[2007/12/13 14:51:24, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002
[2007/12/13 14:51:24, 5] lib/util.c:show_msg(484)
[2007/12/13 14:51:24, 5] lib/util.c:show_msg(494)
  size=210
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=19
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  128 (0x80)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:51:24, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 80  00 00 00 0F 00 00 00 68  ........ .......h
  [020] 00 00 00 00 00 0E 00 00  00 00 00 B8 11 FA 31 A5  ........ ......1.
  [030] D2 D3 40 B0 0C 87 BD 33  41 49 BC 01 00 00 00 01  .. at ....3 AI......
  [040] 00 00 00 28 00 28 00 01  00 00 00 14 00 00 00 00  ...(.(.. ........
  [050] 00 00 00 14 00 00 00 44  00 41 00 54 00 41 00 53  .......D .A.T.A.S
  [060] 00 59 00 53 00 54 00 45  00 4D 00 45 00 5C 00 69  .Y.S.T.E .M.E.\.i
  [070] 00 6E 00 65 00 74 00 75  00 73 00 65 00 72 00 00  .n.e.t.u .s.e.r..
  [080] 00 00 00 00 00 00 00 01  00 00 00 00 00 00 00     ........ .......
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 34
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:51:24, 10] lib/util.c:dump_data(2264)
  [000] F4 03 30 57 E0 64 DB 5C                           ..0W.d.\ 
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 35 mid = 19
[2007/12/13 14:51:24, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,214)
[2007/12/13 14:51:24, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,214) wrote 214
[2007/12/13 14:51:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 208
[2007/12/13 14:51:24, 5] lib/util.c:show_msg(484)
[2007/12/13 14:51:24, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=19
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:51:24, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 0F 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 EB 24 04 00 00  .S.T.E.M .E..$...
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 35 mid = 19
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 35
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 35: got good SMB signature of
[2007/12/13 14:51:24, 10] lib/util.c:dump_data(2264)
  [000] 86 D3 83 4F 3E C2 67 29                           ...O>.g) 
[2007/12/13 14:51:24, 5] lib/util.c:show_msg(484)
[2007/12/13 14:51:24, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=19
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:51:24, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 0F 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 EB 24 04 00 00  .S.T.E.M .E..$...
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:51:24, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 35 mid = 19
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0098
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 0000000f
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000080
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:51:24, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 152, data_len 128, ss_len 0
[2007/12/13 14:51:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 152 at offset 0
[2007/12/13 14:51:24, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 returned 256 bytes.
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_names 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00020000
[2007/12/13 14:51:24, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_dom_r_ref 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 num_ref_doms_1: 00000001
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 ptr_ref_dom   : 00020004
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c max_entries   : 00000020
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 num_ref_doms_2: 00000001
[2007/12/13 14:51:24, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000014 smb_io_unihdr dom_ref[0] 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0014 uni_str_len: 0016
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0016 uni_max_len: 0018
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0018 buffer     : 00020008
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c sid_ptr[0] : 0002000c
[2007/12/13 14:51:24, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_unistr2 dom_ref[0] 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 uni_max_len: 0000000c
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0024 offset     : 00000000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0028 uni_str_len: 0000000b
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              002c buffer     : D.O.M.A.I.N.
