[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem
mete bilgin
metebilgin48 at gmail.com
Fri Feb 27 10:12:49 UTC 2015
2015-02-27 11:53 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:
> On Fri, 27 Feb 2015, mete bilgin wrote:
>
>> Starting GENSEC mechanism spnego
>>>> Starting GENSEC submechanism gssapi_krb5
>>>> Ticket in credentials cache for @IPDOMAIN will expire in 86400 secs
>>>> GSS client Update(krb5)(1) Update failed: Unspecified GSS failure.
>>>> Minor
>>>> code may provide more information: KDC policy rejects request
>>>>
>>>> This means your trust is not working. How did you established trust?
>>> Show exact commands.
>>>
>>> "KDC policy rejects request" means AD DC was unable to complete trust
>>> validation. Usually it means it was unable to talk back to IPA master
>>> which it discovers via SRV records over DNS.
>>> --
>>> / Alexander Bokovoy
>>>
>>>
>>
>> Hi,
>>
>> When i add the turs return this.
>>
>> [root at ipa01 ~]# ipa trust-add --type=ad --admin admin --password
>> Realm name: addomain.com
>> Active directory domain administrator's password:
>> -------------------------------------------
>> Re-established trust to domain "ADDOMAIN.COM"
>> -------------------------------------------
>> Realm name: ADDOMAIN.COM
>> Domain NetBIOS name: ADDOMAIN
>> Domain Security Identifier: S-1-5-21-1343024091-2000478354-725345543
>> SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2,
>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10,
>> S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15,
>> S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
>> SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2,
>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10,
>> S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15,
>> S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
>> Trust direction: Two-way trust
>> Trust type: Active Directory domain
>> Trust status: Established and verified
>>
> Ok, and did you run that with debug enabled in smb.conf.empty? Can you
> give us /var/log/httpd/error_log for this run?
>
> In 4.x we fixed the part that mistakenly reports trust is 'established
> and verified' when it actually wasn't, but before that we need to see
> the debug logs to know the reason.
>
> There are only two (external) reasons:
> 1. AD DC was unable to resolve IPA DC via DNS query for SRV records for
> Kerberos and LDAP.
> 2. AD DC was unable to reach IPA DC due to misconfigured firewall.
>
>
> --
> / Alexander Bokovoy
>
Hi,
/var/log/httpd/error_log
[Fri Feb 27 12:08:05.484181 2015] [:error] [pid 5367] ipa: INFO:
admin at IPADOMAIN.COM: ping(version=u'2.51'): SUCCESS
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file
"/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
all: 100
tdb: 100
printdrivers: 100
lanman: 100
smb: 100
rpc_parse: 100
rpc_srv: 100
rpc_cli: 100
passdb: 100
sam: 100
auth: 100
winbind: 100
vfs: 100
idmap: 100
quota: 100
acls: 100
locking: 100
msdfs: 100
dmapi: 100
registry: 100
scavenger: 100
dns: 100
ldb: 100
pm_process() returned Yes
Using binding ncacn_np:ipa01.IPADOMAIN.COM[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7fed9c4c80e0
s4_tevent: Added timed event "composite_trigger": 0x7fed9c50b290
s4_tevent: Added timed event "composite_trigger": 0x7fed9c3dbad0
s4_tevent: Running timer event 0x7fed9c50b290 "composite_trigger"
s4_tevent: Destroying timer event 0x7fed9c3dbad0 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7fed9c50b290 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c4d3ea0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d3520
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d3520
s4_tevent: Destroying timer event 0x7fed9c4d3ea0 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 663430
SO_RCVBUF = 261942
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d82e0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Destroying timer event 0x7fed9c4d82e0 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for @IPADOMAIN will expire in 76694 secs
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d96f0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Destroying timer event 0x7fed9c4d96f0 "tevent_req_timedout"
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4dcdb0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Destroying timer event 0x7fed9c4dcdb0 "tevent_req_timedout"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4dd100
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Destroying timer event 0x7fed9c4dd100 "tevent_req_timedout"
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=65535, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4dddc0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4de2d0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4dda70
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4dda70
s4_tevent: Destroying timer event 0x7fed9c4dddc0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4de2d0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3eb870
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3eb870
s4_tevent: Destroying timer event 0x7fed9c4c80e0
"dcerpc_connect_timeout_handler"
lsa_OpenPolicy2: struct lsa_OpenPolicy2
in: struct lsa_OpenPolicy2
system_name : *
system_name : ''
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000000 (0)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x00000000 (0)
impersonation_level : 0x0000 (0)
context_mode : 0x00 (0)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
rpc request data:
[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 00 00 00 00 00 00 00 00 04 00 02 00 00 00 00 00 ........ ........
[0030] 00 00 00 00 00 00 00 02 ........
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4d3630
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=80, this_data=80, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4de250
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d37d0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d37d0
s4_tevent: Destroying timer event 0x7fed9c4de250 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4d3630 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3e07e0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3e07e0
lsa_OpenPolicy2: struct lsa_OpenPolicy2
out: struct lsa_OpenPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 00 00 00 00 @.......
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
level : LSA_POLICY_INFO_DNS (12)
rpc request data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 0C 00 @.....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4d37b0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4de3d0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4de080
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4de080
s4_tevent: Destroying timer event 0x7fed9c4de3d0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4d37b0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3e08c0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3e08c0
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union
lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'IPADOMAIN'
dns_domain: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'IPADOMAIN.COM'
dns_forest: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'IPADOMAIN.COM'
domain_guid :
00000015-e851-c207-0dd0-a20419e2e2c7
sid : *
sid :
S-1-5-21-3255298129-77778957-3353535001
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........
[0010] 18 00 1A 00 08 00 02 00 18 00 1A 00 0C 00 02 00 ........ ........
[0020] 15 00 00 00 51 E8 07 C2 0D D0 A2 04 19 E2 E2 C7 ....Q... ........
[0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........
[0040] 42 00 49 00 4C 00 59 00 4F 00 4E 00 45 00 52 00 B.I.L.Y. O.N.E.R.
[0050] 0D 00 00 00 00 00 00 00 0C 00 00 00 62 00 69 00 ........ ....b.i.
[0060] 6C 00 79 00 6F 00 6E 00 65 00 72 00 2E 00 63 00 l.y.o.n. e.r...c.
[0070] 6F 00 6D 00 0D 00 00 00 00 00 00 00 0C 00 00 00 o.m..... ........
[0080] 62 00 69 00 6C 00 79 00 6F 00 6E 00 65 00 72 00 b.i.l.y. o.n.e.r.
[0090] 2E 00 63 00 6F 00 6D 00 04 00 00 00 01 04 00 00 ..c.o.m. ........
[00A0] 00 00 00 05 15 00 00 00 51 E8 07 C2 0D D0 A2 04 ........ Q.......
[00B0] 19 E2 E2 C7 00 00 00 00 ........
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
level : LSA_POLICY_INFO_ROLE (6)
rpc request data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 06 00 @.....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4da190
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4ded50
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4dea00
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4dea00
s4_tevent: Destroying timer event 0x7fed9c4ded50 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4da190 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d96b0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d96b0
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union
lsa_PolicyInformation(case 6)
role: struct lsa_ServerRole
role : LSA_ROLE_PRIMARY (3)
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 02 00 06 00 00 00 03 00 00 00 00 00 00 00 ........ ........
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c456960
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c5091d0
s4_tevent: Destroying timer event 0x7fed9c456960 "tevent_req_timedout"
s4_tevent: Cancel immediate event 0x7fed9c5091d0
"tevent_queue_immediate_trigger"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4c9cf0
smb_signing_md5: sequence number 28
smb_signing_sign_pdu: sent SMB signature of
[0000] AD 05 35 AC 10 CB 27 85 ..5...'.
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c273010
s4_tevent: Destroying timer event 0x7fed9c4c9cf0 "tevent_req_timedout"
s4_tevent: Cancel immediate event 0x7fed9c273010
"tevent_queue_immediate_trigger"
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file
"/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
all: 100
tdb: 100
printdrivers: 100
lanman: 100
smb: 100
rpc_parse: 100
rpc_srv: 100
rpc_cli: 100
passdb: 100
sam: 100
auth: 100
winbind: 100
vfs: 100
idmap: 100
quota: 100
acls: 100
locking: 100
msdfs: 100
dmapi: 100
registry: 100
scavenger: 100
dns: 100
ldb: 100
pm_process() returned Yes
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain ADDOMAIN.COM
finddcs: looking for SRV records for _ldap._tcp.ADDOMAIN.COM
ads_dns_lookup_srv: 3 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed ad01.ADDOMAIN.COM [0, 100, 389]
ads_dns_parse_rr_srv: Parsed ad02.ADDOMAIN.COM [0, 100, 389]
ads_dns_parse_rr_srv: Parsed ad03.ADDOMAIN.COM [0, 100, 389]
Addrs = 192.168.12.236 at 389/ad01,172.16.50.70 at 389/ad02,192.168.12.239 at 389
/ad03
finddcs: DNS SRV response 0 at '192.168.12.236'
finddcs: DNS SRV response 1 at '172.16.50.70'
finddcs: DNS SRV response 2 at '192.168.12.239'
finddcs: performing CLDAP query on 192.168.12.236
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4caae0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c279e50
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c279e50
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c2d2970
s4_tevent: Destroying timer event 0x7fed9c2d2970 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4caae0 "tevent_req_timedout"
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000031fd (12797)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
0: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 6aac190b-04eb-464f-bdcc-b07e27e2d1e5
forest : 'ADDOMAIN.COM'
dns_domain : 'ADDOMAIN.COM'
pdc_dns_name : 'ad01.ADDOMAIN.COM'
domain_name : 'ADDOMAIN'
pdc_name : 'ad01'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
finddcs: Found matching DC 192.168.12.236 with server_type=0x000031fd
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file
"/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
all: 100
tdb: 100
printdrivers: 100
lanman: 100
smb: 100
rpc_parse: 100
rpc_srv: 100
rpc_cli: 100
passdb: 100
sam: 100
auth: 100
winbind: 100
vfs: 100
idmap: 100
quota: 100
acls: 100
locking: 100
msdfs: 100
dmapi: 100
registry: 100
scavenger: 100
dns: 100
ldb: 100
pm_process() returned Yes
Using binding ncacn_np:ad01.ADDOMAIN.COM[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7fed9c4d1dd0
s4_tevent: Added timed event "composite_trigger": 0x7fed9c4caae0
s4_tevent: Added timed event "composite_trigger": 0x7fed9c2db340
s4_tevent: Running timer event 0x7fed9c4caae0 "composite_trigger"
s4_tevent: Destroying timer event 0x7fed9c2db340 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7fed9c4caae0 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c3cf8e0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4caae0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4caae0
s4_tevent: Destroying timer event 0x7fed9c3cf8e0 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 23080
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4dd1c0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Destroying timer event 0x7fed9c4dd1c0 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0008 (8)
DomainNameMaxLen : 0x0008 (8)
DomainName : *
DomainName : 'IPADOMAIN'
WorkstationLen : 0x0008 (8)
WorkstationMaxLen : 0x0008 (8)
Workstation : *
Workstation : 'IPADOMAIN'
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cce50
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Destroying timer event 0x7fed9c4cce50 "tevent_req_timedout"
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cda00
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Destroying timer event 0x7fed9c4cda00 "tevent_req_timedout"
smb_signing_activate: user_session_key
[0000] CF 87 99 C6 23 92 38 CB E1 A5 77 3B A6 83 22 35 ....#.8. ..w;.."5
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] 36 6D 36 95 D5 4D 59 F4 6m6..MY.
