Russell Ault
2016-Jul-18 05:08 UTC
[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
Hi all! To clarify, it must have been removed from the copy-pasta, but “net ads join -U” did produce a password prompt as expected. The dig command produced the following: root at host:~$ dig -t SRV _ldap._tcp.domain.local ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;_ldap._tcp.domain.local. IN SRV ;; ANSWER SECTION: _ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-controller.domain.local. ;; ADDITIONAL SECTION: domain-controller.domain.local. 3600 IN A 192.168.0.34 ;; Query time: 0 msec ;; SERVER: 192.168.0.34#53(192.168.0.34) ;; WHEN: Sun Jul 17 23:23:47 MDT 2016 ;; MSG SIZE rcvd: 107 And "kinit administrator" gave me a valid ticket according to klist. When I ran "net ads join -k" I got the same error: "Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." The -d10 output looks pretty much like the one I posted in my first e-mail message. Any thoughts? Is there something in my domain that could be misconfigured? What does "The object name is not found." even mean? Thanks! Sincerely, Russell Ault From: mathias dufresne [mailto:infractory at gmail.com] Sent: July 11, 2016 06:53 To: Russell Ault Cc: samba at lists.samba.org Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The object name is not found." I found strange to not see password prompt right after your "net ads join" command. As you did used -U a password should have been asked, at least that's what I believe. Before joining AD your Linux must be well configured. DNS and Kerberos are the first points. DNS: dig -t SRV _ldap._tcp.<your>.<domain>.<tld> must work. Kerberos: kinit administartor must also work. Then once these commands worked you should have a valid kerberos ticket (generated during kinit). You can verify Kerbreos ticket status with "klist", if you have one valid you can retry net ads join using kerberos auth: net ads join -k 2016-07-10 8:32 GMT+02:00 Russell Ault <russell at auksnest.ca>: Hi all! I'm trying to join Debian Jessie to an existing AD domain as a member server (AD DC is Server 2012R2) to run it as a file server. I installed acl, samba, winbind, libnss-winbind, and krb5-user using APT, and configured /etc/samba/smb.conf according to the Samba wiki article. The error the join command is producing is " Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." which isn't an error message that appeared in any of my searching, so I'm pretty stumped. I've attached my smb.conf and -d10 command output. Any thoughts? Thanks! Sincerely, Russell Ault Here is my (sanitized) smb.conf: [global] netbios name = HOSTNAME security = ADS workgroup = DOMAIN realm = DOMAIN.LOCAL idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-99999 winbind nss info = template template shell = /bin/bash template homedir = /home/%U vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes [storage] path = /path read only = no admin users = "@DOMAIN\Domain Admins" Here's the (sanitized) output of trying to join the domain: root at hostname:~# net ads join -U administrator -d10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 Processing section "[global]" doing parameter netbios name = HOSTNAME doing parameter security = ADS doing parameter workgroup = DOMAIN doing parameter realm = DOMAIN.LOCAL doing parameter idmap config *:backend = tdb doing parameter idmap config *:range = 2000-9999 doing parameter idmap config DOMAIN:backend = ad doing parameter idmap config DOMAIN:schema_mode = rfc2307 doing parameter idmap config DOMAIN:range = 10000-99999 doing parameter winbind nss info = template doing parameter template shell = /bin/bash doing parameter template homedir = /home/%U doing parameter vfs objects = acl_xattr doing parameter map acl inherit = yes doing parameter store dos attributes = yes pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="HOSTNAME" added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) Enter administrator's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'HOSTNAME' domain_name : * domain_name : 'DOMAIN.LOCAL' account_ou : NULL admin_account : 'administrator' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/run/samba/gencache_notrans.tdb sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name" dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40001011 debug_dsdcinfo_flags: 0x40001011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME dsgetdcname_rediscover ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 389] LDAP ping to domain-controller.domain.local (192.168.0.34) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f3fd (62461) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470 forest : 'domain.local' dns_domain : 'domain.local' pdc_dns_name : 'domain-controller.domain.local' domain_name : 'DOMAIN' pdc_name : 'DOMAIN-CONTROLLER' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got it sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got it sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name" internal_resolve_name: looking up domain-controller.domain.local#20 (sitename Default-First-Site-Name) Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the past) no entry for domain-controller.domain.local#20 found. resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20> resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name domain-controller.domain.local<0x20> remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 1 address for domain-controller.domain.local#20: 192.168.0.34 Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead) internal_resolve_name: returning 1 addresses: 192.168.0.34:0 Connecting to 192.168.0.34 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 372480 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Doing spnego session setup (blob length=120) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : * Workstation : '' Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH ntlmssp_check_packet: NTLMSSP signature OK ! NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH signed SMB2 message signed SMB2 message cli_init_creds: user administrator domain signed SMB2 message Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x0012e7d2 (1238994) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-controller.domain.local and bound anonymously. lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u. 3.. at ...] [0010] 01 EA 3F 01 00 00 00 00 ..?..... Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01 level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 176 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=168 <redacted> Got pdu len 192, data_len 168 rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 168 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'DOMAIN' dns_domain: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'domain.local' dns_forest: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'domain.local' domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470 sid : * sid : S-1-5-21-<redacted>-<redacted>-<redacted> result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK signed SMB2 message create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain = DOMAIN saf_fetch: failed to find server for "domain.local" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up domain.local#1c (sitename (null)) no entry for domain.local#1C found. resolve_ads: Attempting to resolve KDCs for domain.local using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 192.168.0.34:88 Adding 1 DC's from auto lookup check_negative_conn_cache returning result 0 for domain domain.local server 192.168.0.34 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 192.168.0.34:88 &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f3fd (62461) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470 forest : 'domain.local' dns_domain : 'domain.local' pdc_dns_name : 'domain-controller.domain.local' domain_name : 'DOMAIN' pdc_name : 'DOMAIN-CONTROLLER' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) get_kdc_ip_string: Returning kdc = 192.168.0.34 create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list = kdc = 192.168.0.34 signed SMB2 message Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ac if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x0012e7d3 (1238995) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 02 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-controller.domain.local and bound anonymously. samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'domain-controller.domain.local' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000044 (68) context_id : 0x0000 (0) opnum : 0x0039 (57) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y ...C.15. [0010] 6F DB 2D 8C 00 00 00 00 o.-..... Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : <redacted> result : NT_STATUS_OK samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : <redacted> access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-<redacted>-<redacted>-<redacted> &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........ P..K.b~X [0010] ED BE BA 7D 00 00 00 00 ...}.... Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : <redacted> result : NT_STATUS_OK Creating account with desired access mask: -536543056 samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : <redacted> account_name : * account_name: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'hostname$' acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x0032 (50) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 40 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........ d...4... Got pdu len 56, data_len 32 rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 32 bytes. samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000664 (1636) result : NT_STATUS_OBJECT_NAME_NOT_FOUND Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : <redacted> &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : <redacted> &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host domain-controller.domain.local signed SMB2 message rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK signed SMB2 message libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'DOMAIN' dns_domain_name : 'domain.local' forest_name : 'domain.local' dn : NULL domain_sid : * domain_sid : S-1-5-21-<redacted>-<redacted>-<redacted> modified_config : 0x00 (0) error_string : 'failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.' domain_is_ad : 0x01 (1) result : WERR_BADFILE Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found. return code = -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2016-Jul-18 07:57 UTC
[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
On 18/07/16 06:08, Russell Ault wrote:> Hi all! > > To clarify, it must have been removed from the copy-pasta, but “net ads join -U” did produce a password prompt as expected. > > The dig command produced the following: > > root at host:~$ dig -t SRV _ldap._tcp.domain.local > > ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4000 > ;; QUESTION SECTION: > ;_ldap._tcp.domain.local. IN SRV > > ;; ANSWER SECTION: > _ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-controller.domain.local. > > ;; ADDITIONAL SECTION: > domain-controller.domain.local. 3600 IN A 192.168.0.34 > > ;; Query time: 0 msec > ;; SERVER: 192.168.0.34#53(192.168.0.34) > ;; WHEN: Sun Jul 17 23:23:47 MDT 2016 > ;; MSG SIZE rcvd: 107 > > And "kinit administrator" gave me a valid ticket according to klist. > > When I ran "net ads join -k" I got the same error: "Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." The -d10 output looks pretty much like the one I posted in my first e-mail message. > > Any thoughts? Is there something in my domain that could be misconfigured? What does "The object name is not found." even mean? > > Thanks! > > Sincerely, > > Russell Ault > > From: mathias dufresne [mailto:infractory at gmail.com] > Sent: July 11, 2016 06:53 > To: Russell Ault > Cc: samba at lists.samba.org > Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The object name is not found." > > I found strange to not see password prompt right after your "net ads join" command. As you did used -U a password should have been asked, at least that's what I believe. > Before joining AD your Linux must be well configured. DNS and Kerberos are the first points. > DNS: > dig -t SRV _ldap._tcp.<your>.<domain>.