[2007/12/13 14:51:24, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000044 smb_io_dom_sid2 sid_ptr[0] 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 num_auths: 00000004
[2007/12/13 14:51:24, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000048 smb_io_dom_sid sid
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0048 sid_rev_num: 01
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0049 num_auths  : 04
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004a id_auth[0] : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004b id_auth[1] : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004c id_auth[2] : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004d id_auth[3] : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004e id_auth[4] : 00
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004f id_auth[5] : 05
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32s(997)
                  0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0060 num_entries: 00000001
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 ptr_entries: 00020010
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0068 num_entries2: 00000001
[2007/12/13 14:51:24, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00006c smb_io_dom_rid 
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          006c type   : 0002
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0070 rid    : 000004d7
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0074 rid_idx: 00000000
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0078 mapped_count: 00000001
[2007/12/13 14:51:24, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      007c status      : NT_STATUS_OK
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(405)
  fetch_cache_seqnum: success [DOMAIN][3134141 @ 1197553884]
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134141
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(819)
  wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(842)
  wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1239 -> inetuser
[2007/12/13 14:51:24, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1239]
[2007/12/13 14:51:24, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning valid cache entry: key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239, value = IDMAP/GID/3049, timeout = Thu Dec 13 14:58:19 2007
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(222)
  group SID S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1891)
  lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN
[2007/12/13 14:51:24, 10] nsswitch/winbindd_ads.c:lookup_groupmem(861)
  ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:51:24, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:51:24, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 24996 seconds (at 1197578880, time is now 1197553884)
[2007/12/13 14:51:24, 10] nsswitch/winbindd_ads.c:lookup_groupmem(901)
  Searching for attrs[0] = member, attrs[1] = usnChanged
[2007/12/13 14:51:24, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\D7\04\00\00) in <dc=DOMAIN> gave 1 replies
[2007/12/13 14:51:24, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:51:24, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Karen Marienhagen,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:51:24, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:51:24, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Anja Babst,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:51:24, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:51:24, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Dirk Scheffler,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:51:24, 3] nsswitch/winbindd_ads.c:lookup_groupmem(995)
  ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: DOMAIN time ok
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134141
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(369)
  looked up 3 names
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	               karen S-1-5-21-573177630-792016305-1830848205-1127 1
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                  ab S-1-5-21-573177630-792016305-1830848205-1125 1
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                guru S-1-5-21-573177630-792016305-1830848205-1112 1
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 6 = 6
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 3 = 9
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name guru
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 5 = 14
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending karen at ndx 0
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending ab at ndx 6
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name guru
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending guru at ndx 9
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(443)
  num_mem = 3, len = 14, mem = karen,ab,guru
[2007/12/13 14:51:24, 10] nsswitch/winbindd_group.c:fill_grent_mem(450)
  fill_grent_mem returning 1
[2007/12/13 14:51:24, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/974310
[2007/12/13 14:51:24, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839f7a8 "async_request_timeout"
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:51:24, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=64



Third Example:
---------------
"wbinfo -r" successfully recognises the addition of user "usera" to group
"inetuser"

1) # wbinfo -r usera
3001

[2007/12/13 14:54:58, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:54:58, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:54:58, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 6148]: request interface version
[2007/12/13 14:54:58, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:54:58, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 6148]: request location of privileged pipe
[2007/12/13 14:54:58, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:54:58, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGROUPS
[2007/12/13 14:54:58, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
  [ 6148]: getgroups usera
[2007/12/13 14:54:58, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839f7a8
[2007/12/13 14:54:58, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:54:58, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839f7a8 "async_request_timeout"
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:54:58, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839f7a8
[2007/12/13 14:54:58, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:54:58, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839f7a8 "async_request_timeout"
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=45
[2007/12/13 14:54:58, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399670
[2007/12/13 14:54:58, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:54:58, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399670 "async_request_timeout"
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:54:58, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:54:58, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1379)
  Expanding our own local groups
[2007/12/13 14:54:58, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399670
[2007/12/13 14:54:58, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:54:58, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399670 "async_request_timeout"
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3632
[2007/12/13 14:54:58, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:54:58, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1389)
  Expanding our own BUILTIN groups
[2007/12/13 14:54:58, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399670
[2007/12/13 14:54:58, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:54:58, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399670 "async_request_timeout"
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3633
[2007/12/13 14:54:58, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:54:58, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-513 to a gid
[2007/12/13 14:54:58, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839f628
[2007/12/13 14:54:58, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:54:58, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839f628 "async_request_timeout"
[2007/12/13 14:54:58, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634


2) # getent group inetuser
inetuser:x:3049:karen,ab

[2007/12/13 14:55:38, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:55:38, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:55:38, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 6156]: request interface version
[2007/12/13 14:55:38, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:55:38, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 6156]: request location of privileged pipe
[2007/12/13 14:55:38, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:55:38, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGRNAM
[2007/12/13 14:55:38, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(475)
  [ 6156]: getgrnam inetuser
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:name_to_sid(1388)
  name_to_sid: [Cached] - doing backend query for name for domain DOMAIN
[2007/12/13 14:55:38, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(256)
  rpc: name_to_sid name=DOMAIN\inetuser
[2007/12/13 14:55:38, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(266)
  name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN
[2007/12/13 14:55:38, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1574)
  init_q_lookup_names
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_lookup_names 
[2007/12/13 14:55:38, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/13 14:55:38, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : 31fa11b8
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : d2a5
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 40d3
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : b0 0c 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 87 bd 33 41 49 bc 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0014 num_entries    : 00000001
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0018 num_entries2   : 00000001
[2007/12/13 14:55:38, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001c smb_io_unihdr hdr_name
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001c uni_str_len: 0028
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001e uni_max_len: 0028
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0020 buffer     : 00000001
[2007/12/13 14:55:38, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000024 smb_io_unistr2 dom_name
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0024 uni_max_len: 00000014
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0028 offset     : 00000000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          002c uni_str_len: 00000014
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0030 buffer     : D.O.M.A.I.N.\.i.n.e.t.u.s.e.r.