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4ccd00
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] 96 8F 91 1E 51 95 4F 0F ....Q.O.
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] D9 7B 8F 20 F5 BC CF 68 .{. ...h
s4_tevent: Destroying timer event 0x7fed9c4ccd00 "tevent_req_timedout"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cc9a0
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] DD 31 0C 55 92 DE FC E7 .1.U....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] 31 FD 9D 28 A1 DE 1C 2E 1..(....
s4_tevent: Destroying timer event 0x7fed9c4cc9a0 "tevent_req_timedout"
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=65535, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cd590
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] F7 3D 8A 85 B4 9A BA 7A .=.....z
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4de180
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] A4 0D AB F2 AD F7 E7 54 .......T
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cd7b0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cd7b0
s4_tevent: Destroying timer event 0x7fed9c4cd590 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4de180 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c0354e0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c0354e0
s4_tevent: Destroying timer event 0x7fed9c4d1dd0
"dcerpc_connect_timeout_handler"
lsa_OpenPolicy2: struct lsa_OpenPolicy2
in: struct lsa_OpenPolicy2
system_name : *
system_name : ''
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000000 (0)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x00000000 (0)
impersonation_level : 0x0000 (0)
context_mode : 0x00 (0)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
rpc request data:
[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 00 00 00 00 00 00 00 00 04 00 02 00 00 00 00 00 ........ ........
[0030] 00 00 00 00 00 00 00 02 ........
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4c9280
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=80, this_data=80, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4de040
smb_signing_md5: sequence number 8
smb_signing_sign_pdu: sent SMB signature of
[0000] B2 A8 8C 3E D8 8D D2 CE ...>....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 9
smb_signing_check_pdu: seq 9: got good SMB signature of
[0000] 6E 09 43 5E 16 77 DD 6C n.C^.w.l
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cd990
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cd990
s4_tevent: Destroying timer event 0x7fed9c4de040 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4c9280 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c0354e0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c0354e0
lsa_OpenPolicy2: struct lsa_OpenPolicy2
out: struct lsa_OpenPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 00 00 00 00 k.<G....
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
level : LSA_POLICY_INFO_DNS (12)
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 0C 00 k.<G..
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c1446e0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cca40
smb_signing_md5: sequence number 10
smb_signing_sign_pdu: sent SMB signature of
[0000] B3 E2 C1 DA 8A 97 A3 D9 ........
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 11
smb_signing_check_pdu: seq 11: got good SMB signature of
[0000] 18 1F 7B D1 BD 0D C0 18 ..{.....
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cc670
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cc670
s4_tevent: Destroying timer event 0x7fed9c4cca40 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c1446e0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cbc00
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cbc00
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union
lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'ADDOMAIN'
dns_domain: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'ADDOMAIN.COM'
dns_forest: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'ADDOMAIN.COM'
domain_guid :
6aac190b-04eb-464f-bdcc-b07e27e2d1e5
sid : *
sid :
S-1-5-21-1343024091-2000478354-725345543
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 02 00 0C 00 00 00 0C 00 0E 00 04 00 02 00 ........ ........
[0010] 14 00 16 00 08 00 02 00 14 00 16 00 0C 00 02 00 ........ ........
[0020] 0B 19 AC 6A EB 04 4F 46 BD CC B0 7E 27 E2 D1 E5 ...j..OF ...~'...
[0030] 10 00 02 00 07 00 00 00 00 00 00 00 06 00 00 00 ........ ........
[0040] 4C 00 49 00 42 00 45 00 52 00 4F 00 0B 00 00 00 L.I.B.E. R.O.....
[0050] 00 00 00 00 0A 00 00 00 4C 00 49 00 42 00 45 00 ........ L.I.B.E.
[0060] 52 00 4F 00 2E 00 49 00 4E 00 54 00 0B 00 00 00 R.O...I. N.T.....
[0070] 00 00 00 00 0A 00 00 00 4C 00 49 00 42 00 45 00 ........ L.I.B.E.
[0080] 52 00 4F 00 2E 00 49 00 4E 00 54 00 04 00 00 00 R.O...I. N.T.....
[0090] 01 04 00 00 00 00 00 05 15 00 00 00 DB EB 0C 50 ........ .......P
[00A0] 92 E0 3C 77 07 E5 3B 2B 00 00 00 00 ..<w..;+ ....
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
level : LSA_POLICY_INFO_ROLE (6)
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 06 00 k.<G..
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4cd870
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4dead0
smb_signing_md5: sequence number 12
smb_signing_sign_pdu: sent SMB signature of
[0000] DB BB D0 9D 72 B2 9A A3 ....r...
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 13
smb_signing_check_pdu: seq 13: got good SMB signature of
[0000] A7 D3 68 67 E2 F3 C4 C0 ..hg....
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4de700
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4de700
s4_tevent: Destroying timer event 0x7fed9c4dead0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4cd870 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cbc00
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cbc00
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union
lsa_PolicyInformation(case 6)
role: struct lsa_ServerRole
role : LSA_ROLE_PRIMARY (3)
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 02 00 06 00 00 00 03 00 00 00 00 00 00 00 ........ ........
lsa_QueryTrustedDomainInfoByName: struct
lsa_QueryTrustedDomainInfoByName
in: struct lsa_QueryTrustedDomainInfoByName
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
trusted_domain : *
trusted_domain: struct lsa_String
length : 0x0018 (24)
size : 0x0018 (24)
string : *
string : 'IPADOMAIN.COM'
level : LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8)
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 18 00 18 00 00 00 02 00 0C 00 00 00 k.<G.... ........
[0020] 00 00 00 00 0C 00 00 00 62 00 69 00 6C 00 79 00 ........ b.i.l.y.
[0030] 6F 00 6E 00 65 00 72 00 2E 00 63 00 6F 00 6D 00 o.n.e.r. ..c.o.m.
[0040] 08 00 ..
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e1be0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=90, this_data=90, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c045390
smb_signing_md5: sequence number 14
smb_signing_sign_pdu: sent SMB signature of
[0000] 41 6A C1 03 A4 FF A5 FE Aj......
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 15
smb_signing_check_pdu: seq 15: got good SMB signature of
[0000] 2B 75 00 4A 8D 56 76 90 +u.J.Vv.
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c045040
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c045040
s4_tevent: Destroying timer event 0x7fed9c045390 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e1be0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3edd50
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3edd50
lsa_QueryTrustedDomainInfoByName: struct
lsa_QueryTrustedDomainInfoByName
out: struct lsa_QueryTrustedDomainInfoByName
info : *
info : *
info : union
lsa_TrustedDomainInfo(case 8)
full_info: struct lsa_TrustDomainInfoFullInfo
info_ex: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : '
IPADOMAIN.COM'
netbios_name: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'IPADOMAIN'
sid : *
sid :
S-1-5-21-3255298129-77778957-3353535001
trust_direction : 0x00000003 (3)
1: LSA_TRUST_DIRECTION_INBOUND
1: LSA_TRUST_DIRECTION_OUTBOUND
trust_type :
LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0:
LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
posix_offset: struct lsa_TrustDomainInfoPosixOffset
posix_offset : 0x40000000
(1073741824)
auth_info: struct lsa_TrustDomainInfoAuthInfo
incoming_count : 0x00000000 (0)
incoming_current_auth_info: NULL
incoming_previous_auth_info: NULL
outgoing_count : 0x00000000 (0)
outgoing_current_auth_info: NULL
outgoing_previous_auth_info: NULL
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 02 00 08 00 00 00 18 00 1A 00 04 00 02 00 ........ ........
[0010] 10 00 12 00 08 00 02 00 0C 00 02 00 03 00 00 00 ........ ........
[0020] 02 00 00 00 08 00 00 00 00 00 00 40 00 00 00 00 ........ ... at ....
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0040] 00 00 00 00 0D 00 00 00 00 00 00 00 0C 00 00 00 ........ ........
[0050] 62 00 69 00 6C 00 79 00 6F 00 6E 00 65 00 72 00 b.i.l.y. o.n.e.r.
[0060] 2E 00 63 00 6F 00 6D 00 09 00 00 00 00 00 00 00 ..c.o.m. ........
[0070] 08 00 00 00 42 00 49 00 4C 00 59 00 4F 00 4E 00 ....B.I. L.Y.O.N.
[0080] 45 00 52 00 04 00 00 00 01 04 00 00 00 00 00 05 E.R..... ........
[0090] 15 00 00 00 51 E8 07 C2 0D D0 A2 04 19 E2 E2 C7 ....Q... ........
[00A0] 00 00 00 00 ....
lsa_DeleteTrustedDomain: struct lsa_DeleteTrustedDomain
in: struct lsa_DeleteTrustedDomain
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
dom_sid : *
dom_sid :
S-1-5-21-3255298129-77778957-3353535001
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 04 00 00 00 01 04 00 00 00 00 00 05 k.<G.... ........
[0020] 15 00 00 00 51 E8 07 C2 0D D0 A2 04 19 E2 E2 C7 ....Q... ........
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c0455d0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e2a90
smb_signing_md5: sequence number 16
smb_signing_sign_pdu: sent SMB signature of
[0000] 55 88 83 F5 88 3A 3B 88 U....:;.
