samba - Oct 2013 - net rpc rights list 'accounts' works, kinda, sorta?

Hello all:

On Fedora 13 but tried this with binaries built off of trunk as well:

$ sudo bin/net -U Administrator%<somepass> -S <server DNS address>
rpc
rights list accounts

NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
SeNetworkLogonRight

NT AUTHORITY\SERVICE
SeImpersonatePrivilege
SeCreateGlobalPrivilege
...
S-1-5-21-4110185449-3833660826-895226858-1184
tdb(__NULL__): tdb_open_ex: called with name == NULL
$ echo $?
255

Note, the 3.5.8-75 binary does the same thing sans "tdb" noise.

But if I do it a second time, it just works and returns 0.

Looking at the TCP dump I see that in the failure case I get a

"Trans Response, FID: 0x8003, Error: STATUS_PIPE_BROKEN"

(Wireshark output from the PCAP dump)

Anyone have a clue on why this kinda, sorta works?

The PDC is running 2003 SP2.

Searching the list yielded very little fruit.

-aps

On Wed, Oct 16, 2013 at 3:01 PM, pisymbol . <pisymbol at gmail.com>
wrote:
> Hello all:
>
> On Fedora 13 but tried this with binaries built off of trunk as well:
>
> $ sudo bin/net -U Administrator%<somepass> -S <server DNS
address> rpc
> rights list accounts
>
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
> SeNetworkLogonRight
>
> NT AUTHORITY\SERVICE
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> ...
> S-1-5-21-4110185449-3833660826-895226858-1184
> tdb(__NULL__): tdb_open_ex: called with name == NULL
> $ echo $?
> 255
>
> Note, the 3.5.8-75 binary does the same thing sans "tdb" noise.
>
> But if I do it a second time, it just works and returns 0.
>
> Looking at the TCP dump I see that in the failure case I get a
>
> "Trans Response, FID: 0x8003, Error: STATUS_PIPE_BROKEN"
>
> (Wireshark output from the PCAP dump)
>
> Anyone have a clue on why this kinda, sorta works?
>
> The PDC is running 2003 SP2.
>
> Searching the list yielded very little fruit.
I see this zonking on net debugging -d10 etc.

Running timed event "tevent_req_timedout" 0x7f5b0e5d7270
cli_api_pipe failed: NT_STATUS_IO_TIMEOUT
LSA_LOOKUPSIDS returned 'NT_STATUS_IO_TIMEOUT', mapped count = 0'
     lsa_Close: struct lsa_Close
        in: struct lsa_Close
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     :
eae71130-0fad-4f4e-8b25-0d1316f5398f
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 002c
    000a auth_len  : 0000
    000c call_id   : 0000007e
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000014
    0014 context_id: 0000
    0016 opnum     : 0000
rpc_api_pipe: host <server>
cli_api_pipe failed: NT_STATUS_CONNECTION_INVALID
S-1-5-21-4110185449-3833660826-895226858-1184
     lsa_EnumAccountRights: struct lsa_EnumAccount

Looks like adding this ' --request-timeout 30' fixed my issue. Just in
case anyone else runs into this, be aware of the tevent's timeout in
the RPC.

-aps