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0058 num_trans_entries : 00000000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      005c ptr_trans_sids : 00000000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0060 lookup_level   : 0001
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 mapped_count   : 00000000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0080
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000010
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000068
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000e
[2007/12/13 14:55:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002
[2007/12/13 14:55:38, 5] lib/util.c:show_msg(484)
[2007/12/13 14:55:38, 5] lib/util.c:show_msg(494)
  size=210
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=20
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  128 (0x80)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:55:38, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 80  00 00 00 10 00 00 00 68  ........ .......h
  [020] 00 00 00 00 00 0E 00 00  00 00 00 B8 11 FA 31 A5  ........ ......1.
  [030] D2 D3 40 B0 0C 87 BD 33  41 49 BC 01 00 00 00 01  .. at ....3 AI......
  [040] 00 00 00 28 00 28 00 01  00 00 00 14 00 00 00 00  ...(.(.. ........
  [050] 00 00 00 14 00 00 00 44  00 41 00 54 00 41 00 53  .......D .A.T.A.S
  [060] 00 59 00 53 00 54 00 45  00 4D 00 45 00 5C 00 69  .Y.S.T.E .M.E.\.i
  [070] 00 6E 00 65 00 74 00 75  00 73 00 65 00 72 00 00  .n.e.t.u .s.e.r..
  [080] 00 00 00 00 00 00 00 01  00 00 00 00 00 00 00     ........ .......
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 36
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:55:38, 10] lib/util.c:dump_data(2264)
  [000] 60 F4 5A 2F 13 BB 5B 58                           `.Z/..[X 
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 37 mid = 20
[2007/12/13 14:55:38, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,214)
[2007/12/13 14:55:38, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,214) wrote 214
[2007/12/13 14:55:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 208
[2007/12/13 14:55:38, 5] lib/util.c:show_msg(484)
[2007/12/13 14:55:38, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=20
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:55:38, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 10 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 54 00 04 00 00  .S.T.E.M .E.T....
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 37 mid = 20
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 37
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 37: got good SMB signature of
[2007/12/13 14:55:38, 10] lib/util.c:dump_data(2264)
  [000] 3F 1A F0 00 12 77 F8 BA                           ?....w.. 
[2007/12/13 14:55:38, 5] lib/util.c:show_msg(484)
[2007/12/13 14:55:38, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=20
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:55:38, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 10 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 54 00 04 00 00  .S.T.E.M .E.T....
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:55:38, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 37 mid = 20
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0098
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000010
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000080
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:55:38, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 152, data_len 128, ss_len 0
[2007/12/13 14:55:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 152 at offset 0
[2007/12/13 14:55:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 returned 256 bytes.
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_names 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00020000
[2007/12/13 14:55:38, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_dom_r_ref 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 num_ref_doms_1: 00000001
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 ptr_ref_dom   : 00020004
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c max_entries   : 00000020
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 num_ref_doms_2: 00000001
[2007/12/13 14:55:38, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000014 smb_io_unihdr dom_ref[0] 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0014 uni_str_len: 0016
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0016 uni_max_len: 0018
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0018 buffer     : 00020008
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c sid_ptr[0] : 0002000c
[2007/12/13 14:55:38, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_unistr2 dom_ref[0] 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 uni_max_len: 0000000c
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0024 offset     : 00000000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0028 uni_str_len: 0000000b
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              002c buffer     : D.O.M.A.I.N.