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 17
smb_signing_check_pdu: seq 17: got good SMB signature of
[0000] 68 58 66 8B 04 4A 79 09 hXf..Jy.
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2620
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2620
s4_tevent: Destroying timer event 0x7fed9c4e2a90 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c0455d0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e16c0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e16c0
lsa_DeleteTrustedDomain: struct lsa_DeleteTrustedDomain
out: struct lsa_DeleteTrustedDomain
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 ....
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
in: struct lsa_CreateTrustedDomainEx2
policy_handle : *
policy_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
info : *
info: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'IPADOMAIN.COM'
netbios_name: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'IPADOMAIN'
sid : *
sid :
S-1-5-21-3255298129-77778957-3353535001
trust_direction : 0x00000003 (3)
1: LSA_TRUST_DIRECTION_INBOUND
1: LSA_TRUST_DIRECTION_OUTBOUND
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
auth_info_internal : *
auth_info_internal: struct
lsa_TrustDomainInfoAuthInfoInternal
auth_blob: struct lsa_DATA_BUF2
size : 0x00000440 (1088)
data : *
data: ARRAY(1088)
[0] : 0x90 (144)
[1] : 0xf6 (246)
[2] : 0xbb (187)
[3] : 0xc4 (196)
[4] : 0x3a (58)
[5] : 0x2c (44)
[6] : 0xb0 (176)
[7] : 0x3c (60)
[8] : 0x58 (88)
[9] : 0xde (222)
[10] : 0xb5 (181)
[11] : 0x8d (141)
[12] : 0x30 (48)
[13] : 0x01 (1)
[14] : 0x59 (89)
[15] : 0x87 (135)
[16] : 0xd9 (217)
[17] : 0x41 (65)
[18] : 0x80 (128)
[19] : 0x2f (47)
[20] : 0x67 (103)
[21] : 0x8a (138)
[22] : 0xee (238)
[23] : 0x95 (149)
[24] : 0x1b (27)
[25] : 0x0e (14)
[26] : 0x00 (0)
[27] : 0x82 (130)
[28] : 0xd2 (210)
[29] : 0xb8 (184)
[30] : 0xf6 (246)
[31] : 0xf8 (248)
[32] : 0x41 (65)
[33] : 0x76 (118)
[34] : 0xf2 (242)
[35] : 0x13 (19)
[36] : 0x37 (55)
[37] : 0x4d (77)
[38] : 0x92 (146)
[39] : 0x5a (90)
[40] : 0x51 (81)
[41] : 0x60 (96)
[42] : 0x22 (34)
[43] : 0x1d (29)
[44] : 0x39 (57)
[45] : 0x38 (56)
[46] : 0x43 (67)
[47] : 0x9f (159)
[48] : 0xc8 (200)
[49] : 0xf6 (246)
[50] : 0x4c (76)
[51] : 0xcf (207)
[52] : 0x8f (143)
[53] : 0xc3 (195)
[54] : 0xc7 (199)
[55] : 0x62 (98)
[56] : 0x72 (114)
[57] : 0xc3 (195)
[58] : 0x36 (54)
[59] : 0xe7 (231)
[60] : 0x39 (57)
[61] : 0x28 (40)
[62] : 0xa3 (163)
[63] : 0x1b (27)
[64] : 0x34 (52)
[65] : 0xce (206)
[66] : 0xce (206)
[67] : 0x7b (123)
[68] : 0xd3 (211)
[69] : 0x83 (131)
[70] : 0xa3 (163)
[71] : 0xeb (235)
[72] : 0x72 (114)
[73] : 0x3c (60)
[74] : 0x03 (3)
[75] : 0xae (174)
[76] : 0xc5 (197)
[77] : 0x15 (21)
[78] : 0x12 (18)
[79] : 0x86 (134)
[80] : 0x45 (69)
[81] : 0xcb (203)
[82] : 0x50 (80)
[83] : 0xe2 (226)
[84] : 0x95 (149)
[85] : 0xe1 (225)
[86] : 0x18 (24)
[87] : 0x99 (153)
[88] : 0xa6 (166)
[89] : 0x84 (132)
[90] : 0xe2 (226)
[91] : 0x5e (94)
[92] : 0x01 (1)
[93] : 0xd9 (217)
[94] : 0xa3 (163)
[95] : 0xb3 (179)
[96] : 0xb0 (176)
[97] : 0x40 (64)
[98] : 0x3a (58)
[99] : 0x00 (0)
[100] : 0xf8 (248)
[101] : 0x15 (21)
[102] : 0x66 (102)
[103] : 0x3e (62)
[104] : 0xd7 (215)
[105] : 0xb6 (182)
[106] : 0x6b (107)
[107] : 0x01 (1)
[108] : 0xf2 (242)
[109] : 0x47 (71)
[110] : 0x61 (97)
[111] : 0x3c (60)
[112] : 0x25 (37)
[113] : 0x13 (19)
[114] : 0x87 (135)
[115] : 0x23 (35)
[116] : 0x88 (136)
[117] : 0xc6 (198)
[118] : 0x02 (2)
[119] : 0xd2 (210)
[120] : 0x45 (69)
[121] : 0x59 (89)
[122] : 0x47 (71)
[123] : 0x57 (87)
[124] : 0x71 (113)
[125] : 0x0b (11)
[126] : 0xd9 (217)
[127] : 0x49 (73)
[128] : 0x04 (4)
[129] : 0x30 (48)
[130] : 0x0e (14)
[131] : 0x8c (140)
[132] : 0x83 (131)
[133] : 0x59 (89)
[134] : 0x8e (142)
[135] : 0x8a (138)
[136] : 0xf6 (246)
[137] : 0x25 (37)
[138] : 0xab (171)
[139] : 0x3e (62)
[140] : 0x53 (83)
[141] : 0x54 (84)
[142] : 0x0b (11)
[143] : 0x65 (101)
[144] : 0xaf (175)
[145] : 0x34 (52)
[146] : 0x24 (36)
[147] : 0xac (172)
[148] : 0x7d (125)
[149] : 0x8d (141)
[150] : 0xf8 (248)
[151] : 0xa8 (168)
[152] : 0xb8 (184)
[153] : 0x88 (136)
[154] : 0x20 (32)
[155] : 0xd3 (211)
[156] : 0x98 (152)
[157] : 0x08 (8)
[158] : 0xe3 (227)
[159] : 0xeb (235)
[160] : 0xb4 (180)
[161] : 0x2a (42)
[162] : 0xb5 (181)
[163] : 0x03 (3)
[164] : 0x28 (40)
[165] : 0x3c (60)
[166] : 0x03 (3)
[167] : 0xa2 (162)
[168] : 0x55 (85)
[169] : 0x21 (33)
[170] : 0x9e (158)
[171] : 0x4f (79)
[172] : 0x53 (83)
[173] : 0xba (186)
[174] : 0x25 (37)
[175] : 0xc2 (194)
[176] : 0x33 (51)
[177] : 0xe5 (229)
[178] : 0x06 (6)
[179] : 0x53 (83)
[180] : 0x22 (34)
[181] : 0x79 (121)
[182] : 0xe0 (224)
[183] : 0x9a (154)
[184] : 0x06 (6)
[185] : 0xa4 (164)
[186] : 0xc6 (198)
[187] : 0x16 (22)
[188] : 0x34 (52)
[189] : 0x0e (14)
[190] : 0x86 (134)
[191] : 0x14 (20)
[192] : 0x06 (6)
[193] : 0xfe (254)
[194] : 0x31 (49)
[195] : 0xc1 (193)
[196] : 0xd1 (209)
[197] : 0x6c (108)
[198] : 0xef (239)
[199] : 0x65 (101)
[200] : 0x88 (136)
[201] : 0x35 (53)
[202] : 0x67 (103)
[203] : 0x8d (141)
[204] : 0x3d (61)
[205] : 0xe9 (233)
[206] : 0xef (239)
[207] : 0x1d (29)
[208] : 0x41 (65)
[209] : 0x14 (20)
[210] : 0x9b (155)
[211] : 0xf4 (244)
[212] : 0x5e (94)
[213] : 0x05 (5)
[214] : 0xb7 (183)
[215] : 0x75 (117)
[216] : 0x25 (37)
[217] : 0x1f (31)
[218] : 0xa6 (166)
[219] : 0x7c (124)
[220] : 0xa0 (160)
[221] : 0x8c (140)
[222] : 0x8d (141)
[223] : 0xf6 (246)
[224] : 0xcd (205)
[225] : 0x1f (31)
[226] : 0xce (206)
[227] : 0x7b (123)
[228] : 0x17 (23)
[229] : 0x8b (139)
[230] : 0x09 (9)
[231] : 0x8a (138)
[232] : 0x68 (104)
[233] : 0xd1 (209)
[234] : 0x25 (37)
[235] : 0x60 (96)
[236] : 0x45 (69)
[237] : 0x32 (50)
[238] : 0xf8 (248)
[239] : 0xc1 (193)
[240] : 0xe1 (225)
[241] : 0x96 (150)
[242] : 0x7b (123)
[243] : 0x55 (85)
[244] : 0xf6 (246)
[245] : 0xfc (252)
[246] : 0xce (206)
[247] : 0x1e (30)
[248] : 0xb2 (178)
[249] : 0x46 (70)
[250] : 0xf7 (247)
[251] : 0xc6 (198)
[252] : 0xcc (204)
[253] : 0x83 (131)
[254] : 0xcb (203)
[255] : 0xc2 (194)
[256] : 0x6e (110)
[257] : 0x42 (66)
[258] : 0x74 (116)