<tld> > must work. > Kerberos: > kinit administartor > must also work. > Then once these commands worked you should have a valid kerberos ticket (generated during kinit). You can verify Kerbreos ticket status with "klist", if you have one valid you can retry net ads join using kerberos auth: > net ads join -k > > 2016-07-10 8:32 GMT+02:00 Russell Ault <russell at auksnest.ca>: > Hi all! > > I'm trying to join Debian Jessie to an existing AD domain as a member server (AD DC is Server 2012R2) to run it as a file server. I installed acl, samba, winbind, libnss-winbind, and krb5-user using APT, and configured /etc/samba/smb.conf according to the Samba wiki article. > > The error the join command is producing is " Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found." which isn't an error message that appeared in any of my searching, so I'm pretty stumped. I've attached my smb.conf and -d10 command output. Any thoughts? > > Thanks! > > Sincerely, > > Russell Ault > > > Here is my (sanitized) smb.conf: > > [global] > netbios name = HOSTNAME > security = ADS > workgroup = DOMAIN > realm = DOMAIN.LOCAL > > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > idmap config DOMAIN:backend = ad > idmap config DOMAIN:schema_mode = rfc2307 > idmap config DOMAIN:range = 10000-99999 > > winbind nss info = template > template shell = /bin/bash > template homedir = /home/%U > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > [storage] > path = /path > read only = no > admin users = "@DOMAIN\Domain Admins" > > > Here's the (sanitized) output of trying to join the domain: > root at hostname:~# net ads join -U administrator -d10 > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > Processing section "[global]" > doing parameter netbios name = HOSTNAME > doing parameter security = ADS > doing parameter workgroup = DOMAIN > doing parameter realm = DOMAIN.LOCAL > doing parameter idmap config *:backend = tdb > doing parameter idmap config *:range = 2000-9999 > doing parameter idmap config DOMAIN:backend = ad > doing parameter idmap config DOMAIN:schema_mode = rfc2307 > doing parameter idmap config DOMAIN:range = 10000-99999 > doing parameter winbind nss info = template > doing parameter template shell = /bin/bash > doing parameter template homedir = /home/%U > doing parameter vfs objects = acl_xattr > doing parameter map acl inherit = yes > doing parameter store dos attributes = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="HOSTNAME" > added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > Enter administrator's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'HOSTNAME' > domain_name : * > domain_name : 'DOMAIN.LOCAL' > account_ou : NULL > admin_account : 'administrator' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/run/samba/gencache_notrans.tdb > sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name" > dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40001011 > debug_dsdcinfo_flags: 0x40001011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME > dsgetdcname_rediscover > ads_dns_lookup_srv: 1 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 389] > LDAP ping to domain-controller.domain.local (192.168.0.34) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f3fd (62461) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470 > forest : 'domain.local' > dns_domain : 'domain.local' > pdc_dns_name : 'domain-controller.domain.local' > domain_name : 'DOMAIN' > pdc_name : 'DOMAIN-CONTROLLER' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it > sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got it > sitename_store: realm = [domain.local], sitename = [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got it > sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name" > internal_resolve_name: looking up domain-controller.domain.local#20 (sitename Default-First-Site-Name) > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the past) > no entry for domain-controller.domain.local#20 found. > resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name domain-controller.domain.local<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory > resolve_wins: WINS server resolution selected and no WINS servers listed. > resolve_hosts: Attempting host lookup for name domain-controller.domain.local<0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 1 address for domain-controller.domain.local#20: 192.168.0.34 > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead) > internal_resolve_name: returning 1 addresses: 192.168.0.34:0 > Connecting to 192.168.0.34 at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 372480 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=120) > got OID=1.3.6.1.4.1.311.2.2.30 > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.2.840.113554.1.2.2.3 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Starting GENSEC mechanism spnego > Starting GENSEC submechanism ntlmssp > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x62088215 (1644724757) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > WorkstationLen : 0x0000 (0) > WorkstationMaxLen : 0x0000 (0) > Workstation : * > Workstation : '' > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) > ProductBuild : 0x0000 (0) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) > Got challenge flags: > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > ntlmssp_check_packet: NTLMSSP signature OK ! > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > signed SMB2 message > signed SMB2 message > cli_init_creds: user administrator domain > signed SMB2 message > Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x0012e7d2 (1238994) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 > [0000] 00 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes. > check_bind_response: accepted! > cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-controller.domain.local and bound anonymously. > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u. 3.. at ...] > [0010] 01 EA 3F 01 00 00 00 00 ..?..... > Got pdu len 48, data_len 24 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01 > level : LSA_POLICY_INFO_DNS (12) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x002e (46) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 176 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00c0 (192) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000a8 (168) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=168 > > <redacted> > > Got pdu len 192, data_len 168 > rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 168 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x0006 (6) > size : 0x0008 (8) > string : * > string : 'DOMAIN' > dns_domain: struct lsa_StringLarge > length : 0x0012 (18) > size : 0x0014 (20) > string : * > string : 'domain.local' > dns_forest: struct lsa_StringLarge > length : 0x0012 (18) > size : 0x0014 (20) > string : * > string : 'domain.local' > domain_guid : 681ea09d-d921-4581-b653-8f8b8f4eb470 > sid : * > sid : S-1-5-21-<redacted>-<redacted>-<redacted> > result : NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 20967512-1b33-400a-a0ce-c95d01ea3f01 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ > Got pdu len 48, data_len 24 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > signed SMB2 message > create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain = DOMAIN > saf_fetch: failed to find server for "domain.local" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up domain.local#1c (sitename (null)) > no entry for domain.local#1C found. > resolve_ads: Attempting to resolve KDCs for domain.local using DNS > ads_dns_lookup_srv: 1 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 1 addresses: 192.168.0.34:88 > Adding 1 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain domain.local server 192.168.0.34 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 1 ip addresses in an ordered list > get_dc_list: 192.168.0.34:88 > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f3fd (62461) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470 > forest : 'domain.local' > dns_domain : 'domain.local' > pdc_dns_name : 'domain-controller.domain.local' > domain_name : 'DOMAIN' > pdc_name : 'DOMAIN-CONTROLLER' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 192.168.0.34 > > create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list = kdc = 192.168.0.34 > > signed SMB2 message > Bind RPC Pipe: host domain-controller.domain.local auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ac > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x0012e7d3 (1238995) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 > [0000] 02 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes. > check_bind_response: accepted! > cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-controller.domain.local and bound anonymously. > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'domain-controller.domain.local' > access_mask : 0x00000030 (48) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 1: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000044 (68) > context_id : 0x0000 (0) > opnum : 0x0039 (57) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y ...C.15. > [0010] 6F DB 2D 8C 00 00 00 00 o.-..... > Got pdu len 48, data_len 24 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : <redacted> > result : NT_STATUS_OK > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : <redacted> > access_mask : 0x00000211 (529) > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 1: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-<redacted>-<redacted>-<redacted> > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000034 (52) > context_id : 0x0000 (0) > opnum : 0x0007 (7) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........ P..K.b~X > [0010] ED BE BA 7D 00 00 00 00 ...}.... > Got pdu len 48, data_len 24 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : <redacted> > result : NT_STATUS_OK > Creating account with desired access mask: -536543056 > samr_CreateUser2: struct samr_CreateUser2 > in: struct samr_CreateUser2 > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : <redacted> > account_name : * > account_name: struct lsa_String > length : 0x001c (28) > size : 0x001c (28) > string : * > string : 'hostname$' > acct_flags : 0x00000080 (128) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > access_mask : 0xe00500b0 (3758424240) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 1: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000004c (76) > context_id : 0x0000 (0) > opnum : 0x0032 (50) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 40 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=32 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........ d...4... > Got pdu len 56, data_len 32 > rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 32 bytes. > samr_CreateUser2: struct samr_CreateUser2 > out: struct samr_CreateUser2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > access_granted : * > access_granted : 0x00000000 (0) > rid : * > rid : 0x00000664 (1636) > result : NT_STATUS_OBJECT_NAME_NOT_FOUND > Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : <redacted> > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0001 (1) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ > Got pdu len 48, data_len 24 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : <redacted> > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0001 (1) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host domain-controller.domain.local > signed SMB2 message > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ > Got pdu len 48, data_len 24 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > signed SMB2 message > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'DOMAIN' > dns_domain_name : 'domain.local' > forest_name : 'domain.local' > dn : NULL > domain_sid : * > domain_sid : S-1-5-21-<redacted>-<redacted>-<redacted> > modified_config : 0x00 (0) > error_string : 'failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found.' > domain_is_ad : 0x01 (1) > result : WERR_BADFILE > Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not found. > return code = -1 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Have you set up /etc/krb5.conf and if so, what does it contain ? Does your /etc/resolv.conf point at the DC ? Rowland
L.P.H. van Belle
2016-Jul-18 08:25 UTC
[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