[2007/12/13 14:55:38, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000044 smb_io_dom_sid2 sid_ptr[0] 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 num_auths: 00000004
[2007/12/13 14:55:38, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000048 smb_io_dom_sid sid
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0048 sid_rev_num: 01
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0049 num_auths  : 04
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004a id_auth[0] : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004b id_auth[1] : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004c id_auth[2] : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004d id_auth[3] : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004e id_auth[4] : 00
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004f id_auth[5] : 05
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32s(997)
                  0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0060 num_entries: 00000001
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 ptr_entries: 00020010
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0068 num_entries2: 00000001
[2007/12/13 14:55:38, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00006c smb_io_dom_rid 
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          006c type   : 0002
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0070 rid    : 000004d7
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0074 rid_idx: 00000000
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0078 mapped_count: 00000001
[2007/12/13 14:55:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      007c status      : NT_STATUS_OK
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(399)
  fetch_cache_seqnum: timeout [DOMAIN][3134166 @ 1197554098]
[2007/12/13 14:55:38, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
  ads: fetch sequence_number for DOMAIN
[2007/12/13 14:55:38, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:55:38, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 24742 seconds (at 1197578880, time is now 1197554138)
[2007/12/13 14:55:38, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <> gave 1 replies
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(435)
  store_cache_seqnum: success [DOMAIN][3134166 @ 1197554138]
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134166
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(819)
  wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(842)
  wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1239 -> inetuser
[2007/12/13 14:55:38, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1239]
[2007/12/13 14:55:38, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning valid cache entry: key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239, value = IDMAP/GID/3049, timeout = Thu Dec 13 14:58:19 2007
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(222)
  group SID S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1891)
  lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN
[2007/12/13 14:55:38, 10] nsswitch/winbindd_ads.c:lookup_groupmem(861)
  ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:55:38, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:55:38, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 24742 seconds (at 1197578880, time is now 1197554138)
[2007/12/13 14:55:38, 10] nsswitch/winbindd_ads.c:lookup_groupmem(901)
  Searching for attrs[0] = member, attrs[1] = usnChanged
[2007/12/13 14:55:38, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\D7\04\00\00) in <dc=DOMAIN> gave 1 replies
[2007/12/13 14:55:38, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:55:38, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Karen Marienhagen,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:55:38, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:55:38, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Anja Babst,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:55:38, 3] nsswitch/winbindd_ads.c:lookup_groupmem(995)
  ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: DOMAIN time ok
[2007/12/13 14:55:38, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134166
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(369)
  looked up 2 names
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	               karen S-1-5-21-573177630-792016305-1830848205-1127 1
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                  ab S-1-5-21-573177630-792016305-1830848205-1125 1
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 6 = 6
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 3 = 9
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending karen at ndx 0
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending ab at ndx 6
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(443)
  num_mem = 2, len = 9, mem = karen,ab
[2007/12/13 14:55:38, 10] nsswitch/winbindd_group.c:fill_grent_mem(450)
  fill_grent_mem returning 1


3) Add "usera" to group "inetuser" on ADS


4) # wbinfo -r usera
3001
3049

[2007/12/13 14:57:30, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:57:30, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:57:30, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 6194]: request interface version
[2007/12/13 14:57:30, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:57:30, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 6194]: request location of privileged pipe
[2007/12/13 14:57:30, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:57:30, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGROUPS
[2007/12/13 14:57:30, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
  [ 6194]: getgroups usera
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839c5a0
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999978
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839c5a0 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839c5a0
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999976
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839c5a0 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2322)
  Retrieving extra data length=90
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399670
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399670 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 2916
[2007/12/13 14:57:30, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:57:30, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1379)
  Expanding our own local groups
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839f628
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999955
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839f628 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3632
[2007/12/13 14:57:30, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:57:30, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1389)