[259] : 0x8c (140)
[260] : 0x58 (88)
[261] : 0x9c (156)
[262] : 0x5a (90)
[263] : 0xb3 (179)
[264] : 0x62 (98)
[265] : 0x18 (24)
[266] : 0x00 (0)
[267] : 0x82 (130)
[268] : 0x16 (22)
[269] : 0x6d (109)
[270] : 0x70 (112)
[271] : 0x1f (31)
[272] : 0x15 (21)
[273] : 0xe5 (229)
[274] : 0x80 (128)
[275] : 0x0e (14)
[276] : 0xe7 (231)
[277] : 0x72 (114)
[278] : 0x54 (84)
[279] : 0x24 (36)
[280] : 0x6d (109)
[281] : 0x71 (113)
[282] : 0xe5 (229)
[283] : 0xf4 (244)
[284] : 0xdd (221)
[285] : 0x40 (64)
[286] : 0xb3 (179)
[287] : 0x81 (129)
[288] : 0x79 (121)
[289] : 0x09 (9)
[290] : 0xcf (207)
[291] : 0x3b (59)
[292] : 0x17 (23)
[293] : 0x15 (21)
[294] : 0xe7 (231)
[295] : 0xc7 (199)
[296] : 0x58 (88)
[297] : 0x1b (27)
[298] : 0x9f (159)
[299] : 0x36 (54)
[300] : 0x97 (151)
[301] : 0xab (171)
[302] : 0xcd (205)
[303] : 0x34 (52)
[304] : 0x39 (57)
[305] : 0xcf (207)
[306] : 0xb6 (182)
[307] : 0x87 (135)
[308] : 0xda (218)
[309] : 0xb7 (183)
[310] : 0xff (255)
[311] : 0x0e (14)
[312] : 0x65 (101)
[313] : 0x78 (120)
[314] : 0xc7 (199)
[315] : 0x44 (68)
[316] : 0x3a (58)
[317] : 0x54 (84)
[318] : 0x7f (127)
[319] : 0xd9 (217)
[320] : 0x7c (124)
[321] : 0xc8 (200)
[322] : 0xdd (221)
[323] : 0x7b (123)
[324] : 0x26 (38)
[325] : 0x01 (1)
[326] : 0x9f (159)
[327] : 0x34 (52)
[328] : 0xe7 (231)
[329] : 0xe9 (233)
[330] : 0x00 (0)
[331] : 0xb5 (181)
[332] : 0xf2 (242)
[333] : 0x8e (142)
[334] : 0xe5 (229)
[335] : 0xe7 (231)
[336] : 0x4e (78)
[337] : 0xc3 (195)
[338] : 0x01 (1)
[339] : 0x6d (109)
[340] : 0x4d (77)
[341] : 0xdb (219)
[342] : 0x98 (152)
[343] : 0x81 (129)
[344] : 0xf7 (247)
[345] : 0xea (234)
[346] : 0x97 (151)
[347] : 0xe3 (227)
[348] : 0xcc (204)
[349] : 0x2e (46)
[350] : 0x65 (101)
[351] : 0x2a (42)
[352] : 0xc4 (196)
[353] : 0x3d (61)
[354] : 0x4f (79)
[355] : 0x9c (156)
[356] : 0x88 (136)
[357] : 0xdf (223)
[358] : 0xe4 (228)
[359] : 0xbd (189)
[360] : 0xe8 (232)
[361] : 0x26 (38)
[362] : 0x68 (104)
[363] : 0xb7 (183)
[364] : 0x26 (38)
[365] : 0x6e (110)
[366] : 0x7c (124)
[367] : 0xb3 (179)
[368] : 0xc3 (195)
[369] : 0x4a (74)
[370] : 0x09 (9)
[371] : 0x04 (4)
[372] : 0x43 (67)
[373] : 0xa1 (161)
[374] : 0xed (237)
[375] : 0x23 (35)
[376] : 0x7a (122)
[377] : 0xf0 (240)
[378] : 0x72 (114)
[379] : 0x36 (54)
[380] : 0x77 (119)
[381] : 0x7f (127)
[382] : 0xba (186)
[383] : 0xe4 (228)
[384] : 0x29 (41)
[385] : 0x38 (56)
[386] : 0xef (239)
[387] : 0x10 (16)
[388] : 0x0f (15)
[389] : 0x5e (94)
[390] : 0x27 (39)
[391] : 0x2f (47)
[392] : 0x31 (49)
[393] : 0x28 (40)
[394] : 0x2e (46)
[395] : 0xb7 (183)
[396] : 0x58 (88)
[397] : 0x5c (92)
[398] : 0xc9 (201)
[399] : 0x72 (114)
[400] : 0x9b (155)
[401] : 0x4f (79)
[402] : 0x9c (156)
[403] : 0x3f (63)
[404] : 0x9a (154)
[405] : 0x91 (145)
[406] : 0x68 (104)
[407] : 0x87 (135)
[408] : 0x5b (91)
[409] : 0x99 (153)
[410] : 0x39 (57)
[411] : 0xae (174)
[412] : 0xe1 (225)
[413] : 0xda (218)
[414] : 0xd8 (216)
[415] : 0x9e (158)
[416] : 0xe3 (227)
[417] : 0x5f (95)
[418] : 0xd6 (214)
[419] : 0x15 (21)
[420] : 0x7e (126)
[421] : 0xc4 (196)
[422] : 0x86 (134)
[423] : 0xda (218)
[424] : 0xb1 (177)
[425] : 0xf3 (243)
[426] : 0x53 (83)
[427] : 0xc0 (192)
[428] : 0x01 (1)
[429] : 0x51 (81)
[430] : 0xd0 (208)
[431] : 0xb5 (181)
[432] : 0x00 (0)
[433] : 0xcc (204)
[434] : 0x99 (153)
[435] : 0x6d (109)
[436] : 0x19 (25)
[437] : 0x16 (22)
[438] : 0x52 (82)
[439] : 0x63 (99)
[440] : 0x67 (103)
[441] : 0x01 (1)
[442] : 0xd4 (212)
[443] : 0x41 (65)
[444] : 0x23 (35)
[445] : 0x53 (83)
[446] : 0xb6 (182)
[447] : 0xe9 (233)
[448] : 0x15 (21)
[449] : 0x16 (22)
[450] : 0x00 (0)
[451] : 0x15 (21)
[452] : 0x6f (111)
[453] : 0x0c (12)
[454] : 0x77 (119)
[455] : 0x2f (47)
[456] : 0xd9 (217)
[457] : 0xa5 (165)
[458] : 0x38 (56)
[459] : 0xad (173)
[460] : 0x22 (34)
[461] : 0xbb (187)
[462] : 0xda (218)
[463] : 0x8c (140)
[464] : 0x62 (98)
[465] : 0xe7 (231)
[466] : 0x44 (68)
[467] : 0x61 (97)
[468] : 0xf5 (245)
[469] : 0x83 (131)
[470] : 0x67 (103)
[471] : 0xa3 (163)
[472] : 0xdb (219)
[473] : 0x2c (44)
[474] : 0xda (218)
[475] : 0x83 (131)
[476] : 0x52 (82)
[477] : 0xa3 (163)
[478] : 0xf7 (247)
[479] : 0x71 (113)
[480] : 0xc9 (201)
[481] : 0xb3 (179)
[482] : 0x7f (127)
[483] : 0x69 (105)
[484] : 0xc1 (193)
[485] : 0x84 (132)
[486] : 0x8a (138)
[487] : 0xf6 (246)
[488] : 0xd1 (209)
[489] : 0xe0 (224)
[490] : 0xd9 (217)
[491] : 0xe3 (227)
[492] : 0x2e (46)
[493] : 0x67 (103)
[494] : 0xa6 (166)
[495] : 0x0e (14)
[496] : 0x43 (67)
[497] : 0x10 (16)
[498] : 0x8f (143)
[499] : 0x56 (86)
[500] : 0x4a (74)
[501] : 0x04 (4)
[502] : 0x60 (96)
[503] : 0x55 (85)
[504] : 0xa4 (164)
[505] : 0x30 (48)
[506] : 0x33 (51)
[507] : 0x66 (102)
[508] : 0xbc (188)
[509] : 0x52 (82)
[510] : 0x6a (106)
[511] : 0x58 (88)
[512] : 0x11 (17)
[513] : 0x37 (55)
[514] : 0x03 (3)
[515] : 0xf9 (249)
[516] : 0xb7 (183)
[517] : 0x6a (106)
[518] : 0x1c (28)
[519] : 0x9b (155)
[520] : 0xaf (175)
[521] : 0x2b (43)
[522] : 0xd1 (209)
[523] : 0x0a (10)
[524] : 0x34 (52)
[525] : 0xa6 (166)
[526] : 0x0e (14)
[527] : 0x83 (131)
[528] : 0x4e (78)
[529] : 0xf2 (242)
[530] : 0x8f (143)
[531] : 0x0c (12)
[532] : 0xf9 (249)
[533] : 0xf3 (243)
[534] : 0x6f (111)
[535] : 0xa3 (163)
[536] : 0x7b (123)
[537] : 0xba (186)
[538] : 0xca (202)
[539] : 0xcf (207)
[540] : 0x12 (18)
[541] : 0x82 (130)
[542] : 0x65 (101)
[543] : 0x1a (26)
[544] : 0x95 (149)
[545] : 0xaa (170)
[546] : 0x6d (109)
[547] : 0x5a (90)
[548] : 0x4c (76)
[549] : 0x9a (154)
[550] : 0xdb (219)
[551] : 0x8f (143)
[552] : 0xfc (252)
[553] : 0x85 (133)
[554] : 0x1f (31)
[555] : 0xac (172)
[556] : 0xdd (221)
[557] : 0x52 (82)
[558] : 0xe9 (233)
[559] : 0xc5 (197)
[560] : 0xd7 (215)
[561] : 0x57 (87)
[562] : 0x78 (120)
[563] : 0x41 (65)
[564] : 0xad (173)
[565] : 0x63 (99)
[566] : 0x86 (134)
[567] : 0x61 (97)
[568] : 0x06 (6)
[569] : 0x2d (45)
[570] : 0xaf (175)
[571] : 0xb5 (181)
[572] : 0x2e (46)
[573] : 0x69 (105)
[574] : 0xe6 (230)
[575] : 0x4e (78)
[576] : 0x42 (66)
[577] : 0x8e (142)
[578] : 0xaa (170)
[579] : 0x3b (59)
[580] : 0x07 (7)
[581] : 0x11 (17)
[582] : 0x5f (95)
[583] : 0x7a (122)