I'll bet static ip, with correct resolv.conf hosts and nsswitch.conf and krb5.conf. This must be the clue...> Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUNDSo the join reaches the AD but here something happens. Russelt, can you try again with debug 10 and post both logs. net ads join -UAdministrator and net ads join -UAdministratos -S YOUR_ADDC.domain.tld. Or if i may say mail them to Rowland. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: maandag 18 juli 2016 9:57 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Debian Jessie joining AD as member fails with "The > object name is not found." > > On 18/07/16 06:08, Russell Ault wrote: > > Hi all! > > > > To clarify, it must have been removed from the copy-pasta, but “net ads > join -U” did produce a password prompt as expected. > > > > The dig command produced the following: > > > > root at host:~$ dig -t SRV _ldap._tcp.domain.local > > > > ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV _ldap._tcp.domain.local > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393 > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 > > > > ;; OPT PSEUDOSECTION: > > ; EDNS: version: 0, flags:; udp: 4000 > > ;; QUESTION SECTION: > > ;_ldap._tcp.domain.local. IN SRV > > > > ;; ANSWER SECTION: > > _ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain- > controller.domain.local. > > > > ;; ADDITIONAL SECTION: > > domain-controller.domain.local. 3600 IN A 192.168.0.34 > > > > ;; Query time: 0 msec > > ;; SERVER: 192.168.0.34#53(192.168.0.34) > > ;; WHEN: Sun Jul 17 23:23:47 MDT 2016 > > ;; MSG SIZE rcvd: 107 > > > > And "kinit administrator" gave me a valid ticket according to klist. > > > > When I ran "net ads join -k" I got the same error: "Failed to join > domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is > not found." The -d10 output looks pretty much like the one I posted in my > first e-mail message. > > > > Any thoughts? Is there something in my domain that could be > misconfigured? What does "The object name is not found." even mean? > > > > Thanks! > > > > Sincerely, > > > > Russell Ault > > > > From: mathias dufresne [mailto:infractory at gmail.com] > > Sent: July 11, 2016 06:53 > > To: Russell Ault > > Cc: samba at lists.samba.org > > Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The > object name is not found." > > > > I found strange to not see password prompt right after your "net ads > join" command. As you did used -U a password should have been asked, at > least that's what I believe. > > Before joining AD your Linux must be well configured. DNS and Kerberos > are the first points. > > DNS: > > dig -t SRV _ldap._tcp.<your>.<domain>.<tld> > > must work. > > Kerberos: > > kinit administartor > > must also work. > > Then once these commands worked you should have a valid kerberos ticket > (generated during kinit). You can verify Kerbreos ticket status with > "klist", if you have one valid you can retry net ads join using kerberos > auth: > > net ads join -k > > > > 2016-07-10 8:32 GMT+02:00 Russell Ault <russell at auksnest.ca>: > > Hi all! > > > > I'm trying to join Debian Jessie to an existing AD domain as a member > server (AD DC is Server 2012R2) to run it as a file server. I installed > acl, samba, winbind, libnss-winbind, and krb5-user using APT, and > configured /etc/samba/smb.conf according to the Samba wiki article. > > > > The error the join command is producing is " Failed to join domain: > failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is not > found." which isn't an error message that appeared in any of my searching, > so I'm pretty stumped. I've attached my smb.conf and -d10 command output. > Any thoughts? > > > > Thanks! > > > > Sincerely, > > > > Russell Ault > > > > > > Here is my (sanitized) smb.conf: > > > > [global] > > netbios name = HOSTNAME > > security = ADS > > workgroup = DOMAIN > > realm = DOMAIN.LOCAL > > > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > > > idmap config DOMAIN:backend = ad > > idmap config DOMAIN:schema_mode = rfc2307 > > idmap config DOMAIN:range = 10000-99999 > > > > winbind nss info = template > > template shell = /bin/bash > > template homedir = /home/%U > > > > vfs objects = acl_xattr > > map acl inherit = yes > > store dos attributes = yes > > > > [storage] > > path = /path > > read only = no > > admin users = "@DOMAIN\Domain Admins" > > > > > > Here's the (sanitized) output of trying to join the domain: > > root at hostname:~# net ads join -U administrator -d10 > > INFO: Current debug levels: > > all: 10 > > tdb: 10 > > printdrivers: 10 > > lanman: 10 > > smb: 10 > > rpc_parse: 10 > > rpc_srv: 10 > > rpc_cli: 10 > > passdb: 10 > > sam: 10 > > auth: 10 > > winbind: 10 > > vfs: 10 > > idmap: 10 > > quota: 10 > > acls: 10 > > locking: 10 > > msdfs: 10 > > dmapi: 10 > > registry: 10 > > scavenger: 10 > > dns: 10 > > ldb: 10 > > lp_load_ex: refreshing parameters > > Initialising global parameters > > INFO: Current debug levels: > > all: 10 > > tdb: 10 > > printdrivers: 10 > > lanman: 10 > > smb: 10 > > rpc_parse: 10 > > rpc_srv: 10 > > rpc_cli: 10 > > passdb: 10 > > sam: 10 > > auth: 10 > > winbind: 10 > > vfs: 10 > > idmap: 10 > > quota: 10 > > acls: 10 > > locking: 10 > > msdfs: 10 > > dmapi: 10 > > registry: 10 > > scavenger: 10 > > dns: 10 > > ldb: 10 > > Processing section "[global]" > > doing parameter netbios name = HOSTNAME > > doing parameter security = ADS > > doing parameter workgroup = DOMAIN > > doing parameter realm = DOMAIN.LOCAL > > doing parameter idmap config *:backend = tdb > > doing parameter idmap config *:range = 2000-9999 > > doing parameter idmap config DOMAIN:backend = ad > > doing parameter idmap config DOMAIN:schema_mode = rfc2307 > > doing parameter idmap config DOMAIN:range = 10000-99999 > > doing parameter winbind nss info = template > > doing parameter template shell = /bin/bash > > doing parameter template homedir = /home/%U > > doing parameter vfs objects = acl_xattr > > doing parameter map acl inherit = yes > > doing parameter store dos attributes = yes > > pm_process() returned Yes > > lp_servicenumber: couldn't find homes > > Netbios name list:- > > my_netbios_names[0]="HOSTNAME" > > added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 > netmask=255.255.255.0 > > Registering messaging pointer for type 2 - private_data=(nil) > > Registering messaging pointer for type 9 - private_data=(nil) > > Registered MSG_REQ_POOL_USAGE > > Registering messaging pointer for type 11 - private_data=(nil) > > Registering messaging pointer for type 12 - private_data=(nil) > > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > > Registering messaging pointer for type 1 - private_data=(nil) > > Registering messaging pointer for type 5 - private_data=(nil) > > Enter administrator's password: > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > in: struct libnet_JoinCtx > > dc_name : NULL > > machine_name : 'HOSTNAME' > > domain_name : * > > domain_name : 'DOMAIN.LOCAL' > > account_ou : NULL > > admin_account : 'administrator' > > admin_domain : NULL > > machine_password : NULL > > join_flags : 0x00000023 (35) > > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > os_version : NULL > > os_name : NULL > > create_upn : 0x00 (0) > > upn : NULL > > modify_config : 0x00 (0) > > ads : NULL > > debug : 0x01 (1) > > use_kerberos : 0x00 (0) > > secure_channel_type : SEC_CHAN_WKSTA (2) > > Opening cache file at /var/cache/samba/gencache.tdb > > Opening cache file at /var/run/samba/gencache_notrans.tdb > > sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First- > Site-Name" > > dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null), > site_name: Default-First-Site-Name, flags: 0x40001011 > > debug_dsdcinfo_flags: 0x40001011 > > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED > DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME > > dsgetdcname_rediscover > > ads_dns_lookup_srv: 1 records returned in the answer section. > > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, > 389] > > LDAP ping to domain-controller.domain.local (192.168.0.34) > > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > > sbz : 0x0000 (0) > > server_type : 0x0000f3fd (62461) > > 1: NBT_SERVER_PDC > > 1: NBT_SERVER_GC > > 1: NBT_SERVER_LDAP > > 1: NBT_SERVER_DS > > 1: NBT_SERVER_KDC > > 1: NBT_SERVER_TIMESERV > > 1: NBT_SERVER_CLOSEST > > 1: NBT_SERVER_WRITABLE > > 1: NBT_SERVER_GOOD_TIMESERV > > 0: NBT_SERVER_NDNC > > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > > 1: NBT_SERVER_ADS_WEB_SERVICE > > 0: NBT_SERVER_HAS_DNS_NAME > > 0: NBT_SERVER_IS_DEFAULT_NC > > 0: NBT_SERVER_FOREST_ROOT > > domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470 > > forest : 'domain.local' > > dns_domain : 'domain.local' > > pdc_dns_name : 'domain-controller.domain.local' > > domain_name : 'DOMAIN' > > pdc_name : 'DOMAIN-CONTROLLER' > > user_name : '' > > server_site : 'Default-First-Site-Name' > > client_site : 'Default-First-Site-Name' > > sockaddr_size : 0x00 (0) > > sockaddr: struct nbt_sockaddr > > sockaddr_family : 0x00000000 (0) > > pdc_ip : (null) > > remaining : DATA_BLOB length=0 > > next_closest_site : NULL > > nt_version : 0x00000005 (5) > > 1: NETLOGON_NT_VERSION_1 > > 0: NETLOGON_NT_VERSION_5 > > 1: NETLOGON_NT_VERSION_5EX > > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > > 0: NETLOGON_NT_VERSION_PDC > > 0: NETLOGON_NT_VERSION_IP > > 0: NETLOGON_NT_VERSION_LOCAL > > 0: NETLOGON_NT_VERSION_GC > > lmnt_token : 0xffff (65535) > > lm20_token : 0xffff (65535) > > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it > > sitename_store: realm = [DOMAIN], sitename = [Default-First-Site-Name], > expire = [2085923199] > > Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it > > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already got > it > > sitename_store: realm = [domain.local], sitename = [Default-First-Site- > Name], expire = [2085923199] > > Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already got > it > > sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First- > Site-Name" > > internal_resolve_name: looking up domain-controller.domain.local#20 > (sitename Default-First-Site-Name) > > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and > timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the > past) > > no entry for domain-controller.domain.local#20 found. > > resolve_lmhosts: Attempting lmhosts lookup for name domain- > controller.domain.local<0x20> > > resolve_lmhosts: Attempting lmhosts lookup for name domain- > controller.domain.local<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > > resolve_wins: WINS server resolution selected and no WINS servers > listed. > > resolve_hosts: Attempting host lookup for name domain- > controller.domain.local<0x20> > > remove_duplicate_addrs2: looking for duplicate address/port pairs > > namecache_store: storing 1 address for domain- > controller.domain.local#20: 192.168.0.34 > > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20] and > timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead) > > internal_resolve_name: returning 1 addresses: 192.168.0.34:0 > > Connecting to 192.168.0.34 at port 445 > > Socket options: > > SO_KEEPALIVE = 0 > > SO_REUSEADDR = 0 > > SO_BROADCAST = 0 > > TCP_NODELAY = 1 > > TCP_KEEPCNT = 9 > > TCP_KEEPIDLE = 7200 > > TCP_KEEPINTVL = 75 > > IPTOS_LOWDELAY = 0 > > IPTOS_THROUGHPUT = 0 > > SO_REUSEPORT = 0 > > SO_SNDBUF = 87040 > > SO_RCVBUF = 372480 > > SO_SNDLOWAT = 1 > > SO_RCVLOWAT = 1 > > SO_SNDTIMEO = 0 > > SO_RCVTIMEO = 0 > > TCP_QUICKACK = 1 > > TCP_DEFER_ACCEPT = 0 > > Doing spnego session setup (blob length=120) > > got OID=1.3.6.1.4.1.311.2.2.30 > > got OID=1.2.840.48018.1.2.2 > > got OID=1.2.840.113554.1.2.2 > > got OID=1.2.840.113554.1.2.2.3 > > got OID=1.3.6.1.4.1.311.2.2.10 > > got principal=not_defined_in_RFC4178 at please_ignore > > GENSEC backend 'gssapi_spnego' registered > > GENSEC backend 'gssapi_krb5' registered > > GENSEC backend 'gssapi_krb5_sasl' registered > > GENSEC backend 'spnego' registered > > GENSEC backend 'schannel' registered > > GENSEC backend 'naclrpc_as_system' registered > > GENSEC backend 'sasl-EXTERNAL' registered > > GENSEC backend 'ntlmssp' registered > > GENSEC backend 'ntlmssp_resume_ccache' registered > > GENSEC backend 'http_basic' registered > > GENSEC backend 'http_ntlm' registered > > GENSEC backend 'krb5' registered > > GENSEC backend 'fake_gssapi_krb5' registered > > Starting GENSEC mechanism spnego > > Starting GENSEC submechanism ntlmssp > > negotiate: struct NEGOTIATE_MESSAGE > > Signature : 'NTLMSSP' > > MessageType : NtLmNegotiate (1) > > NegotiateFlags : 0x62088215 (1644724757) > > 1: NTLMSSP_NEGOTIATE_UNICODE > > 0: NTLMSSP_NEGOTIATE_OEM > > 1: NTLMSSP_REQUEST_TARGET > > 1: NTLMSSP_NEGOTIATE_SIGN > > 0: NTLMSSP_NEGOTIATE_SEAL > > 0: NTLMSSP_NEGOTIATE_DATAGRAM > > 0: NTLMSSP_NEGOTIATE_LM_KEY > > 0: NTLMSSP_NEGOTIATE_NETWARE > > 1: NTLMSSP_NEGOTIATE_NTLM > > 0: NTLMSSP_NEGOTIATE_NT_ONLY > > 0: NTLMSSP_ANONYMOUS > > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > > 0: NTLMSSP_TARGET_TYPE_DOMAIN > > 0: NTLMSSP_TARGET_TYPE_SERVER > > 0: NTLMSSP_TARGET_TYPE_SHARE > > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > > 0: NTLMSSP_NEGOTIATE_IDENTIFY > > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > > 1: NTLMSSP_NEGOTIATE_VERSION > > 1: NTLMSSP_NEGOTIATE_128 > > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > > 0: NTLMSSP_NEGOTIATE_56 > > DomainNameLen : 0x0000 (0) > > DomainNameMaxLen : 0x0000 (0) > > DomainName : * > > DomainName : '' > > WorkstationLen : 0x0000 (0) > > WorkstationMaxLen : 0x0000 (0) > > Workstation : * > > Workstation : '' > > Version: struct ntlmssp_VERSION > > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 > (6) > > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 > (1) > > ProductBuild : 0x0000 (0) > > Reserved: ARRAY(3) > > [0] : 0x00 (0) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) > > Got challenge flags: > > Got NTLMSSP neg_flags=0x62898215 > > NTLMSSP_NEGOTIATE_UNICODE > > NTLMSSP_REQUEST_TARGET > > NTLMSSP_NEGOTIATE_SIGN > > NTLMSSP_NEGOTIATE_NTLM > > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > > NTLMSSP_TARGET_TYPE_DOMAIN > > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > > NTLMSSP_NEGOTIATE_TARGET_INFO > > NTLMSSP_NEGOTIATE_VERSION > > NTLMSSP_NEGOTIATE_128 > > NTLMSSP_NEGOTIATE_KEY_EXCH > > NTLMSSP: Set final flags: > > Got NTLMSSP neg_flags=0x62088215 > > NTLMSSP_NEGOTIATE_UNICODE > > NTLMSSP_REQUEST_TARGET > > NTLMSSP_NEGOTIATE_SIGN > > NTLMSSP_NEGOTIATE_NTLM > > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > > NTLMSSP_NEGOTIATE_VERSION > > NTLMSSP_NEGOTIATE_128 > > NTLMSSP_NEGOTIATE_KEY_EXCH > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088215 > > NTLMSSP_NEGOTIATE_UNICODE > > NTLMSSP_REQUEST_TARGET > > NTLMSSP_NEGOTIATE_SIGN > > NTLMSSP_NEGOTIATE_NTLM > > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > > NTLMSSP_NEGOTIATE_VERSION > > NTLMSSP_NEGOTIATE_128 > > NTLMSSP_NEGOTIATE_KEY_EXCH > > ntlmssp_check_packet: NTLMSSP signature OK ! > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088215 > > NTLMSSP_NEGOTIATE_UNICODE > > NTLMSSP_REQUEST_TARGET > > NTLMSSP_NEGOTIATE_SIGN > > NTLMSSP_NEGOTIATE_NTLM > > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > > NTLMSSP_NEGOTIATE_VERSION > > NTLMSSP_NEGOTIATE_128 > > NTLMSSP_NEGOTIATE_KEY_EXCH > > signed SMB2 message > > signed SMB2 message > > cli_init_creds: user administrator domain > > signed SMB2 message > > Bind RPC Pipe: host domain-controller.domain.local auth_type 0, > auth_level 1 > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_BIND (11) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0048 (72) > > auth_length : 0x0000 (0) > > call_id : 0x00000001 (1) > > u : union dcerpc_payload(case 11) > > bind: struct dcerpc_bind > > max_xmit_frag : 0x10b8 (4280) > > max_recv_frag : 0x10b8 (4280) > > assoc_group_id : 0x00000000 (0) > > num_contexts : 0x01 (1) > > ctx_list: ARRAY(1) > > ctx_list: struct dcerpc_ctx_list > > context_id : 0x0000 (0) > > num_transfer_syntaxes : 0x01 (1) > > abstract_syntax: struct ndr_syntax_id > > uuid : 12345778-1234-abcd- > ef00-0123456789ab > > if_version : 0x00000000 (0) > > transfer_syntaxes: ARRAY(1) > > transfer_syntaxes: struct ndr_syntax_id > > uuid : 8a885d04-1ceb- > 11c9-9fe8-08002b104860 > > if_version : 0x00000002 (2) > > auth_info : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 52 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_BIND_ACK (12) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0044 (68) > > auth_length : 0x0000 (0) > > call_id : 0x00000001 (1) > > u : union dcerpc_payload(case 12) > > bind_ack: struct dcerpc_bind_ack > > max_xmit_frag : 0x10b8 (4280) > > max_recv_frag : 0x10b8 (4280) > > assoc_group_id : 0x0012e7d2 (1238994) > > secondary_address_size : 0x000c (12) > > secondary_address : '\pipe\lsass' > > _pad1 : DATA_BLOB length=2 > > [0000] 00 00 .. > > num_results : 0x01 (1) > > ctx_list: ARRAY(1) > > ctx_list: struct dcerpc_ack_ctx > > result : > DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > > reason : union > dcerpc_bind_ack_reason(case 0) > > value : > DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > > syntax: struct ndr_syntax_id > > uuid : 8a885d04-1ceb-11c9- > 9fe8-08002b104860 > > if_version : 0x00000002 (2) > > auth_info : DATA_BLOB length=0 > > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes. > > check_bind_response: accepted! > > cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain- > controller.domain.local and bound anonymously. > > lsa_OpenPolicy: struct lsa_OpenPolicy > > in: struct lsa_OpenPolicy > > system_name : * > > system_name : 0x005c (92) > > attr : * > > attr: struct lsa_ObjectAttribute > > len : 0x00000018 (24) > > root_dir : NULL > > object_name : NULL > > attributes : 0x00000000 (0) > > sec_desc : NULL > > sec_qos : * > > sec_qos: struct lsa_QosInfo > > len : 0x0000000c (12) > > impersonation_level : 0x0002 (2) > > context_mode : 0x01 (1) > > effective_only : 0x00 (0) > > access_mask : 0x02000000 (33554432) > > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > > 0: LSA_POLICY_TRUST_ADMIN > > 0: LSA_POLICY_CREATE_ACCOUNT > > 0: LSA_POLICY_CREATE_SECRET > > 0: LSA_POLICY_CREATE_PRIVILEGE > > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > > 0: LSA_POLICY_AUDIT_LOG_ADMIN > > 0: LSA_POLICY_SERVER_ADMIN > > 0: LSA_POLICY_LOOKUP_NAMES > > 0: LSA_POLICY_NOTIFICATION > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000002 (2) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x0000002c (44) > > context_id : 0x0000 (0) > > opnum : 0x0006 (6) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 32 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0030 (48) > > auth_length : 0x0000 (0) > > call_id : 0x00000002 (2) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000018 (24) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=24 > > [0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u. > 3.. at ...] > > [0010] 01 EA 3F 01 00 00 00 00 ..?..... > > Got pdu len 48, data_len 24 > > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > > lsa_OpenPolicy: struct lsa_OpenPolicy > > out: struct lsa_OpenPolicy > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 20967512-1b33-400a-a0ce- > c95d01ea3f01 > > result : NT_STATUS_OK > > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > > in: struct lsa_QueryInfoPolicy2 > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 20967512-1b33-400a-a0ce- > c95d01ea3f01 > > level : LSA_POLICY_INFO_DNS (12) > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000003 (3) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x00000016 (22) > > context_id : 0x0000 (0) > > opnum : 0x002e (46) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 176 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x00c0 (192) > > auth_length : 0x0000 (0) > > call_id : 0x00000003 (3) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x000000a8 (168) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=168 > > > > <redacted> > > > > Got pdu len 192, data_len 168 > > rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 168 bytes. > > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > > out: struct lsa_QueryInfoPolicy2 > > info : * > > info : * > > info : union > lsa_PolicyInformation(case 12) > > dns: struct lsa_DnsDomainInfo > > name: struct lsa_StringLarge > > length : 0x0006 (6) > > size : 0x0008 (8) > > string : * > > string : 'DOMAIN' > > dns_domain: struct lsa_StringLarge > > length : 0x0012 (18) > > size : 0x0014 (20) > > string : * > > string : > 'domain.local' > > dns_forest: struct lsa_StringLarge > > length : 0x0012 (18) > > size : 0x0014 (20) > > string : * > > string : > 'domain.local' > > domain_guid : 681ea09d-d921-4581- > b653-8f8b8f4eb470 > > sid : * > > sid : S-1-5-21- > <redacted>-<redacted>-<redacted> > > result : NT_STATUS_OK > > lsa_Close: struct lsa_Close > > in: struct lsa_Close > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 20967512-1b33-400a-a0ce- > c95d01ea3f01 > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000004 (4) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x00000014 (20) > > context_id : 0x0000 (0) > > opnum : 0x0000 (0) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 32 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0030 (48) > > auth_length : 0x0000 (0) > > call_id : 0x00000004 (4) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000018 (24) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=24 > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > > [0010] 00 00 00 00 00 00 00 00 ........ > > Got pdu len 48, data_len 24 > > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > > lsa_Close: struct lsa_Close > > out: struct lsa_Close > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 00000000-0000-0000-0000- > 000000000000 > > result : NT_STATUS_OK > > signed SMB2 message > > create_local_private_krb5_conf_for_domain: fname > /var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain > DOMAIN > > saf_fetch: failed to find server for "domain.local" domain > > get_dc_list: preferred server list: ", *" > > internal_resolve_name: looking up domain.local#1c (sitename (null)) > > no entry for domain.local#1C found. > > resolve_ads: Attempting to resolve KDCs for domain.local using DNS > > ads_dns_lookup_srv: 1 records returned in the answer section. > > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100, 88] > > remove_duplicate_addrs2: looking for duplicate address/port pairs > > internal_resolve_name: returning 1 addresses: 192.168.0.34:88 > > Adding 1 DC's from auto lookup > > check_negative_conn_cache returning result 0 for domain domain.local > server 192.168.0.34 > > remove_duplicate_addrs2: looking for duplicate address/port pairs > > get_dc_list: returning 1 ip addresses in an ordered list > > get_dc_list: 192.168.0.34:88 > > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > > sbz : 0x0000 (0) > > server_type : 0x0000f3fd (62461) > > 1: NBT_SERVER_PDC > > 1: NBT_SERVER_GC > > 1: NBT_SERVER_LDAP > > 1: NBT_SERVER_DS > > 1: NBT_SERVER_KDC > > 1: NBT_SERVER_TIMESERV > > 1: NBT_SERVER_CLOSEST > > 1: NBT_SERVER_WRITABLE > > 1: NBT_SERVER_GOOD_TIMESERV > > 0: NBT_SERVER_NDNC > > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > > 1: NBT_SERVER_ADS_WEB_SERVICE > > 0: NBT_SERVER_HAS_DNS_NAME > > 0: NBT_SERVER_IS_DEFAULT_NC > > 0: NBT_SERVER_FOREST_ROOT > > domain_uuid : 681ea09d-d921-4581-b653-8f8b8f4eb470 > > forest : 'domain.local' > > dns_domain : 'domain.local' > > pdc_dns_name : 'domain-controller.domain.local' > > domain_name : 'DOMAIN' > > pdc_name : 'DOMAIN-CONTROLLER' > > user_name : '' > > server_site : 'Default-First-Site-Name' > > client_site : 'Default-First-Site-Name' > > sockaddr_size : 0x00 (0) > > sockaddr: struct nbt_sockaddr > > sockaddr_family : 0x00000000 (0) > > pdc_ip : (null) > > remaining : DATA_BLOB length=0 > > next_closest_site : NULL > > nt_version : 0x00000005 (5) > > 1: NETLOGON_NT_VERSION_1 > > 0: NETLOGON_NT_VERSION_5 > > 1: NETLOGON_NT_VERSION_5EX > > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > > 0: NETLOGON_NT_VERSION_PDC > > 0: NETLOGON_NT_VERSION_IP > > 0: NETLOGON_NT_VERSION_LOCAL > > 0: NETLOGON_NT_VERSION_GC > > lmnt_token : 0xffff (65535) > > lm20_token : 0xffff (65535) > > get_kdc_ip_string: Returning kdc = 192.168.0.34 > > > > create_local_private_krb5_conf_for_domain: wrote file > /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list > = kdc = 192.168.0.34 > > > > signed SMB2 message > > Bind RPC Pipe: host domain-controller.domain.local auth_type 0, > auth_level 1 > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_BIND (11) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0048 (72) > > auth_length : 0x0000 (0) > > call_id : 0x00000005 (5) > > u : union dcerpc_payload(case 11) > > bind: struct dcerpc_bind > > max_xmit_frag : 0x10b8 (4280) > > max_recv_frag : 0x10b8 (4280) > > assoc_group_id : 0x00000000 (0) > > num_contexts : 0x01 (1) > > ctx_list: ARRAY(1) > > ctx_list: struct dcerpc_ctx_list > > context_id : 0x0000 (0) > > num_transfer_syntaxes : 0x01 (1) > > abstract_syntax: struct ndr_syntax_id > > uuid : 12345778-1234-abcd- > ef00-0123456789ac > > if_version : 0x00000001 (1) > > transfer_syntaxes: ARRAY(1) > > transfer_syntaxes: struct ndr_syntax_id > > uuid : 8a885d04-1ceb- > 11c9-9fe8-08002b104860 > > if_version : 0x00000002 (2) > > auth_info : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 52 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_BIND_ACK (12) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0044 (68) > > auth_length : 0x0000 (0) > > call_id : 0x00000005 (5) > > u : union dcerpc_payload(case 12) > > bind_ack: struct dcerpc_bind_ack > > max_xmit_frag : 0x10b8 (4280) > > max_recv_frag : 0x10b8 (4280) > > assoc_group_id : 0x0012e7d3 (1238995) > > secondary_address_size : 0x000c (12) > > secondary_address : '\pipe\lsass' > > _pad1 : DATA_BLOB length=2 > > [0000] 02 00 .. > > num_results : 0x01 (1) > > ctx_list: ARRAY(1) > > ctx_list: struct dcerpc_ack_ctx > > result : > DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > > reason : union > dcerpc_bind_ack_reason(case 0) > > value : > DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > > syntax: struct ndr_syntax_id > > uuid : 8a885d04-1ceb-11c9- > 9fe8-08002b104860 > > if_version : 0x00000002 (2) > > auth_info : DATA_BLOB length=0 > > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes. > > check_bind_response: accepted! > > cli_rpc_pipe_open_noauth: opened pipe samr to machine domain- > controller.domain.local and bound anonymously. > > samr_Connect2: struct samr_Connect2 > > in: struct samr_Connect2 > > system_name : * > > system_name : 'domain- > controller.domain.local' > > access_mask : 0x00000030 (48) > > 0: SAMR_ACCESS_CONNECT_TO_SERVER > > 0: SAMR_ACCESS_SHUTDOWN_SERVER > > 0: SAMR_ACCESS_INITIALIZE_SERVER > > 0: SAMR_ACCESS_CREATE_DOMAIN > > 1: SAMR_ACCESS_ENUM_DOMAINS > > 1: SAMR_ACCESS_LOOKUP_DOMAIN > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000006 (6) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x00000044 (68) > > context_id : 0x0000 (0) > > opnum : 0x0039 (57) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 32 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0030 (48) > > auth_length : 0x0000 (0) > > call_id : 0x00000006 (6) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000018 (24) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=24 > > [0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y > ...C.15. > > [0010] 6F DB 2D 8C 00 00 00 00 o.