  Expanding our own BUILTIN groups
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839c790
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999971
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839c790 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3633
[2007/12/13 14:57:30, 10] nsswitch/winbindd_async.c:getsidaliases_recv(1105)
  getsidaliases return 0 SIDs
[2007/12/13 14:57:30, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-513 to a gid
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 839c790
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 839c790 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634
[2007/12/13 14:57:30, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545)
  winbindd_sid2gid_async: Resolving S-1-5-21-573177630-792016305-1830848205-1239 to a gid
[2007/12/13 14:57:30, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 8399b08
[2007/12/13 14:57:30, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999979
[2007/12/13 14:57:30, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 8399b08 "async_request_timeout"
[2007/12/13 14:57:30, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
  Retrieving response for pid 3634


5) # getent group inetuser
inetuser:x:3049:usera,karen,ab

[2007/12/13 14:59:03, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 30
[2007/12/13 14:59:03, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2007/12/13 14:59:03, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 6207]: request interface version
[2007/12/13 14:59:03, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2007/12/13 14:59:03, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 6207]: request location of privileged pipe
[2007/12/13 14:59:03, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 35
[2007/12/13 14:59:03, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETGRNAM
[2007/12/13 14:59:03, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(475)
  [ 6207]: getgrnam inetuser
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:name_to_sid(1388)
  name_to_sid: [Cached] - doing backend query for name for domain DOMAIN
[2007/12/13 14:59:03, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(256)
  rpc: name_to_sid name=DOMAIN\inetuser
[2007/12/13 14:59:03, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(266)
  name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN
[2007/12/13 14:59:03, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1574)
  init_q_lookup_names
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_q_lookup_names 
[2007/12/13 14:59:03, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_pol_hnd 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0000 handle_type: 00000000
[2007/12/13 14:59:03, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_uuid uuid
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0004 data   : 31fa11b8
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0008 data   : d2a5
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              000a data   : 40d3
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000c data   : b0 0c 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8s(857)
              000e data   : 87 bd 33 41 49 bc 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0014 num_entries    : 00000001
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0018 num_entries2   : 00000001
[2007/12/13 14:59:03, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00001c smb_io_unihdr hdr_name
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001c uni_str_len: 0028
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          001e uni_max_len: 0028
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0020 buffer     : 00000001
[2007/12/13 14:59:03, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000024 smb_io_unistr2 dom_name
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0024 uni_max_len: 00000014
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0028 offset     : 00000000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          002c uni_str_len: 00000014
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
          0030 buffer     : D.O.M.A.I.N.\.i.n.e.t.u.s.e.r.
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0058 num_trans_entries : 00000000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      005c ptr_trans_sids : 00000000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0060 lookup_level   : 0001
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 mapped_count   : 00000000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr    
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0080
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000011
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_req hdr_req
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000068
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0016 opnum     : 000e
[2007/12/13 14:59:03, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002
[2007/12/13 14:59:03, 5] lib/util.c:show_msg(484)
[2007/12/13 14:59:03, 5] lib/util.c:show_msg(494)
  size=210
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=21
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  128 (0x80)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
--
[2007/12/13 14:59:03, 10] lib/util.c:dump_data(2264)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 80  00 00 00 11 00 00 00 68  ........ .......h
  [020] 00 00 00 00 00 0E 00 00  00 00 00 B8 11 FA 31 A5  ........ ......1.
  [030] D2 D3 40 B0 0C 87 BD 33  41 49 BC 01 00 00 00 01  .. at ....3 AI......
  [040] 00 00 00 28 00 28 00 01  00 00 00 14 00 00 00 00  ...(.(.. ........
  [050] 00 00 00 14 00 00 00 44  00 41 00 54 00 41 00 53  .......D .A.T.A.S
  [060] 00 59 00 53 00 54 00 45  00 4D 00 45 00 5C 00 69  .Y.S.T.E .M.E.\.i
  [070] 00 6E 00 65 00 74 00 75  00 73 00 65 00 72 00 00  .n.e.t.u .s.e.r..
  [080] 00 00 00 00 00 00 00 01  00 00 00 00 00 00 00     ........ .......
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 38
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
  client_sign_outgoing_message: sent SMB signature of
[2007/12/13 14:59:03, 10] lib/util.c:dump_data(2264)
  [000] F9 92 47 EB D8 2A A1 9B                           ..G..*.. 
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
  store_sequence_for_reply: stored seq = 39 mid = 21
[2007/12/13 14:59:03, 6] libsmb/clientgen.c:write_socket(153)
  write_socket(19,214)
[2007/12/13 14:59:03, 6] libsmb/clientgen.c:write_socket(156)
  write_socket(19,214) wrote 214
[2007/12/13 14:59:03, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 208
[2007/12/13 14:59:03, 5] lib/util.c:show_msg(484)
[2007/12/13 14:59:03, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=21
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:59:03, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 11 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 54 00 04 00 00  .S.T.E.M .E.T....