[584] : 0xf7 (247)
[585] : 0xce (206)
[586] : 0xff (255)
[587] : 0x95 (149)
[588] : 0x48 (72)
[589] : 0x4a (74)
[590] : 0x46 (70)
[591] : 0xa6 (166)
[592] : 0x0f (15)
[593] : 0x8b (139)
[594] : 0x74 (116)
[595] : 0xcc (204)
[596] : 0x38 (56)
[597] : 0x1d (29)
[598] : 0xbf (191)
[599] : 0x73 (115)
[600] : 0xc1 (193)
[601] : 0x78 (120)
[602] : 0x78 (120)
[603] : 0xdd (221)
[604] : 0x73 (115)
[605] : 0x6d (109)
[606] : 0x52 (82)
[607] : 0x3e (62)
[608] : 0xc6 (198)
[609] : 0x01 (1)
[610] : 0x38 (56)
[611] : 0xd1 (209)
[612] : 0xe4 (228)
[613] : 0x27 (39)
[614] : 0x24 (36)
[615] : 0xf7 (247)
[616] : 0x22 (34)
[617] : 0x87 (135)
[618] : 0x6b (107)
[619] : 0x86 (134)
[620] : 0x0b (11)
[621] : 0x64 (100)
[622] : 0x68 (104)
[623] : 0xd6 (214)
[624] : 0x1b (27)
[625] : 0x31 (49)
[626] : 0x96 (150)
[627] : 0xc2 (194)
[628] : 0xa7 (167)
[629] : 0x35 (53)
[630] : 0xbf (191)
[631] : 0xf6 (246)
[632] : 0x38 (56)
[633] : 0x70 (112)
[634] : 0xee (238)
[635] : 0x9e (158)
[636] : 0x26 (38)
[637] : 0xbb (187)
[638] : 0x48 (72)
[639] : 0x9f (159)
[640] : 0xa6 (166)
[641] : 0x68 (104)
[642] : 0x54 (84)
[643] : 0x69 (105)
[644] : 0x9f (159)
[645] : 0x5e (94)
[646] : 0x2d (45)
[647] : 0x29 (41)
[648] : 0x9a (154)
[649] : 0x78 (120)
[650] : 0x6b (107)
[651] : 0xeb (235)
[652] : 0x8a (138)
[653] : 0xce (206)
[654] : 0xa6 (166)
[655] : 0x59 (89)
[656] : 0xfc (252)
[657] : 0x5e (94)
[658] : 0x61 (97)
[659] : 0x4a (74)
[660] : 0xd5 (213)
[661] : 0x9c (156)
[662] : 0xa4 (164)
[663] : 0x65 (101)
[664] : 0x5f (95)
[665] : 0x21 (33)
[666] : 0xa3 (163)
[667] : 0x49 (73)
[668] : 0x7a (122)
[669] : 0x9a (154)
[670] : 0x40 (64)
[671] : 0x38 (56)
[672] : 0xad (173)
[673] : 0x28 (40)
[674] : 0x27 (39)
[675] : 0x11 (17)
[676] : 0xb4 (180)
[677] : 0x41 (65)
[678] : 0x11 (17)
[679] : 0x7f (127)
[680] : 0x37 (55)
[681] : 0x0b (11)
[682] : 0xae (174)
[683] : 0x85 (133)
[684] : 0x2a (42)
[685] : 0xe2 (226)
[686] : 0x35 (53)
[687] : 0x89 (137)
[688] : 0x78 (120)
[689] : 0x1c (28)
[690] : 0xa2 (162)
[691] : 0xeb (235)
[692] : 0x77 (119)
[693] : 0x75 (117)
[694] : 0x43 (67)
[695] : 0x9c (156)
[696] : 0xd1 (209)
[697] : 0xc9 (201)
[698] : 0xa4 (164)
[699] : 0xd2 (210)
[700] : 0x90 (144)
[701] : 0x1f (31)
[702] : 0x7f (127)
[703] : 0xa9 (169)
[704] : 0x84 (132)
[705] : 0x0d (13)
[706] : 0xfd (253)
[707] : 0xc1 (193)
[708] : 0xd0 (208)
[709] : 0xba (186)
[710] : 0x67 (103)
[711] : 0x3d (61)
[712] : 0x64 (100)
[713] : 0x53 (83)
[714] : 0xeb (235)
[715] : 0x0c (12)
[716] : 0x34 (52)
[717] : 0x23 (35)
[718] : 0x01 (1)
[719] : 0x83 (131)
[720] : 0x66 (102)
[721] : 0xec (236)
[722] : 0x22 (34)
[723] : 0x35 (53)
[724] : 0xea (234)
[725] : 0x29 (41)
[726] : 0x46 (70)
[727] : 0x9f (159)
[728] : 0x57 (87)
[729] : 0x1f (31)
[730] : 0x83 (131)
[731] : 0xc2 (194)
[732] : 0x03 (3)
[733] : 0xf0 (240)
[734] : 0x41 (65)
[735] : 0xcd (205)
[736] : 0x35 (53)
[737] : 0xc0 (192)
[738] : 0x88 (136)
[739] : 0x10 (16)
[740] : 0x8e (142)
[741] : 0x98 (152)
[742] : 0x2c (44)
[743] : 0x85 (133)
[744] : 0xee (238)
[745] : 0xca (202)
[746] : 0xbd (189)
[747] : 0xda (218)
[748] : 0xce (206)
[749] : 0x34 (52)
[750] : 0xb5 (181)
[751] : 0xb6 (182)
[752] : 0xa1 (161)
[753] : 0x02 (2)
[754] : 0xdf (223)
[755] : 0x2b (43)
[756] : 0x9a (154)
[757] : 0x64 (100)
[758] : 0x71 (113)
[759] : 0x39 (57)
[760] : 0xb8 (184)
[761] : 0xf6 (246)
[762] : 0xcf (207)
[763] : 0x4c (76)
[764] : 0x4b (75)
[765] : 0xc7 (199)
[766] : 0x64 (100)
[767] : 0x86 (134)
[768] : 0x58 (88)
[769] : 0xd7 (215)
[770] : 0xd9 (217)
[771] : 0x6f (111)
[772] : 0x4a (74)
[773] : 0xd6 (214)
[774] : 0xfd (253)
[775] : 0x80 (128)
[776] : 0xa5 (165)
[777] : 0x51 (81)
[778] : 0x96 (150)
[779] : 0xdb (219)
[780] : 0x8c (140)
[781] : 0x4a (74)
[782] : 0x0f (15)
[783] : 0xaf (175)
[784] : 0x1a (26)
[785] : 0x9a (154)
[786] : 0xac (172)
[787] : 0x28 (40)
[788] : 0x79 (121)
[789] : 0x30 (48)
[790] : 0x68 (104)
[791] : 0x9b (155)
[792] : 0xd3 (211)
[793] : 0x2e (46)
[794] : 0x8e (142)
[795] : 0xd6 (214)
[796] : 0x1a (26)
[797] : 0xc4 (196)
[798] : 0xdd (221)
[799] : 0x9a (154)
[800] : 0x78 (120)
[801] : 0xa8 (168)
[802] : 0xcc (204)
[803] : 0x73 (115)
[804] : 0xf1 (241)
[805] : 0x94 (148)
[806] : 0x2f (47)
[807] : 0x00 (0)
[808] : 0x3b (59)
[809] : 0xed (237)
[810] : 0x4a (74)
[811] : 0xb3 (179)
[812] : 0x00 (0)
[813] : 0x2e (46)
[814] : 0xad (173)
[815] : 0x2a (42)
[816] : 0x5b (91)
[817] : 0xe8 (232)
[818] : 0x2a (42)
[819] : 0x70 (112)
[820] : 0xce (206)
[821] : 0xf8 (248)
[822] : 0x82 (130)
[823] : 0x08 (8)
[824] : 0x92 (146)
[825] : 0x3f (63)
[826] : 0x02 (2)
[827] : 0x73 (115)
[828] : 0xbf (191)
[829] : 0x36 (54)
[830] : 0x37 (55)
[831] : 0xbe (190)
[832] : 0xa1 (161)
[833] : 0x25 (37)
[834] : 0xc5 (197)
[835] : 0x93 (147)
[836] : 0x29 (41)
[837] : 0x75 (117)
[838] : 0x9b (155)
[839] : 0xf0 (240)
[840] : 0x24 (36)
[841] : 0x52 (82)
[842] : 0xc9 (201)
[843] : 0x4d (77)
[844] : 0x25 (37)
[845] : 0x46 (70)
[846] : 0x31 (49)
[847] : 0xd5 (213)
[848] : 0x69 (105)
[849] : 0x2c (44)
[850] : 0x61 (97)
[851] : 0x70 (112)
[852] : 0x82 (130)
[853] : 0x1e (30)
[854] : 0xd0 (208)
[855] : 0xb1 (177)
[856] : 0x4e (78)
[857] : 0x2d (45)
[858] : 0x0e (14)
[859] : 0x05 (5)
[860] : 0xae (174)
[861] : 0x60 (96)
[862] : 0x06 (6)
[863] : 0x3c (60)
[864] : 0x0d (13)
[865] : 0xe1 (225)
[866] : 0x94 (148)
[867] : 0x05 (5)
[868] : 0x2f (47)
[869] : 0x9a (154)
[870] : 0x73 (115)
[871] : 0x97 (151)
[872] : 0xbc (188)
[873] : 0xac (172)
[874] : 0xf6 (246)
[875] : 0x30 (48)
[876] : 0xac (172)
[877] : 0xde (222)
[878] : 0xe8 (232)
[879] : 0xfb (251)
[880] : 0xc6 (198)
[881] : 0xe4 (228)
[882] : 0x7c (124)
[883] : 0x17 (23)
[884] : 0xb0 (176)
[885] : 0x6f (111)
[886] : 0xc8 (200)
[887] : 0xde (222)
[888] : 0x76 (118)
[889] : 0x05 (5)
[890] : 0x0e (14)
[891] : 0x6e (110)
[892] : 0x2f (47)
[893] : 0xc7 (199)
[894] : 0x83 (131)
[895] : 0xeb (235)
[896] : 0xfa (250)
[897] : 0xc3 (195)
[898] : 0x10 (16)
[899] : 0x5e (94)
[900] : 0xff (255)
[901] : 0xea (234)
[902] : 0x60 (96)
[903] : 0x8c (140)
[904] : 0x9c (156)
[905] : 0x22 (34)
[906] : 0x3e (62)
[907] : 0xf6 (246)
[908] : 0x95 (149)