-..... > > Got pdu len 48, data_len 24 > > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > > samr_Connect2: struct samr_Connect2 > > out: struct samr_Connect2 > > connect_handle : * > > connect_handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : <redacted> > > result : NT_STATUS_OK > > samr_OpenDomain: struct samr_OpenDomain > > in: struct samr_OpenDomain > > connect_handle : * > > connect_handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : <redacted> > > access_mask : 0x00000211 (529) > > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > > 1: SAMR_DOMAIN_ACCESS_CREATE_USER > > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > > sid : * > > sid : S-1-5-21-<redacted>- > <redacted>-<redacted> > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000007 (7) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x00000034 (52) > > context_id : 0x0000 (0) > > opnum : 0x0007 (7) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 32 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0030 (48) > > auth_length : 0x0000 (0) > > call_id : 0x00000007 (7) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000018 (24) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=24 > > [0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........ > P..K.b~X > > [0010] ED BE BA 7D 00 00 00 00 ...}.... > > Got pdu len 48, data_len 24 > > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > > samr_OpenDomain: struct samr_OpenDomain > > out: struct samr_OpenDomain > > domain_handle : * > > domain_handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : <redacted> > > result : NT_STATUS_OK > > Creating account with desired access mask: -536543056 > > samr_CreateUser2: struct samr_CreateUser2 > > in: struct samr_CreateUser2 > > domain_handle : * > > domain_handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : <redacted> > > account_name : * > > account_name: struct lsa_String > > length : 0x001c (28) > > size : 0x001c (28) > > string : * > > string : 'hostname$' > > acct_flags : 0x00000080 (128) > > 0: ACB_DISABLED > > 0: ACB_HOMDIRREQ > > 0: ACB_PWNOTREQ > > 0: ACB_TEMPDUP > > 0: ACB_NORMAL > > 0: ACB_MNS > > 0: ACB_DOMTRUST > > 1: ACB_WSTRUST > > 0: ACB_SVRTRUST > > 0: ACB_PWNOEXP > > 0: ACB_AUTOLOCK > > 0: ACB_ENC_TXT_PWD_ALLOWED > > 0: ACB_SMARTCARD_REQUIRED > > 0: ACB_TRUSTED_FOR_DELEGATION > > 0: ACB_NOT_DELEGATED > > 0: ACB_USE_DES_KEY_ONLY > > 0: ACB_DONT_REQUIRE_PREAUTH > > 0: ACB_PW_EXPIRED > > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > > 0: ACB_NO_AUTH_DATA_REQD > > 0: ACB_PARTIAL_SECRETS_ACCOUNT > > 0: ACB_USE_AES_KEYS > > access_mask : 0xe00500b0 (3758424240) > > 0: SAMR_USER_ACCESS_GET_NAME_ETC > > 0: SAMR_USER_ACCESS_GET_LOCALE > > 0: SAMR_USER_ACCESS_SET_LOC_COM > > 0: SAMR_USER_ACCESS_GET_LOGONINFO > > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > > 1: SAMR_USER_ACCESS_SET_PASSWORD > > 0: SAMR_USER_ACCESS_GET_GROUPS > > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000008 (8) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x0000004c (76) > > context_id : 0x0000 (0) > > opnum : 0x0032 (50) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 40 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0038 (56) > > auth_length : 0x0000 (0) > > call_id : 0x00000008 (8) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000020 (32) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=32 > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > > [0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........ > d...4... > > Got pdu len 56, data_len 32 > > rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 32 bytes. > > samr_CreateUser2: struct samr_CreateUser2 > > out: struct samr_CreateUser2 > > user_handle : * > > user_handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 00000000-0000-0000-0000- > 000000000000 > > access_granted : * > > access_granted : 0x00000000 (0) > > rid : * > > rid : 0x00000664 (1636) > > result : NT_STATUS_OBJECT_NAME_NOT_FOUND > > Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND > > samr_Close: struct samr_Close > > in: struct samr_Close > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : <redacted> > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x00000009 (9) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x00000014 (20) > > context_id : 0x0000 (0) > > opnum : 0x0001 (1) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 32 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0030 (48) > > auth_length : 0x0000 (0) > > call_id : 0x00000009 (9) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000018 (24) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=24 > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > > [0010] 00 00 00 00 00 00 00 00 ........ > > Got pdu len 48, data_len 24 > > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > > samr_Close: struct samr_Close > > out: struct samr_Close > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 00000000-0000-0000-0000- > 000000000000 > > result : NT_STATUS_OK > > samr_Close: struct samr_Close > > in: struct samr_Close > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : <redacted> > > &r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_REQUEST (0) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0018 (24) > > auth_length : 0x0000 (0) > > call_id : 0x0000000a (10) > > u : union dcerpc_payload(case 0) > > request: struct dcerpc_request > > alloc_hint : 0x00000014 (20) > > context_id : 0x0000 (0) > > opnum : 0x0001 (1) > > object : union dcerpc_object(case 0) > > empty: struct dcerpc_empty > > _pad : DATA_BLOB length=0 > > stub_and_verifier : DATA_BLOB length=0 > > rpc_api_pipe: host domain-controller.domain.local > > signed SMB2 message > > rpc_read_send: data_to_read: 32 > > r: struct ncacn_packet > > rpc_vers : 0x05 (5) > > rpc_vers_minor : 0x00 (0) > > ptype : DCERPC_PKT_RESPONSE (2) > > pfc_flags : 0x03 (3) > > 1: DCERPC_PFC_FLAG_FIRST > > 1: DCERPC_PFC_FLAG_LAST > > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > > 0: DCERPC_PFC_FLAG_CONC_MPX > > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > > 0: DCERPC_PFC_FLAG_MAYBE > > 0: DCERPC_PFC_FLAG_OBJECT_UUID > > drep: ARRAY(4) > > [0] : 0x10 (16) > > [1] : 0x00 (0) > > [2] : 0x00 (0) > > [3] : 0x00 (0) > > frag_length : 0x0030 (48) > > auth_length : 0x0000 (0) > > call_id : 0x0000000a (10) > > u : union dcerpc_payload(case 2) > > response: struct dcerpc_response > > alloc_hint : 0x00000018 (24) > > context_id : 0x0000 (0) > > cancel_count : 0x00 (0) > > _pad : DATA_BLOB length=1 > > [0000] 00 . > > stub_and_verifier : DATA_BLOB length=24 > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > > [0010] 00 00 00 00 00 00 00 00 ........ > > Got pdu len 48, data_len 24 > > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes. > > samr_Close: struct samr_Close > > out: struct samr_Close > > handle : * > > handle: struct policy_handle > > handle_type : 0x00000000 (0) > > uuid : 00000000-0000-0000-0000- > 000000000000 > > result : NT_STATUS_OK > > signed SMB2 message > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > out: struct libnet_JoinCtx > > account_name : NULL > > netbios_domain_name : 'DOMAIN' > > dns_domain_name : 'domain.local' > > forest_name : 'domain.local' > > dn : NULL > > domain_sid : * > > domain_sid : S-1-5-21-<redacted>- > <redacted>-<redacted> > > modified_config : 0x00 (0) > > error_string : 'failed to join domain > 'DOMAIN.LOCAL' over rpc: The object name is not found.' > > domain_is_ad : 0x01 (1) > > result : WERR_BADFILE > > Failed to join domain: failed to join domain 'DOMAIN.LOCAL' over rpc: > The object name is not found. > > return code = -1 > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > Have you set up /etc/krb5.conf and if so, what does it contain ? > Does your /etc/resolv.conf point at the DC ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Russell Ault
2016-Jul-19 05:04 UTC
[Samba] Debian Jessie joining AD as member fails with "The object name is not found."
Hi all!
I had originally been using a DHCP-assigned address. I have now switched to a
static IP, but that didn't solve the problem (same error message).
I'm attaching my resolv.conf, nsswitch.conf and krb5.conf files. I have not
manually altered either of them, although krb5.conf appears to have been updated
by some tool somewhere along the way because my domain is listed as the
default_realm. The output of "net ads join -UAdministrator -d10" was
attached to my first e-mail (and at over 1000 lines long I don't want to
litter people's inboxes with a second copy, to say nothing of the time it
takes to sanitize that much output) and the output of the "-S
domain-controller.domain.local" version of the command produces an
apparently identical output, so I haven't included it either.
root at host:~# cat /etc/resolv.conf
domain my-domain.local
search my-domain.local
nameserver 192.168.0.34
root at host:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
root at host:~# cat /etc/krb5.conf
[libdefaults]
default_realm = MY-DOMAIN.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = kerberos.andrew.cmu.edu
kdc = kerberos2.andrew.cmu.edu
kdc = kerberos3.andrew.cmu.edu
admin_server = kerberos.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementix.org
kdc = kerberos2.dementix.org
admin_server = kerberos.dementix.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
master_kdc = krb5auth1.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
UTORONTO.CA = {
kdc = kerberos1.utoronto.ca
kdc = kerberos2.utoronto.ca
kdc = kerberos3.utoronto.ca
admin_server = kerberos1.utoronto.ca
default_domain = utoronto.ca
}
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
.toronto.edu = UTORONTO.CA
.utoronto.ca = UTORONTO.CA
[login]
krb4_convert = true
krb4_get_tickets = false
I agree that the join is reaching AD before failing, which is why I'm
beginning to suspect that there's a configuration issue with the domain
itself that is preventing the Samba join, but if there is such a problem, it
hasn't caused any issues when joining Windows clients. Are there certain
specific configuration requirements of a Windows Server-based AD that are
required to join a Samba client? I've already given all my users (including
the administrator user I'm using to try the net ads join command with)
RFC2307 UID and GID numbers. Is there anything else I have to do?
Thanks!
Sincerely,
Russell Ault
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van
Belle
Sent: July 18, 2016 02:26
To: samba at lists.samba.org
Subject: Re: [Samba] Debian Jessie joining AD as member fails with "The
object name is not found."
I'll bet static ip, with correct resolv.conf hosts and nsswitch.conf and
krb5.conf.
This must be the clue... > Creation of workstation account failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
So the join reaches the AD but here something happens.
Russelt, can you try again with debug 10 and post both logs.
net ads join -UAdministrator
and
net ads join -UAdministratos -S YOUR_ADDC.domain.tld.
Or if i may say mail them to Rowland.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: maandag 18 juli 2016 9:57
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Debian Jessie joining AD as member fails with
"The
> object name is not found."
>
> On 18/07/16 06:08, Russell Ault wrote:
> > Hi all!
> >
> > To clarify, it must have been removed from the copy-pasta, but “net
ads
> join -U” did produce a password prompt as expected.
> >
> > The dig command produced the following:
> >
> > root at host:~$ dig -t SRV _ldap._tcp.domain.local
> >
> > ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t SRV
_ldap._tcp.domain.local
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35393
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
2
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4000
> > ;; QUESTION SECTION:
> > ;_ldap._tcp.domain.local. IN SRV
> >
> > ;; ANSWER SECTION:
> > _ldap._tcp.domain.local. 600 IN SRV 0 100 389 domain-
> controller.domain.local.