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 39 mid = 21
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:simple_packet_signature(283)
  simple_packet_signature: sequence number 39
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
  client_check_incoming_message: seq 39: got good SMB signature of
[2007/12/13 14:59:03, 10] lib/util.c:dump_data(2264)
  [000] AB 1A D3 75 60 FF 3A 36                           ...u`.:6 
[2007/12/13 14:59:03, 5] lib/util.c:show_msg(484)
[2007/12/13 14:59:03, 5] lib/util.c:show_msg(494)
  size=208
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=6147
  smb_pid=2865
  smb_uid=10243
  smb_mid=21
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  152 (0x98)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  152 (0x98)
  smb_vwv[ 7]=   56 (0x38)
--
[2007/12/13 14:59:03, 10] lib/util.c:dump_data(2264)
  [000] 00 05 00 02 03 10 00 00  00 98 00 00 00 11 00 00  ........ ........
  [010] 00 80 00 00 00 00 00 00  00 00 00 02 00 01 00 00  ........ ........
  [020] 00 04 00 02 00 20 00 00  00 01 00 00 00 16 00 18  ..... .. ........
  [030] 00 08 00 02 00 0C 00 02  00 0C 00 00 00 00 00 00  ........ ........
  [040] 00 0B 00 00 00 44 00 41  00 54 00 41 00 53 00 59  .....D.A .T.A.S.Y
  [050] 00 53 00 54 00 45 00 4D  00 45 00 54 00 04 00 00  .S.T.E.M .E.T....
  [060] 00 01 04 00 00 00 00 00  05 15 00 00 00 1E FF 29  ........ .......)
  [070] 22 B1 35 35 2F CD 86 20  6D 01 00 00 00 10 00 02  ".55/..  m.......
  [080] 00 01 00 00 00 02 00 00  00 D7 04 00 00 00 00 00  ........ ........
  [090] 00 01 00 00 00 00 00 00  00                       ........ .
[2007/12/13 14:59:03, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
  get_sequence_for_reply: found seq = 39 mid = 21
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr rpc_hdr   
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0000 major     : 05
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0001 minor     : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0002 pkt_type  : 02
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0003 flags     : 03
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0004 pack_type0: 10
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0005 pack_type1: 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0006 pack_type2: 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0007 pack_type3: 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0008 frag_len  : 0098
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      000a auth_len  : 0000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      000c call_id   : 00000011
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0010 alloc_hint: 00000080
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
      0014 context_id: 0000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0016 cancel_ct : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
      0017 reserved  : 00
[2007/12/13 14:59:03, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
  cli_pipe_validate_current_pdu: got pdu len 152, data_len 128, ss_len 0
[2007/12/13 14:59:03, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 152 at offset 0
[2007/12/13 14:59:03, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
  rpc_api_pipe: Remote machine ad1.domain pipe \lsarpc fnum 0xc002 returned 256 bytes.
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_names 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00020000
[2007/12/13 14:59:03, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_dom_r_ref 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0004 num_ref_doms_1: 00000001
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0008 ptr_ref_dom   : 00020004
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          000c max_entries   : 00000020
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0010 num_ref_doms_2: 00000001
[2007/12/13 14:59:03, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000014 smb_io_unihdr dom_ref[0] 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0014 uni_str_len: 0016
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
              0016 uni_max_len: 0018
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0018 buffer     : 00020008
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          001c sid_ptr[0] : 0002000c
[2007/12/13 14:59:03, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_unistr2 dom_ref[0] 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0020 uni_max_len: 0000000c
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0024 offset     : 00000000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0028 uni_str_len: 0000000b
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942)
              002c buffer     : D.O.M.A.I.N.