[909] : 0xb2 (178)
[910] : 0xb1 (177)
[911] : 0x00 (0)
[912] : 0x95 (149)
[913] : 0x34 (52)
[914] : 0x61 (97)
[915] : 0xc3 (195)
[916] : 0xd1 (209)
[917] : 0x9f (159)
[918] : 0x39 (57)
[919] : 0xa3 (163)
[920] : 0xef (239)
[921] : 0xe8 (232)
[922] : 0xe2 (226)
[923] : 0xa1 (161)
[924] : 0xb6 (182)
[925] : 0x92 (146)
[926] : 0x7e (126)
[927] : 0x13 (19)
[928] : 0xcf (207)
[929] : 0x18 (24)
[930] : 0x8a (138)
[931] : 0xa5 (165)
[932] : 0x0e (14)
[933] : 0xdd (221)
[934] : 0x0b (11)
[935] : 0xb9 (185)
[936] : 0x44 (68)
[937] : 0x38 (56)
[938] : 0xa5 (165)
[939] : 0xb2 (178)
[940] : 0x9a (154)
[941] : 0x2b (43)
[942] : 0xff (255)
[943] : 0x0d (13)
[944] : 0x8e (142)
[945] : 0x85 (133)
[946] : 0x46 (70)
[947] : 0x7f (127)
[948] : 0x8d (141)
[949] : 0xb4 (180)
[950] : 0x5c (92)
[951] : 0x60 (96)
[952] : 0x16 (22)
[953] : 0x66 (102)
[954] : 0xaf (175)
[955] : 0x07 (7)
[956] : 0x51 (81)
[957] : 0x11 (17)
[958] : 0x89 (137)
[959] : 0x91 (145)
[960] : 0x84 (132)
[961] : 0xd4 (212)
[962] : 0x89 (137)
[963] : 0xbc (188)
[964] : 0x83 (131)
[965] : 0xae (174)
[966] : 0x8f (143)
[967] : 0xd8 (216)
[968] : 0x99 (153)
[969] : 0xdc (220)
[970] : 0xa0 (160)
[971] : 0xc7 (199)
[972] : 0xf9 (249)
[973] : 0x29 (41)
[974] : 0x08 (8)
[975] : 0x3e (62)
[976] : 0x1a (26)
[977] : 0x1d (29)
[978] : 0x56 (86)
[979] : 0x22 (34)
[980] : 0x0c (12)
[981] : 0x92 (146)
[982] : 0xae (174)
[983] : 0x9c (156)
[984] : 0x74 (116)
[985] : 0x5c (92)
[986] : 0x39 (57)
[987] : 0x46 (70)
[988] : 0x7e (126)
[989] : 0xef (239)
[990] : 0xba (186)
[991] : 0x09 (9)
[992] : 0xa0 (160)
[993] : 0xd3 (211)
[994] : 0x98 (152)
[995] : 0xb3 (179)
[996] : 0x97 (151)
[997] : 0xd1 (209)
[998] : 0xe0 (224)
[999] : 0xcc (204)
[1000] : 0x83 (131)
[1001] : 0x9c (156)
[1002] : 0xa4 (164)
[1003] : 0xf0 (240)
[1004] : 0xd9 (217)
[1005] : 0x92 (146)
[1006] : 0x40 (64)
[1007] : 0x70 (112)
[1008] : 0x81 (129)
[1009] : 0x84 (132)
[1010] : 0xfa (250)
[1011] : 0x18 (24)
[1012] : 0x73 (115)
[1013] : 0xdf (223)
[1014] : 0x25 (37)
[1015] : 0xf9 (249)
[1016] : 0xcd (205)
[1017] : 0xe9 (233)
[1018] : 0x40 (64)
[1019] : 0xa1 (161)
[1020] : 0x8b (139)
[1021] : 0x5e (94)
[1022] : 0xa9 (169)
[1023] : 0xf8 (248)
[1024] : 0x25 (37)
[1025] : 0xac (172)
[1026] : 0xac (172)
[1027] : 0x1e (30)
[1028] : 0xd7 (215)
[1029] : 0xdd (221)
[1030] : 0x5e (94)
[1031] : 0x54 (84)
[1032] : 0x62 (98)
[1033] : 0x9b (155)
[1034] : 0x25 (37)
[1035] : 0x40 (64)
[1036] : 0x9c (156)
[1037] : 0x89 (137)
[1038] : 0xf3 (243)
[1039] : 0xd1 (209)
[1040] : 0x41 (65)
[1041] : 0x49 (73)
[1042] : 0x4b (75)
[1043] : 0x7c (124)
[1044] : 0xdd (221)
[1045] : 0x67 (103)
[1046] : 0x7a (122)
[1047] : 0x43 (67)
[1048] : 0xe9 (233)
[1049] : 0x41 (65)
[1050] : 0x74 (116)
[1051] : 0x48 (72)
[1052] : 0x8e (142)
[1053] : 0xac (172)
[1054] : 0x4f (79)
[1055] : 0x41 (65)
[1056] : 0x42 (66)
[1057] : 0x93 (147)
[1058] : 0xb6 (182)
[1059] : 0xa9 (169)
[1060] : 0x6d (109)
[1061] : 0x5c (92)
[1062] : 0xf4 (244)
[1063] : 0x80 (128)
[1064] : 0x78 (120)
[1065] : 0xee (238)
[1066] : 0xa8 (168)
[1067] : 0xda (218)
[1068] : 0xfe (254)
[1069] : 0xc2 (194)
[1070] : 0x4b (75)
[1071] : 0xfa (250)
[1072] : 0x19 (25)
[1073] : 0x7f (127)
[1074] : 0xfe (254)
[1075] : 0x3e (62)
[1076] : 0x9c (156)
[1077] : 0xb8 (184)
[1078] : 0x4b (75)
[1079] : 0x26 (38)
[1080] : 0x70 (112)
[1081] : 0x0f (15)
[1082] : 0x32 (50)
[1083] : 0x53 (83)
[1084] : 0x28 (40)
[1085] : 0xff (255)
[1086] : 0xec (236)
[1087] : 0x77 (119)
access_mask : 0x00010000 (65536)
0: LSA_TRUSTED_QUERY_DOMAIN_NAME
0: LSA_TRUSTED_QUERY_CONTROLLERS
0: LSA_TRUSTED_SET_CONTROLLERS
0: LSA_TRUSTED_QUERY_POSIX
0: LSA_TRUSTED_SET_POSIX
0: LSA_TRUSTED_SET_AUTH
0: LSA_TRUSTED_QUERY_AUTH
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 18 00 1A 00 00 00 02 00 10 00 12 00 k.<G.... ........
[0020] 04 00 02 00 08 00 02 00 03 00 00 00 02 00 00 00 ........ ........
[0030] 00 00 00 00 0D 00 00 00 00 00 00 00 0C 00 00 00 ........ ........
[0040] 62 00 69 00 6C 00 79 00 6F 00 6E 00 65 00 72 00 b.i.l.y. o.n.e.r.
[0050] 2E 00 63 00 6F 00 6D 00 09 00 00 00 00 00 00 00 ..c.o.m. ........
[0060] 08 00 00 00 42 00 49 00 4C 00 59 00 4F 00 4E 00 ....B.I. L.Y.O.N.
[0070] 45 00 52 00 04 00 00 00 01 04 00 00 00 00 00 05 E.R..... ........
[0080] 15 00 00 00 51 E8 07 C2 0D D0 A2 04 19 E2 E2 C7 ....Q... ........
[0090] 40 04 00 00 0C 00 02 00 40 04 00 00 90 F6 BB C4 @....... @.......
[00A0] 3A 2C B0 3C 58 DE B5 8D 30 01 59 87 D9 41 80 2F :,.<X... 0.Y..A./
[00B0] 67 8A EE 95 1B 0E 00 82 D2 B8 F6 F8 41 76 F2 13 g....... ....Av..
[00C0] 37 4D 92 5A 51 60 22 1D 39 38 43 9F C8 F6 4C CF 7M.ZQ`". 98C...L.
[00D0] 8F C3 C7 62 72 C3 36 E7 39 28 A3 1B 34 CE CE 7B ...br.6. 9(..4..{
[00E0] D3 83 A3 EB 72 3C 03 AE C5 15 12 86 45 CB 50 E2 ....r<.. ....E.P.
[00F0] 95 E1 18 99 A6 84 E2 5E 01 D9 A3 B3 B0 40 3A 00 .......^ .....@:.
[0100] F8 15 66 3E D7 B6 6B 01 F2 47 61 3C 25 13 87 23 ..f>..k. .Ga<%..#
[0110] 88 C6 02 D2 45 59 47 57 71 0B D9 49 04 30 0E 8C ....EYGW q..I.0..
[0120] 83 59 8E 8A F6 25 AB 3E 53 54 0B 65 AF 34 24 AC .Y...%.> ST.e.4$.
[0130] 7D 8D F8 A8 B8 88 20 D3 98 08 E3 EB B4 2A B5 03 }..... . .....*..
[0140] 28 3C 03 A2 55 21 9E 4F 53 BA 25 C2 33 E5 06 53 (<..U!.O S.%.3..S
[0150] 22 79 E0 9A 06 A4 C6 16 34 0E 86 14 06 FE 31 C1 "y...... 4.....1.
[0160] D1 6C EF 65 88 35 67 8D 3D E9 EF 1D 41 14 9B F4 .l.e.5g. =...A...
[0170] 5E 05 B7 75 25 1F A6 7C A0 8C 8D F6 CD 1F CE 7B ^..u%..| .......{
[0180] 17 8B 09 8A 68 D1 25 60 45 32 F8 C1 E1 96 7B 55 ....h.%` E2....{U
[0190] F6 FC CE 1E B2 46 F7 C6 CC 83 CB C2 6E 42 74 8C .....F.. ....nBt.
[01A0] 58 9C 5A B3 62 18 00 82 16 6D 70 1F 15 E5 80 0E X.Z.b... .mp.....
[01B0] E7 72 54 24 6D 71 E5 F4 DD 40 B3 81 79 09 CF 3B .rT$mq.. . at ..y..;
[01C0] 17 15 E7 C7 58 1B 9F 36 97 AB CD 34 39 CF B6 87 ....X..6 ...49...
[01D0] DA B7 FF 0E 65 78 C7 44 3A 54 7F D9 7C C8 DD 7B ....ex.D :T..|..{
[01E0] 26 01 9F 34 E7 E9 00 B5 F2 8E E5 E7 4E C3 01 6D &..4.... ....N..m
[01F0] 4D DB 98 81 F7 EA 97 E3 CC 2E 65 2A C4 3D 4F 9C M....... ..e*.=O.
[0200] 88 DF E4 BD E8 26 68 B7 26 6E 7C B3 C3 4A 09 04 .....&h. &n|..J..