> >
> > ;; ADDITIONAL SECTION:
> > domain-controller.domain.local. 3600 IN A 192.168.0.34
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 192.168.0.34#53(192.168.0.34)
> > ;; WHEN: Sun Jul 17 23:23:47 MDT 2016
> > ;; MSG SIZE rcvd: 107
> >
> > And "kinit administrator" gave me a valid ticket according
to klist.
> >
> > When I ran "net ads join -k" I got the same error:
"Failed to join
> domain: failed to join domain 'DOMAIN.LOCAL' over rpc: The object
name is
> not found." The -d10 output looks pretty much like the one I posted in
my
> first e-mail message.
> >
> > Any thoughts? Is there something in my domain that could be
> misconfigured? What does "The object name is not found." even
mean?
> >
> > Thanks!
> >
> > Sincerely,
> >
> > Russell Ault
> >
> > From: mathias dufresne [mailto:infractory at gmail.com]
> > Sent: July 11, 2016 06:53
> > To: Russell Ault
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Debian Jessie joining AD as member fails with
"The
> object name is not found."
> >
> > I found strange to not see password prompt right after your "net
ads
> join" command. As you did used -U a password should have been asked,
at
> least that's what I believe.
> > Before joining AD your Linux must be well configured. DNS and Kerberos
> are the first points.
> > DNS:
> > dig -t SRV _ldap._tcp.<your>.<domain>.<tld>
> > must work.
> > Kerberos:
> > kinit administartor
> > must also work.
> > Then once these commands worked you should have a valid kerberos
ticket
> (generated during kinit). You can verify Kerbreos ticket status with
> "klist", if you have one valid you can retry net ads join using
kerberos
> auth:
> > net ads join -k
> >
> > 2016-07-10 8:32 GMT+02:00 Russell Ault <russell at auksnest.ca>:
> > Hi all!
> >
> > I'm trying to join Debian Jessie to an existing AD domain as a
member
> server (AD DC is Server 2012R2) to run it as a file server. I installed
> acl, samba, winbind, libnss-winbind, and krb5-user using APT, and
> configured /etc/samba/smb.conf according to the Samba wiki article.
> >
> > The error the join command is producing is " Failed to join
domain:
> failed to join domain 'DOMAIN.LOCAL' over rpc: The object name is
not
> found." which isn't an error message that appeared in any of my
searching,
> so I'm pretty stumped. I've attached my smb.conf and -d10 command
output.
> Any thoughts?
> >
> > Thanks!
> >
> > Sincerely,
> >
> > Russell Ault
> >
> >
> > Here is my (sanitized) smb.conf:
> >
> > [global]
> > netbios name = HOSTNAME
> > security = ADS
> > workgroup = DOMAIN
> > realm = DOMAIN.LOCAL
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 2000-9999
> >
> > idmap config DOMAIN:backend = ad
> > idmap config DOMAIN:schema_mode = rfc2307
> > idmap config DOMAIN:range = 10000-99999
> >
> > winbind nss info = template
> > template shell = /bin/bash
> > template homedir = /home/%U
> >
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > store dos attributes = yes
> >
> > [storage]
> > path = /path
> > read only = no
> > admin users = "@DOMAIN\Domain Admins"
> >
> >
> > Here's the (sanitized) output of trying to join the domain:
> > root at hostname:~# net ads join -U administrator -d10
> > INFO: Current debug levels:
> > all: 10
> > tdb: 10
> > printdrivers: 10
> > lanman: 10
> > smb: 10
> > rpc_parse: 10
> > rpc_srv: 10
> > rpc_cli: 10
> > passdb: 10
> > sam: 10
> > auth: 10
> > winbind: 10
> > vfs: 10
> > idmap: 10
> > quota: 10
> > acls: 10
> > locking: 10
> > msdfs: 10
> > dmapi: 10
> > registry: 10
> > scavenger: 10
> > dns: 10
> > ldb: 10
> > lp_load_ex: refreshing parameters
> > Initialising global parameters
> > INFO: Current debug levels:
> > all: 10
> > tdb: 10
> > printdrivers: 10
> > lanman: 10
> > smb: 10
> > rpc_parse: 10
> > rpc_srv: 10
> > rpc_cli: 10
> > passdb: 10
> > sam: 10
> > auth: 10
> > winbind: 10
> > vfs: 10
> > idmap: 10
> > quota: 10
> > acls: 10
> > locking: 10
> > msdfs: 10
> > dmapi: 10
> > registry: 10
> > scavenger: 10
> > dns: 10
> > ldb: 10
> > Processing section "[global]"
> > doing parameter netbios name = HOSTNAME
> > doing parameter security = ADS
> > doing parameter workgroup = DOMAIN
> > doing parameter realm = DOMAIN.LOCAL
> > doing parameter idmap config *:backend = tdb
> > doing parameter idmap config *:range = 2000-9999
> > doing parameter idmap config DOMAIN:backend = ad
> > doing parameter idmap config DOMAIN:schema_mode = rfc2307
> > doing parameter idmap config DOMAIN:range = 10000-99999
> > doing parameter winbind nss info = template
> > doing parameter template shell = /bin/bash
> > doing parameter template homedir = /home/%U
> > doing parameter vfs objects = acl_xattr
> > doing parameter map acl inherit = yes
> > doing parameter store dos attributes = yes
> > pm_process() returned Yes
> > lp_servicenumber: couldn't find homes
> > Netbios name list:-
> > my_netbios_names[0]="HOSTNAME"
> > added interface eth0 ip=192.168.0.37 bcast=192.168.0.255
> netmask=255.255.255.0
> > Registering messaging pointer for type 2 - private_data=(nil)
> > Registering messaging pointer for type 9 - private_data=(nil)
> > Registered MSG_REQ_POOL_USAGE
> > Registering messaging pointer for type 11 - private_data=(nil)
> > Registering messaging pointer for type 12 - private_data=(nil)
> > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > Registering messaging pointer for type 1 - private_data=(nil)
> > Registering messaging pointer for type 5 - private_data=(nil)
> > Enter administrator's password:
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > in: struct libnet_JoinCtx
> > dc_name : NULL
> > machine_name : 'HOSTNAME'
> > domain_name : *
> > domain_name : 'DOMAIN.LOCAL'
> > account_ou : NULL
> > admin_account : 'administrator'
> > admin_domain : NULL
> > machine_password : NULL
> > join_flags : 0x00000023 (35)
> > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> > os_version : NULL
> > os_name : NULL
> > create_upn : 0x00 (0)
> > upn : NULL
> > modify_config : 0x00 (0)
> > ads : NULL
> > debug : 0x01 (1)
> > use_kerberos : 0x00 (0)
> > secure_channel_type : SEC_CHAN_WKSTA (2)
> > Opening cache file at /var/cache/samba/gencache.tdb
> > Opening cache file at /var/run/samba/gencache_notrans.tdb
> > sitename_fetch: Returning sitename for DOMAIN.LOCAL:
"Default-First-
> Site-Name"
> > dsgetdcname_internal: domain_name: DOMAIN.LOCAL, domain_guid: (null),
> site_name: Default-First-Site-Name, flags: 0x40001011
> > debug_dsdcinfo_flags: 0x40001011
> > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED
> DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
> > dsgetdcname_rediscover
> > ads_dns_lookup_srv: 1 records returned in the answer section.
> > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100,
> 389]
> > LDAP ping to domain-controller.domain.local (192.168.0.34)
> > &response->data.nt5_ex: struct
NETLOGON_SAM_LOGON_RESPONSE_EX
> > command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> > sbz : 0x0000 (0)
> > server_type : 0x0000f3fd (62461)
> > 1: NBT_SERVER_PDC
> > 1: NBT_SERVER_GC
> > 1: NBT_SERVER_LDAP
> > 1: NBT_SERVER_DS
> > 1: NBT_SERVER_KDC
> > 1: NBT_SERVER_TIMESERV
> > 1: NBT_SERVER_CLOSEST
> > 1: NBT_SERVER_WRITABLE
> > 1: NBT_SERVER_GOOD_TIMESERV
> > 0: NBT_SERVER_NDNC
> > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> > 1: NBT_SERVER_ADS_WEB_SERVICE
> > 0: NBT_SERVER_HAS_DNS_NAME
> > 0: NBT_SERVER_IS_DEFAULT_NC
> > 0: NBT_SERVER_FOREST_ROOT
> > domain_uuid :
681ea09d-d921-4581-b653-8f8b8f4eb470
> > forest : 'domain.local'
> > dns_domain : 'domain.local'
> > pdc_dns_name :
'domain-controller.domain.local'
> > domain_name : 'DOMAIN'
> > pdc_name : 'DOMAIN-CONTROLLER'
> > user_name : ''
> > server_site : 'Default-First-Site-Name'
> > client_site : 'Default-First-Site-Name'
> > sockaddr_size : 0x00 (0)
> > sockaddr: struct nbt_sockaddr
> > sockaddr_family : 0x00000000 (0)
> > pdc_ip : (null)
> > remaining : DATA_BLOB length=0
> > next_closest_site : NULL
> > nt_version : 0x00000005 (5)
> > 1: NETLOGON_NT_VERSION_1
> > 0: NETLOGON_NT_VERSION_5
> > 1: NETLOGON_NT_VERSION_5EX
> > 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> > 0: NETLOGON_NT_VERSION_PDC
> > 0: NETLOGON_NT_VERSION_IP
> > 0: NETLOGON_NT_VERSION_LOCAL
> > 0: NETLOGON_NT_VERSION_GC
> > lmnt_token : 0xffff (65535)
> > lm20_token : 0xffff (65535)
> > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN, we already got it
> > sitename_store: realm = [DOMAIN], sitename =
[Default-First-Site-Name],
> expire = [2085923199]
> > Did not store value for AD_SITENAME/DOMAIN/DOMAIN, we already got it
> > Did not store value for DSGETDCNAME/DOMAIN/DOMAIN.LOCAL, we already
got
> it
> > sitename_store: realm = [domain.local], sitename =
[Default-First-Site-
> Name], expire = [2085923199]
> > Did not store value for AD_SITENAME/DOMAIN/DOMAIN.LOCAL, we already
got
> it
> > sitename_fetch: Returning sitename for DOMAIN.LOCAL:
"Default-First-
> Site-Name"
> > internal_resolve_name: looking up domain-controller.domain.local#20
> (sitename Default-First-Site-Name)
> > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20]
and
> timeout=[Wed Dec 31 05:00:00 PM 1969 MST] (-1468131016 seconds in the
> past)
> > no entry for domain-controller.domain.local#20 found.
> > resolve_lmhosts: Attempting lmhosts lookup for name domain-
> controller.domain.local<0x20>
> > resolve_lmhosts: Attempting lmhosts lookup for name domain-
> controller.domain.local<0x20>
> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error
was No
> such file or directory
> > resolve_wins: WINS server resolution selected and no WINS servers
> listed.