[2007/12/13 14:59:03, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000044 smb_io_dom_sid2 sid_ptr[0] 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
              0044 num_auths: 00000004
[2007/12/13 14:59:03, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000048 smb_io_dom_sid sid
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0048 sid_rev_num: 01
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  0049 num_auths  : 04
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004a id_auth[0] : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004b id_auth[1] : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004c id_auth[2] : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004d id_auth[3] : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004e id_auth[4] : 00
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint8(616)
                  004f id_auth[5] : 05
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32s(997)
                  0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0060 num_entries: 00000001
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0064 ptr_entries: 00020010
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0068 num_entries2: 00000001
[2007/12/13 14:59:03, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00006c smb_io_dom_rid 
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint16(681)
          006c type   : 0002
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0070 rid    : 000004d7
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
          0074 rid_idx: 00000000
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0078 mapped_count: 00000001
[2007/12/13 14:59:03, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
      007c status      : NT_STATUS_OK
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(399)
  fetch_cache_seqnum: timeout [DOMAIN][3134208 @ 1197554250]
[2007/12/13 14:59:03, 3] nsswitch/winbindd_ads.c:sequence_number(1010)
  ads: fetch sequence_number for DOMAIN
[2007/12/13 14:59:03, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:59:03, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 24537 seconds (at 1197578880, time is now 1197554343)
[2007/12/13 14:59:03, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <> gave 1 replies
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(435)
  store_cache_seqnum: success [DOMAIN][3134211 @ 1197554343]
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134211
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(819)
  wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(842)
  wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1239 -> inetuser
[2007/12/13 14:59:03, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1239]
[2007/12/13 14:59:03, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning expired cache entry: key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239, value = IDMAP/GID/3049, timeout = Thu Dec 13 14:58:19 2007
[2007/12/13 14:59:03, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1115)
  Query backends to map sids->ids
[2007/12/13 14:59:03, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1140)
  SID S-1-5-21-573177630-792016305-1830848205-1239 is being handled by DOMAIN
[2007/12/13 14:59:03, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1161)
  Query ids from domain DOMAIN
[2007/12/13 14:59:03, 10] nsswitch/idmap_tdb.c:idmap_tdb_sid_to_id(750)
  Fetching record S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:59:03, 10] nsswitch/idmap_tdb.c:idmap_tdb_sid_to_id(770)
  Found gid record S-1-5-21-573177630-792016305-1830848205-1239 -> GID 3049 
[2007/12/13 14:59:03, 10] nsswitch/idmap_cache.c:idmap_cache_set(151)
  Adding cache entry with key = IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239; value =   1197555243/IDMAP/GID/3049 and timeout = Thu Dec 13 15:14:03 2007
   (900 seconds ahead)
[2007/12/13 14:59:03, 10] nsswitch/idmap_cache.c:idmap_cache_set(176)
  Adding cache entry with key = IDMAP/GID/3049; value =   1197555243/IDMAP/SID/S-1-5-21-573177630-792016305-1830848205-1239 and timeout = Thu Dec 13 15:14:03 2007
   (900 seconds ahead)
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(222)
  group SID S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1891)
  lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN
[2007/12/13 14:59:03, 10] nsswitch/winbindd_ads.c:lookup_groupmem(861)
  ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:59:03, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46)
  ads_cached_connection
[2007/12/13 14:59:03, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59)
  Current tickets expire in 24537 seconds (at 1197578880, time is now 1197554343)
[2007/12/13 14:59:03, 10] nsswitch/winbindd_ads.c:lookup_groupmem(901)
  Searching for attrs[0] = member, attrs[1] = usnChanged
[2007/12/13 14:59:03, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\D7\04\00\00) in <dc=DOMAIN> gave 1 replies
[2007/12/13 14:59:03, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:59:03, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=usera usera,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:59:03, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:59:03, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Karen Marienhagen,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:59:03, 3] nsswitch/winbindd_ads.c:dn_lookup(406)
  ads: dn_lookup
[2007/12/13 14:59:03, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64)
  Search for (objectclass=*) in <CN=Anja Babst,OU=Benutzer,DC=domain> gave 1 replies
[2007/12/13 14:59:03, 3] nsswitch/winbindd_ads.c:lookup_groupmem(995)
  ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1239
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465)
  refresh_sequence_number: DOMAIN time ok
[2007/12/13 14:59:03, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499)
  refresh_sequence_number: DOMAIN seq number is now 3134211
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(369)
  looked up 3 names
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	               usera S-1-5-21-573177630-792016305-1830848205-1243 1
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	               karen S-1-5-21-573177630-792016305-1830848205-1127 1
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(375)
  	                  ab S-1-5-21-573177630-792016305-1830848205-1125 1
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name usera
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 6 = 6
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 6 = 12
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(413)
  buf_len + 3 = 15
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name usera
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending usera at ndx 0
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name karen
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending karen at ndx 6
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(389)
  processing name ab
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(415)
  appending ab at ndx 12
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(443)
  num_mem = 3, len = 15, mem = usera,karen,ab
[2007/12/13 14:59:03, 10] nsswitch/winbindd_group.c:fill_grent_mem(450)
  fill_grent_mem returning 1



More information about the Pkg-samba-maint mailing list