[0210] 43 A1 ED 23 7A F0 72 36 77 7F BA E4 29 38 EF 10 C..#z.r6 w...)8..
[0220] 0F 5E 27 2F 31 28 2E B7 58 5C C9 72 9B 4F 9C 3F .^'/1(.. X\.r.O.?
[0230] 9A 91 68 87 5B 99 39 AE E1 DA D8 9E E3 5F D6 15 ..h.[.9. ....._..
[0240] 7E C4 86 DA B1 F3 53 C0 01 51 D0 B5 00 CC 99 6D ~.....S. .Q.....m
[0250] 19 16 52 63 67 01 D4 41 23 53 B6 E9 15 16 00 15 ..Rcg..A #S......
[0260] 6F 0C 77 2F D9 A5 38 AD 22 BB DA 8C 62 E7 44 61 o.w/..8. "...b.Da
[0270] F5 83 67 A3 DB 2C DA 83 52 A3 F7 71 C9 B3 7F 69 ..g..,.. R..q...i
[0280] C1 84 8A F6 D1 E0 D9 E3 2E 67 A6 0E 43 10 8F 56 ........ .g..C..V
[0290] 4A 04 60 55 A4 30 33 66 BC 52 6A 58 11 37 03 F9 J.`U.03f .RjX.7..
[02A0] B7 6A 1C 9B AF 2B D1 0A 34 A6 0E 83 4E F2 8F 0C .j...+.. 4...N...
[02B0] F9 F3 6F A3 7B BA CA CF 12 82 65 1A 95 AA 6D 5A ..o.{... ..e...mZ
[02C0] 4C 9A DB 8F FC 85 1F AC DD 52 E9 C5 D7 57 78 41 L....... .R...WxA
[02D0] AD 63 86 61 06 2D AF B5 2E 69 E6 4E 42 8E AA 3B .c.a.-.. .i.NB..;
[02E0] 07 11 5F 7A F7 CE FF 95 48 4A 46 A6 0F 8B 74 CC .._z.... HJF...t.
[02F0] 38 1D BF 73 C1 78 78 DD 73 6D 52 3E C6 01 38 D1 8..s.xx. smR>..8.
[0300] E4 27 24 F7 22 87 6B 86 0B 64 68 D6 1B 31 96 C2 .'$.".k. .dh..1..
[0310] A7 35 BF F6 38 70 EE 9E 26 BB 48 9F A6 68 54 69 .5..8p.. &.H..hTi
[0320] 9F 5E 2D 29 9A 78 6B EB 8A CE A6 59 FC 5E 61 4A .^-).xk. ...Y.^aJ
[0330] D5 9C A4 65 5F 21 A3 49 7A 9A 40 38 AD 28 27 11 ...e_!.I z. at 8.('.
[0340] B4 41 11 7F 37 0B AE 85 2A E2 35 89 78 1C A2 EB .A..7... *.5.x...
[0350] 77 75 43 9C D1 C9 A4 D2 90 1F 7F A9 84 0D FD C1 wuC..... ........
[0360] D0 BA 67 3D 64 53 EB 0C 34 23 01 83 66 EC 22 35 ..g=dS.. 4#..f."5
[0370] EA 29 46 9F 57 1F 83 C2 03 F0 41 CD 35 C0 88 10 .)F.W... ..A.5...
[0380] 8E 98 2C 85 EE CA BD DA CE 34 B5 B6 A1 02 DF 2B ..,..... .4.....+
[0390] 9A 64 71 39 B8 F6 CF 4C 4B C7 64 86 58 D7 D9 6F .dq9...L K.d.X..o
[03A0] 4A D6 FD 80 A5 51 96 DB 8C 4A 0F AF 1A 9A AC 28 J....Q.. .J.....(
[03B0] 79 30 68 9B D3 2E 8E D6 1A C4 DD 9A 78 A8 CC 73 y0h..... ....x..s
[03C0] F1 94 2F 00 3B ED 4A B3 00 2E AD 2A 5B E8 2A 70 ../.;.J. ...*[.*p
[03D0] CE F8 82 08 92 3F 02 73 BF 36 37 BE A1 25 C5 93 .....?.s .67..%..
[03E0] 29 75 9B F0 24 52 C9 4D 25 46 31 D5 69 2C 61 70 )u..$R.M %F1.i,ap
[03F0] 82 1E D0 B1 4E 2D 0E 05 AE 60 06 3C 0D E1 94 05 ....N-.. .`.<....
[0400] 2F 9A 73 97 BC AC F6 30 AC DE E8 FB C6 E4 7C 17 /.s....0 ......|.
[0410] B0 6F C8 DE 76 05 0E 6E 2F C7 83 EB FA C3 10 5E .o..v..n /......^
[0420] FF EA 60 8C 9C 22 3E F6 95 B2 B1 00 95 34 61 C3 ..`..">. .....4a.
[0430] D1 9F 39 A3 EF E8 E2 A1 B6 92 7E 13 CF 18 8A A5 ..9..... ..~.....
[0440] 0E DD 0B B9 44 38 A5 B2 9A 2B FF 0D 8E 85 46 7F ....D8.. .+....F.
[0450] 8D B4 5C 60 16 66 AF 07 51 11 89 91 84 D4 89 BC ..\`.f.. Q.......
[0460] 83 AE 8F D8 99 DC A0 C7 F9 29 08 3E 1A 1D 56 22 ........ .).>..V"
[0470] 0C 92 AE 9C 74 5C 39 46 7E EF BA 09 A0 D3 98 B3 ....t\9F ~.......
[0480] 97 D1 E0 CC 83 9C A4 F0 D9 92 40 70 81 84 FA 18 ........ .. at p....
[0490] 73 DF 25 F9 CD E9 40 A1 8B 5E A9 F8 25 AC AC 1E s.%... at . .^..%...
[04A0] D7 DD 5E 54 62 9B 25 40 9C 89 F3 D1 41 49 4B 7C ..^Tb.%@ ....AIK|
[04B0] DD 67 7A 43 E9 41 74 48 8E AC 4F 41 42 93 B6 A9 .gzC.AtH ..OAB...
[04C0] 6D 5C F4 80 78 EE A8 DA FE C2 4B FA 19 7F FE 3E m\..x... ..K....>
[04D0] 9C B8 4B 26 70 0F 32 53 28 FF EC 77 00 00 01 00 ..K&p.2S (..w....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e1fc0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=1272, this_data=1272, max_data=4280, param_offset=84,
param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e3db0
smb_signing_md5: sequence number 18
smb_signing_sign_pdu: sent SMB signature of
[0000] 1A 49 DF F6 E8 63 A6 88 .I...c..
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 19
smb_signing_check_pdu: seq 19: got good SMB signature of
[0000] 79 1A F5 6C DA 8F 59 32 y..l..Y2
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2140
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2140
s4_tevent: Destroying timer event 0x7fed9c4e3db0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e1fc0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e1530
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e1530
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
out: struct lsa_CreateTrustedDomainEx2
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
86a5ad6a-47dc-4d86-8e78-c8c493bef40f
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 6A AD A5 86 DC 47 86 4D 8E 78 C8 C4 ....j... .G.M.x..
[0010] 93 BE F4 0F 00 00 00 00 ........
lsa_OpenTrustedDomainByName: struct lsa_OpenTrustedDomainByName
in: struct lsa_OpenTrustedDomainByName
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
name: struct lsa_String
length : 0x0018 (24)
size : 0x0018 (24)
string : *
string : 'IPADOMAIN.COM'
access_mask : 0x02000000 (33554432)
0: LSA_TRUSTED_QUERY_DOMAIN_NAME
0: LSA_TRUSTED_QUERY_CONTROLLERS
0: LSA_TRUSTED_SET_CONTROLLERS
0: LSA_TRUSTED_QUERY_POSIX
0: LSA_TRUSTED_SET_POSIX
0: LSA_TRUSTED_SET_AUTH
0: LSA_TRUSTED_QUERY_AUTH
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 18 00 18 00 00 00 02 00 0C 00 00 00 k.<G.... ........
[0020] 00 00 00 00 0C 00 00 00 62 00 69 00 6C 00 79 00 ........ b.i.l.y.
[0030] 6F 00 6E 00 65 00 72 00 2E 00 63 00 6F 00 6D 00 o.n.e.r. ..c.o.m.
[0040] 00 00 00 02 ....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e16b0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e3210
smb_signing_md5: sequence number 20
smb_signing_sign_pdu: sent SMB signature of
[0000] A5 DE 8E 3F F5 AE CD 6E ...?...n
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 21
smb_signing_check_pdu: seq 21: got good SMB signature of
[0000] C3 66 E7 6B 98 97 4A 9B .f.k..J.
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e29e0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e29e0
s4_tevent: Destroying timer event 0x7fed9c4e3210 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e16b0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c045790
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c045790
lsa_OpenTrustedDomainByName: struct lsa_OpenTrustedDomainByName
out: struct lsa_OpenTrustedDomainByName
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
e40aa3cd-86c8-450b-b9e1-45729852a03b
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 CD A3 0A E4 C8 86 0B 45 B9 E1 45 72 ........ ...E..Er
[0010] 98 52 A0 3B 00 00 00 00 .R.;....
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
in: struct lsa_SetInformationTrustedDomain
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
e40aa3cd-86c8-450b-b9e1-45729852a03b
level :
LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES (13)
info : *
info : union lsa_TrustedDomainInfo(case
13)
enc_types: struct lsa_TrustDomainInfoSupportedEncTypes
enc_types : 0x0000001c (28)
0: KERB_ENCTYPE_DES_CBC_CRC
0: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
rpc request data:
[0000] 00 00 00 00 CD A3 0A E4 C8 86 0B 45 B9 E1 45 72 ........ ...E..Er
[0010] 98 52 A0 3B 0D 00 0D 00 1C 00 00 00 .R.;.... ....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c0457a0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e3400
smb_signing_md5: sequence number 22
smb_signing_sign_pdu: sent SMB signature of
[0000] 2F 7C F6 4B ED 64 22 B6 /|.K.d".
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 23
smb_signing_check_pdu: seq 23: got good SMB signature of
[0000] 93 B0 F0 06 47 79 39 41 ....Gy9A
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c045390
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c045390
s4_tevent: Destroying timer event 0x7fed9c4e3400 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c0457a0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e17a0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e17a0
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
out: struct lsa_SetInformationTrustedDomain
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 ....