> > resolve_hosts: Attempting host lookup for name domain-
> controller.domain.local<0x20>
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > namecache_store: storing 1 address for domain-
> controller.domain.local#20: 192.168.0.34
> > Adding cache entry with key=[NBT/DOMAIN-CONTROLLER.DOMAIN.LOCAL#20]
and
> timeout=[Sun Jul 10 12:21:16 AM 2016 MDT] (660 seconds ahead)
> > internal_resolve_name: returning 1 addresses: 192.168.0.34:0
> > Connecting to 192.168.0.34 at port 445
> > Socket options:
> > SO_KEEPALIVE = 0
> > SO_REUSEADDR = 0
> > SO_BROADCAST = 0
> > TCP_NODELAY = 1
> > TCP_KEEPCNT = 9
> > TCP_KEEPIDLE = 7200
> > TCP_KEEPINTVL = 75
> > IPTOS_LOWDELAY = 0
> > IPTOS_THROUGHPUT = 0
> > SO_REUSEPORT = 0
> > SO_SNDBUF = 87040
> > SO_RCVBUF = 372480
> > SO_SNDLOWAT = 1
> > SO_RCVLOWAT = 1
> > SO_SNDTIMEO = 0
> > SO_RCVTIMEO = 0
> > TCP_QUICKACK = 1
> > TCP_DEFER_ACCEPT = 0
> > Doing spnego session setup (blob length=120)
> > got OID=1.3.6.1.4.1.311.2.2.30
> > got OID=1.2.840.48018.1.2.2
> > got OID=1.2.840.113554.1.2.2
> > got OID=1.2.840.113554.1.2.2.3
> > got OID=1.3.6.1.4.1.311.2.2.10
> > got principal=not_defined_in_RFC4178 at please_ignore
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'ntlmssp_resume_ccache' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > Starting GENSEC mechanism spnego
> > Starting GENSEC submechanism ntlmssp
> > negotiate: struct NEGOTIATE_MESSAGE
> > Signature : 'NTLMSSP'
> > MessageType : NtLmNegotiate (1)
> > NegotiateFlags : 0x62088215 (1644724757)
> > 1: NTLMSSP_NEGOTIATE_UNICODE
> > 0: NTLMSSP_NEGOTIATE_OEM
> > 1: NTLMSSP_REQUEST_TARGET
> > 1: NTLMSSP_NEGOTIATE_SIGN
> > 0: NTLMSSP_NEGOTIATE_SEAL
> > 0: NTLMSSP_NEGOTIATE_DATAGRAM
> > 0: NTLMSSP_NEGOTIATE_LM_KEY
> > 0: NTLMSSP_NEGOTIATE_NETWARE
> > 1: NTLMSSP_NEGOTIATE_NTLM
> > 0: NTLMSSP_NEGOTIATE_NT_ONLY
> > 0: NTLMSSP_ANONYMOUS
> > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > 0: NTLMSSP_TARGET_TYPE_DOMAIN
> > 0: NTLMSSP_TARGET_TYPE_SERVER
> > 0: NTLMSSP_TARGET_TYPE_SHARE
> > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > 0: NTLMSSP_NEGOTIATE_IDENTIFY
> > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> > 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> > 1: NTLMSSP_NEGOTIATE_VERSION
> > 1: NTLMSSP_NEGOTIATE_128
> > 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> > 0: NTLMSSP_NEGOTIATE_56
> > DomainNameLen : 0x0000 (0)
> > DomainNameMaxLen : 0x0000 (0)
> > DomainName : *
> > DomainName : ''
> > WorkstationLen : 0x0000 (0)
> > WorkstationMaxLen : 0x0000 (0)
> > Workstation : *
> > Workstation : ''
> > Version: struct ntlmssp_VERSION
> > ProductMajorVersion :
NTLMSSP_WINDOWS_MAJOR_VERSION_6
> (6)
> > ProductMinorVersion :
NTLMSSP_WINDOWS_MINOR_VERSION_1
> (1)
> > ProductBuild : 0x0000 (0)
> > Reserved: ARRAY(3)
> > [0] : 0x00 (0)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
> > Got challenge flags:
> > Got NTLMSSP neg_flags=0x62898215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_TARGET_TYPE_DOMAIN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_TARGET_INFO
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > NTLMSSP: Set final flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > ntlmssp_check_packet: NTLMSSP signature OK !
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP_NEGOTIATE_UNICODE
> > NTLMSSP_REQUEST_TARGET
> > NTLMSSP_NEGOTIATE_SIGN
> > NTLMSSP_NEGOTIATE_NTLM
> > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > NTLMSSP_NEGOTIATE_VERSION
> > NTLMSSP_NEGOTIATE_128
> > NTLMSSP_NEGOTIATE_KEY_EXCH
> > signed SMB2 message
> > signed SMB2 message
> > cli_init_creds: user administrator domain
> > signed SMB2 message
> > Bind RPC Pipe: host domain-controller.domain.local auth_type 0,
> auth_level 1
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND (11)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0048 (72)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000001 (1)
> > u : union dcerpc_payload(case 11)
> > bind: struct dcerpc_bind
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x00000000 (0)
> > num_contexts : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ctx_list
> > context_id : 0x0000 (0)
> > num_transfer_syntaxes : 0x01 (1)
> > abstract_syntax: struct ndr_syntax_id
> > uuid :
12345778-1234-abcd-
> ef00-0123456789ab
> > if_version : 0x00000000 (0)
> > transfer_syntaxes: ARRAY(1)
> > transfer_syntaxes: struct ndr_syntax_id
> > uuid : 8a885d04-1ceb-
> 11c9-9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 52
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND_ACK (12)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0044 (68)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000001 (1)
> > u : union dcerpc_payload(case 12)
> > bind_ack: struct dcerpc_bind_ack
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x0012e7d2 (1238994)
> > secondary_address_size : 0x000c (12)
> > secondary_address : '\pipe\lsass'
> > _pad1 : DATA_BLOB length=2
> > [0000] 00 00 ..
> > num_results : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ack_ctx
> > result :
> DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
> > reason : union
> dcerpc_bind_ack_reason(case 0)
> > value :
> DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
> > syntax: struct ndr_syntax_id
> > uuid :
8a885d04-1ceb-11c9-
> 9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
> > check_bind_response: accepted!
> > cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine domain-
> controller.domain.local and bound anonymously.
> > lsa_OpenPolicy: struct lsa_OpenPolicy
> > in: struct lsa_OpenPolicy
> > system_name : *
> > system_name : 0x005c (92)
> > attr : *
> > attr: struct lsa_ObjectAttribute
> > len : 0x00000018 (24)
> > root_dir : NULL
> > object_name : NULL
> > attributes : 0x00000000 (0)
> > sec_desc : NULL
> > sec_qos : *
> > sec_qos: struct lsa_QosInfo
> > len : 0x0000000c
(12)
> > impersonation_level : 0x0002 (2)
> > context_mode : 0x01 (1)
> > effective_only : 0x00 (0)
> > access_mask : 0x02000000 (33554432)
> > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
> > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
> > 0: LSA_POLICY_GET_PRIVATE_INFORMATION
> > 0: LSA_POLICY_TRUST_ADMIN
> > 0: LSA_POLICY_CREATE_ACCOUNT
> > 0: LSA_POLICY_CREATE_SECRET
> > 0: LSA_POLICY_CREATE_PRIVILEGE
> > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
> > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
> > 0: LSA_POLICY_AUDIT_LOG_ADMIN
> > 0: LSA_POLICY_SERVER_ADMIN
> > 0: LSA_POLICY_LOOKUP_NAMES
> > 0: LSA_POLICY_NOTIFICATION
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000002 (2)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x0000002c (44)
> > context_id : 0x0000 (0)
> > opnum : 0x0006 (6)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000002 (2)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 12 75 96 20 33 1B 0A 40 A0 CE C9 5D .....u.
> 3.. at ...]
> > [0010] 01 EA 3F 01 00 00 00 00 ..?.....
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > lsa_OpenPolicy: struct lsa_OpenPolicy
> > out: struct lsa_OpenPolicy
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
20967512-1b33-400a-a0ce-
> c95d01ea3f01
> > result : NT_STATUS_OK
> > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> > in: struct lsa_QueryInfoPolicy2
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
20967512-1b33-400a-a0ce-
> c95d01ea3f01
> > level : LSA_POLICY_INFO_DNS (12)
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000003 (3)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000016 (22)
> > context_id : 0x0000 (0)
> > opnum : 0x002e (46)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 176
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x00c0 (192)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000003 (3)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x000000a8 (168)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=168
> >
> > <redacted>
> >
> > Got pdu len 192, data_len 168
> > rpc_api_pipe: got frag len of 192 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 168 bytes.
> > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> > out: struct lsa_QueryInfoPolicy2
> > info : *
> > info : *
> > info : union
> lsa_PolicyInformation(case 12)
> > dns: struct lsa_DnsDomainInfo
> > name: struct lsa_StringLarge
> > length : 0x0006 (6)
> > size : 0x0008 (8)
> > string : *
> > string :
'DOMAIN'
> > dns_domain: struct lsa_StringLarge
> > length : 0x0012 (18)
> > size : 0x0014 (20)
> > string : *
> > string :
> 'domain.local'
> > dns_forest: struct lsa_StringLarge
> > length : 0x0012 (18)
> > size : 0x0014 (20)
> > string : *
> > string :
> 'domain.local'
> > domain_guid :
681ea09d-d921-4581-
> b653-8f8b8f4eb470
> > sid : *
> > sid : S-1-5-21-
> <redacted>-<redacted>-<redacted>
> > result : NT_STATUS_OK
> > lsa_Close: struct lsa_Close
> > in: struct lsa_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
20967512-1b33-400a-a0ce-
> c95d01ea3f01
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000004 (4)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000014 (20)
> > context_id : 0x0000 (0)
> > opnum : 0x0000 (0)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000004 (4)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 ........
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > lsa_Close: struct lsa_Close
> > out: struct lsa_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
00000000-0000-0000-0000-
> 000000000000
> > result : NT_STATUS_OK
> > signed SMB2 message
> > create_local_private_krb5_conf_for_domain: fname >
/var/run/samba/smb_krb5/krb5.conf.DOMAIN, realm = domain.local, domain >
DOMAIN
> > saf_fetch: failed to find server for "domain.local" domain
> > get_dc_list: preferred server list: ", *"
> > internal_resolve_name: looking up domain.local#1c (sitename (null))
> > no entry for domain.local#1C found.
> > resolve_ads: Attempting to resolve KDCs for domain.local using DNS
> > ads_dns_lookup_srv: 1 records returned in the answer section.
> > ads_dns_parse_rr_srv: Parsed domain-controller.domain.local [0, 100,
88]
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > internal_resolve_name: returning 1 addresses: 192.168.0.34:88
> > Adding 1 DC's from auto lookup
> > check_negative_conn_cache returning result 0 for domain domain.local
> server 192.168.0.34
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > get_dc_list: returning 1 ip addresses in an ordered list
> > get_dc_list: 192.168.0.34:88
> > &response->data.nt5_ex: struct
NETLOGON_SAM_LOGON_RESPONSE_EX
> > command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> > sbz : 0x0000 (0)
> > server_type : 0x0000f3fd (62461)
> > 1: NBT_SERVER_PDC
> > 1: NBT_SERVER_GC
> > 1: NBT_SERVER_LDAP
> > 1: NBT_SERVER_DS
> > 1: NBT_SERVER_KDC
> > 1: NBT_SERVER_TIMESERV
> > 1: NBT_SERVER_CLOSEST
> > 1: NBT_SERVER_WRITABLE
> > 1: NBT_SERVER_GOOD_TIMESERV
> > 0: NBT_SERVER_NDNC
> > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> > 1: NBT_SERVER_ADS_WEB_SERVICE
> > 0: NBT_SERVER_HAS_DNS_NAME
> > 0: NBT_SERVER_IS_DEFAULT_NC
> > 0: NBT_SERVER_FOREST_ROOT
> > domain_uuid :
681ea09d-d921-4581-b653-8f8b8f4eb470
> > forest : 'domain.local'
> > dns_domain : 'domain.local'
> > pdc_dns_name :
'domain-controller.domain.local'
> > domain_name : 'DOMAIN'
> > pdc_name : 'DOMAIN-CONTROLLER'
> > user_name : ''
> > server_site : 'Default-First-Site-Name'
> > client_site : 'Default-First-Site-Name'
> > sockaddr_size : 0x00 (0)
> > sockaddr: struct nbt_sockaddr
> > sockaddr_family : 0x00000000 (0)
> > pdc_ip : (null)
> > remaining : DATA_BLOB length=0
> > next_closest_site : NULL
> > nt_version : 0x00000005 (5)
> > 1: NETLOGON_NT_VERSION_1
> > 0: NETLOGON_NT_VERSION_5
> > 1: NETLOGON_NT_VERSION_5EX
> > 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> > 0: NETLOGON_NT_VERSION_PDC
> > 0: NETLOGON_NT_VERSION_IP
> > 0: NETLOGON_NT_VERSION_LOCAL
> > 0: NETLOGON_NT_VERSION_GC
> > lmnt_token : 0xffff (65535)
> > lm20_token : 0xffff (65535)
> > get_kdc_ip_string: Returning kdc = 192.168.0.34
> >
> > create_local_private_krb5_conf_for_domain: wrote file
> /var/run/samba/smb_krb5/krb5.conf.DOMAIN with realm DOMAIN.LOCAL KDC list
> = kdc = 192.168.0.34
> >
> > signed SMB2 message
> > Bind RPC Pipe: host domain-controller.domain.local auth_type 0,
> auth_level 1
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND (11)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0048 (72)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000005 (5)
> > u : union dcerpc_payload(case 11)
> > bind: struct dcerpc_bind
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x00000000 (0)
> > num_contexts : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ctx_list
> > context_id : 0x0000 (0)
> > num_transfer_syntaxes : 0x01 (1)
> > abstract_syntax: struct ndr_syntax_id
> > uuid :
12345778-1234-abcd-
> ef00-0123456789ac
> > if_version : 0x00000001 (1)
> > transfer_syntaxes: ARRAY(1)
> > transfer_syntaxes: struct ndr_syntax_id
> > uuid : 8a885d04-1ceb-
> 11c9-9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 52
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_BIND_ACK (12)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0044 (68)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000005 (5)
> > u : union dcerpc_payload(case 12)
> > bind_ack: struct dcerpc_bind_ack
> > max_xmit_frag : 0x10b8 (4280)
> > max_recv_frag : 0x10b8 (4280)
> > assoc_group_id : 0x0012e7d3 (1238995)
> > secondary_address_size : 0x000c (12)
> > secondary_address : '\pipe\lsass'
> > _pad1 : DATA_BLOB length=2
> > [0000] 02 00 ..
> > num_results : 0x01 (1)
> > ctx_list: ARRAY(1)
> > ctx_list: struct dcerpc_ack_ctx
> > result :
> DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
> > reason : union
> dcerpc_bind_ack_reason(case 0)
> > value :
> DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
> > syntax: struct ndr_syntax_id
> > uuid :
8a885d04-1ceb-11c9-
> 9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > auth_info : DATA_BLOB length=0
> > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 68 bytes.
> > check_bind_response: accepted!
> > cli_rpc_pipe_open_noauth: opened pipe samr to machine domain-
> controller.domain.local and bound anonymously.
> > samr_Connect2: struct samr_Connect2
> > in: struct samr_Connect2
> > system_name : *
> > system_name : 'domain-
> controller.domain.local'
> > access_mask : 0x00000030 (48)
> > 0: SAMR_ACCESS_CONNECT_TO_SERVER
> > 0: SAMR_ACCESS_SHUTDOWN_SERVER
> > 0: SAMR_ACCESS_INITIALIZE_SERVER
> > 0: SAMR_ACCESS_CREATE_DOMAIN
> > 1: SAMR_ACCESS_ENUM_DOMAINS
> > 1: SAMR_ACCESS_LOOKUP_DOMAIN
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000006 (6)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000044 (68)
> > context_id : 0x0000 (0)
> > opnum : 0x0039 (57)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000006 (6)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 96 BA 08 79 09 9E B8 43 99 31 35 E3 .......y
> ...C.15.
> > [0010] 6F DB 2D 8C 00 00 00 00 o.-.....
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_Connect2: struct samr_Connect2
> > out: struct samr_Connect2
> > connect_handle : *
> > connect_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > result : NT_STATUS_OK
> > samr_OpenDomain: struct samr_OpenDomain
> > in: struct samr_OpenDomain
> > connect_handle : *
> > connect_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > access_mask : 0x00000211 (529)
> > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
> > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
> > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
> > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
> > 1: SAMR_DOMAIN_ACCESS_CREATE_USER
> > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
> > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
> > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
> > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
> > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
> > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
> > sid : *
> > sid : S-1-5-21-<redacted>-
> <redacted>-<redacted>
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000007 (7)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000034 (52)
> > context_id : 0x0000 (0)
> > opnum : 0x0007 (7)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000007 (7)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 BB BF DA CA 50 F9 95 4B 9C 62 7E 58 ........
> P..K.b~X
> > [0010] ED BE BA 7D 00 00 00 00 ...}....
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_OpenDomain: struct samr_OpenDomain
> > out: struct samr_OpenDomain
> > domain_handle : *
> > domain_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > result : NT_STATUS_OK
> > Creating account with desired access mask: -536543056
> > samr_CreateUser2: struct samr_CreateUser2
> > in: struct samr_CreateUser2
> > domain_handle : *
> > domain_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > account_name : *
> > account_name: struct lsa_String
> > length : 0x001c (28)
> > size : 0x001c (28)
> > string : *
> > string :
'hostname$'
> > acct_flags : 0x00000080 (128)
> > 0: ACB_DISABLED
> > 0: ACB_HOMDIRREQ
> > 0: ACB_PWNOTREQ
> > 0: ACB_TEMPDUP
> > 0: ACB_NORMAL
> > 0: ACB_MNS
> > 0: ACB_DOMTRUST
> > 1: ACB_WSTRUST
> > 0: ACB_SVRTRUST
> > 0: ACB_PWNOEXP
> > 0: ACB_AUTOLOCK
> > 0: ACB_ENC_TXT_PWD_ALLOWED
> > 0: ACB_SMARTCARD_REQUIRED
> > 0: ACB_TRUSTED_FOR_DELEGATION
> > 0: ACB_NOT_DELEGATED
> > 0: ACB_USE_DES_KEY_ONLY
> > 0: ACB_DONT_REQUIRE_PREAUTH
> > 0: ACB_PW_EXPIRED
> > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
> > 0: ACB_NO_AUTH_DATA_REQD
> > 0: ACB_PARTIAL_SECRETS_ACCOUNT
> > 0: ACB_USE_AES_KEYS
> > access_mask : 0xe00500b0 (3758424240)
> > 0: SAMR_USER_ACCESS_GET_NAME_ETC
> > 0: SAMR_USER_ACCESS_GET_LOCALE
> > 0: SAMR_USER_ACCESS_SET_LOC_COM
> > 0: SAMR_USER_ACCESS_GET_LOGONINFO
> > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES
> > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES
> > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD
> > 1: SAMR_USER_ACCESS_SET_PASSWORD
> > 0: SAMR_USER_ACCESS_GET_GROUPS
> > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
> > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000008 (8)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x0000004c (76)
> > context_id : 0x0000 (0)
> > opnum : 0x0032 (50)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 40
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0038 (56)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000008 (8)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000020 (32)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=32
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 64 06 00 00 34 00 00 C0 ........
> d...4...
> > Got pdu len 56, data_len 32
> > rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 32 bytes.
> > samr_CreateUser2: struct samr_CreateUser2
> > out: struct samr_CreateUser2
> > user_handle : *
> > user_handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
00000000-0000-0000-0000-
> 000000000000
> > access_granted : *
> > access_granted : 0x00000000 (0)
> > rid : *
> > rid : 0x00000664 (1636)
> > result :
NT_STATUS_OBJECT_NAME_NOT_FOUND
> > Creation of workstation account failed:
NT_STATUS_OBJECT_NAME_NOT_FOUND
> > samr_Close: struct samr_Close
> > in: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000009 (9)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000014 (20)
> > context_id : 0x0000 (0)
> > opnum : 0x0001 (1)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x00000009 (9)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 ........
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_Close: struct samr_Close
> > out: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
00000000-0000-0000-0000-
> 000000000000
> > result : NT_STATUS_OK
> > samr_Close: struct samr_Close
> > in: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid : <redacted>
> > &r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_REQUEST (0)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0018 (24)
> > auth_length : 0x0000 (0)
> > call_id : 0x0000000a (10)
> > u : union dcerpc_payload(case 0)
> > request: struct dcerpc_request
> > alloc_hint : 0x00000014 (20)
> > context_id : 0x0000 (0)
> > opnum : 0x0001 (1)
> > object : union dcerpc_object(case 0)
> > empty: struct dcerpc_empty
> > _pad : DATA_BLOB length=0
> > stub_and_verifier : DATA_BLOB length=0
> > rpc_api_pipe: host domain-controller.domain.local
> > signed SMB2 message
> > rpc_read_send: data_to_read: 32
> > r: struct ncacn_packet
> > rpc_vers : 0x05 (5)
> > rpc_vers_minor : 0x00 (0)
> > ptype : DCERPC_PKT_RESPONSE (2)
> > pfc_flags : 0x03 (3)
> > 1: DCERPC_PFC_FLAG_FIRST
> > 1: DCERPC_PFC_FLAG_LAST
> > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
> > 0: DCERPC_PFC_FLAG_CONC_MPX
> > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
> > 0: DCERPC_PFC_FLAG_MAYBE
> > 0: DCERPC_PFC_FLAG_OBJECT_UUID
> > drep: ARRAY(4)
> > [0] : 0x10 (16)
> > [1] : 0x00 (0)
> > [2] : 0x00 (0)
> > [3] : 0x00 (0)
> > frag_length : 0x0030 (48)
> > auth_length : 0x0000 (0)
> > call_id : 0x0000000a (10)
> > u : union dcerpc_payload(case 2)
> > response: struct dcerpc_response
> > alloc_hint : 0x00000018 (24)
> > context_id : 0x0000 (0)
> > cancel_count : 0x00 (0)
> > _pad : DATA_BLOB length=1
> > [0000] 00 .
> > stub_and_verifier : DATA_BLOB length=24
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
> ........
> > [0010] 00 00 00 00 00 00 00 00 ........
> > Got pdu len 48, data_len 24
> > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
> > rpc_api_pipe: host domain-controller.domain.local returned 24 bytes.
> > samr_Close: struct samr_Close
> > out: struct samr_Close
> > handle : *
> > handle: struct policy_handle
> > handle_type : 0x00000000 (0)
> > uuid :
00000000-0000-0000-0000-
> 000000000000
> > result : NT_STATUS_OK
> > signed SMB2 message
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > out: struct libnet_JoinCtx
> > account_name : NULL
> > netbios_domain_name : 'DOMAIN'
> > dns_domain_name : 'domain.local'
> > forest_name : 'domain.local'
> > dn : NULL
> > domain_sid : *
> > domain_sid : S-1-5-21-<redacted>-
> <redacted>-<redacted>
> > modified_config : 0x00 (0)
> > error_string : 'failed to join domain
> 'DOMAIN.LOCAL' over rpc: The object name is not found.'
> > domain_is_ad : 0x01 (1)
> > result : WERR_BADFILE
> > Failed to join domain: failed to join domain 'DOMAIN.LOCAL'
over rpc:
> The object name is not found.
> > return code = -1
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
> Have you set up /etc/krb5.conf and if so, what does it contain ?
> Does your /etc/resolv.conf point at the DC ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Debian Jessie joining AD as member fails with "The object name is not found."
- Debian Jessie joining AD as member fails with "The object name is not found."
- net ads testjoin OK, net rpc testjoin fails
- Debian Jessie joining AD as member fails with "The object name is not found."
- slow smbclient samba 4.7.x