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
in: struct lsa_SetInformationTrustedDomain
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
e40aa3cd-86c8-450b-b9e1-45729852a03b
level : LSA_TRUSTED_DOMAIN_INFO_INFO_EX (6)
info : *
info : union lsa_TrustedDomainInfo(case
6)
info_ex: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'IPADOMAIN.COM'
netbios_name: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'IPADOMAIN'
sid : *
sid :
S-1-5-21-3255298129-77778957-3353535001
trust_direction : 0x00000003 (3)
1: LSA_TRUST_DIRECTION_INBOUND
1: LSA_TRUST_DIRECTION_OUTBOUND
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
rpc request data:
[0000] 00 00 00 00 CD A3 0A E4 C8 86 0B 45 B9 E1 45 72 ........ ...E..Er
[0010] 98 52 A0 3B 06 00 06 00 18 00 1A 00 00 00 02 00 .R.;.... ........
[0020] 10 00 12 00 04 00 02 00 08 00 02 00 03 00 00 00 ........ ........
[0030] 02 00 00 00 08 00 00 00 0D 00 00 00 00 00 00 00 ........ ........
[0040] 0C 00 00 00 62 00 69 00 6C 00 79 00 6F 00 6E 00 ....b.i. l.y.o.n.
[0050] 65 00 72 00 2E 00 63 00 6F 00 6D 00 09 00 00 00 e.r...c. o.m.....
[0060] 00 00 00 00 08 00 00 00 42 00 49 00 4C 00 59 00 ........ B.I.L.Y.
[0070] 4F 00 4E 00 45 00 52 00 04 00 00 00 01 04 00 00 O.N.E.R. ........
[0080] 00 00 00 05 15 00 00 00 51 E8 07 C2 0D D0 A2 04 ........ Q.......
[0090] 19 E2 E2 C7 ....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c0451a0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=172, this_data=172, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e34f0
smb_signing_md5: sequence number 24
smb_signing_sign_pdu: sent SMB signature of
[0000] CE 3D 39 C3 9E 80 07 63 .=9....c
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 25
smb_signing_check_pdu: seq 25: got good SMB signature of
[0000] 33 EA 19 FF 2D 04 E0 32 3...-..2
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e3100
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e3100
s4_tevent: Destroying timer event 0x7fed9c4e34f0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c0451a0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d8210
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d8210
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
out: struct lsa_SetInformationTrustedDomain
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 ....
lsa_lsaRSetForestTrustInformation: struct
lsa_lsaRSetForestTrustInformation
in: struct lsa_lsaRSetForestTrustInformation
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
523067c0-2963-41a2-9b62-de196bc43c47
trusted_domain_name : *
trusted_domain_name: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'IPADOMAIN.COM'
highest_record_type : 0x0002 (2)
forest_trust_info : *
forest_trust_info: struct lsa_ForestTrustInformation
count : 0x00000001 (1)
entries : *
entries: ARRAY(1)
entries : *
entries: struct lsa_ForestTrustRecord
flags : 0x00000000
(0)
type :
LSA_FOREST_TRUST_TOP_LEVEL_NAME (0)
time :
0x01d034a27bcb1f00 (130662261660000000)
forest_trust_data : union
lsa_ForestTrustData(case 0)
top_level_name: struct lsa_StringLarge
length : 0x0018
(24)
size : 0x001a
(26)
string : *
string : '
IPADOMAIN.COM'
check_only : 0x00 (0)
rpc request data:
[0000] 00 00 00 00 C0 67 30 52 63 29 A2 41 9B 62 DE 19 .....g0R c).A.b..
[0010] 6B C4 3C 47 18 00 1A 00 00 00 02 00 0D 00 00 00 k.<G.... ........
[0020] 00 00 00 00 0C 00 00 00 62 00 69 00 6C 00 79 00 ........ b.i.l.y.
[0030] 6F 00 6E 00 65 00 72 00 2E 00 63 00 6F 00 6D 00 o.n.e.r. ..c.o.m.
[0040] 02 00 00 00 01 00 00 00 04 00 02 00 01 00 00 00 ........ ........
[0050] 08 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0060] 00 1F CB 7B A2 34 D0 01 00 00 00 00 18 00 1A 00 ...{.4.. ........
[0070] 0C 00 02 00 0D 00 00 00 00 00 00 00 0C 00 00 00 ........ ........
[0080] 62 00 69 00 6C 00 79 00 6F 00 6E 00 65 00 72 00 b.i.l.y. o.n.e.r.
[0090] 2E 00 63 00 6F 00 6D 00 00 ..c.o.m. .
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e1fc0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=177, this_data=177, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e3b20
smb_signing_md5: sequence number 26
smb_signing_sign_pdu: sent SMB signature of
[0000] C3 E6 77 0C 26 08 8D 32 ..w.&..2
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4c9cf0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4dcdd0
smb_signing_md5: sequence number 27
smb_signing_check_pdu: seq 27: got good SMB signature of
[0000] A0 23 8C B1 9F 85 69 B3 .#....i.
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e36b0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e36b0
s4_tevent: Destroying timer event 0x7fed9c4e3b20 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e1fc0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c045210
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c045210
lsa_lsaRSetForestTrustInformation: struct
lsa_lsaRSetForestTrustInformation
out: struct lsa_lsaRSetForestTrustInformation
collision_info : *
collision_info : *
collision_info: struct lsa_ForestTrustCollisionInfo
count : 0x00000001 (1)
entries : *
entries: ARRAY(1)
entries : *
entries: struct
lsa_ForestTrustCollisionRecord
index :
0x00000000 (0)
type :
LSA_FOREST_TRUST_COLLISION_TDO (0)
flags : union
lsa_ForestTrustCollisionFlags(case 0)
flags :
0x00000004 (4)
0: LSA_TLN_DISABLED_NEW
0: LSA_TLN_DISABLED_ADMIN
1: LSA_TLN_DISABLED_CONFLICT
name: struct lsa_String
length :
0x0014 (20)
size :
0x0016 (22)
string : *
string : '
ADDOMAIN.COM'
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 02 00 01 00 00 00 04 00 02 00 01 00 00 00 ........ ........
[0010] 08 00 02 00 00 00 00 00 00 00 00 00 04 00 00 00 ........ ........
[0020] 14 00 16 00 0C 00 02 00 0B 00 00 00 00 00 00 00 ........ ........
[0030] 0A 00 00 00 4C 00 49 00 42 00 45 00 52 00 4F 00 ....L.I. B.E.R.O.
[0040] 2E 00 49 00 4E 00 54 00 00 00 00 00 ..I.N.T. ....
[Fri Feb 27 12:08:11.600805 2015] [:error] [pid 5366] ipa: ERROR: When
setting forest trust information, got collision info back:
[Fri Feb 27 12:08:11.600851 2015] [:error] [pid 5366]
lsa_ForestTrustCollisionInfo: struct lsa_ForestTrustCollisionInfo
[Fri Feb 27 12:08:11.600864 2015] [:error] [pid 5366] count
: 0x00000001 (1)
[Fri Feb 27 12:08:11.600874 2015] [:error] [pid 5366] entries
: *
[Fri Feb 27 12:08:11.600883 2015] [:error] [pid 5366] entries:
ARRAY(1)
[Fri Feb 27 12:08:11.600889 2015] [:error] [pid 5366]
entries : *
[Fri Feb 27 12:08:11.600893 2015] [:error] [pid 5366]
entries: struct lsa_ForestTrustCollisionRecord
[Fri Feb 27 12:08:11.600896 2015] [:error] [pid 5366]
index : 0x00000000 (0)
[Fri Feb 27 12:08:11.600900 2015] [:error] [pid 5366]
type : LSA_FOREST_TRUST_COLLISION_TDO (0)
[Fri Feb 27 12:08:11.600904 2015] [:error] [pid 5366]
flags : union lsa_ForestTrustCollisionFlags(case 0)
[Fri Feb 27 12:08:11.600908 2015] [:error] [pid 5366]
flags : 0x00000004 (4)
[Fri Feb 27 12:08:11.600911 2015] [:error] [pid 5366]
0: LSA_TLN_DISABLED_NEW
[Fri Feb 27 12:08:11.600914 2015] [:error] [pid 5366]
0: LSA_TLN_DISABLED_ADMIN
[Fri Feb 27 12:08:11.600918 2015] [:error] [pid 5366]
1: LSA_TLN_DISABLED_CONFLICT
[Fri Feb 27 12:08:11.600921 2015] [:error] [pid 5366]
name: struct lsa_String
[Fri Feb 27 12:08:11.600925 2015] [:error] [pid 5366]
length : 0x0014 (20)
[Fri Feb 27 12:08:11.600928 2015] [:error] [pid 5366]
size : 0x0016 (22)
[Fri Feb 27 12:08:11.600931 2015] [:error] [pid 5366]
string : *
[Fri Feb 27 12:08:11.600935 2015] [:error] [pid 5366]
string : 'ADDOMAIN.COM'
[Fri Feb 27 12:08:11.600938 2015] [:error] [pid 5366]
lsa_QueryTrustedDomainInfoByName: struct
lsa_QueryTrustedDomainInfoByName
in: struct lsa_QueryTrustedDomainInfoByName
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
trusted_domain : *
trusted_domain: struct lsa_String
length : 0x0014 (20)
size : 0x0014 (20)
string : *
string : 'ADDOMAIN.COM'
level : LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8)
rpc request data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 14 00 14 00 00 00 02 00 0A 00 00 00 @....... ........
[0020] 00 00 00 00 0A 00 00 00 4C 00 49 00 42 00 45 00 ........ L.I.B.E.
[0030] 52 00 4F 00 2E 00 49 00 4E 00 54 00 08 00 R.O...I. N.T...
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4df9f0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=86, this_data=86, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c045600
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c045210
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c045210
s4_tevent: Destroying timer event 0x7fed9c045600 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4df9f0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3edd50
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3edd50
lsa_QueryTrustedDomainInfoByName: struct
lsa_QueryTrustedDomainInfoByName
out: struct lsa_QueryTrustedDomainInfoByName
info : *
info : *
info : union
lsa_TrustedDomainInfo(case 8)
full_info: struct lsa_TrustDomainInfoFullInfo
info_ex: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'ADDOMAIN.COM
'
netbios_name: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'ADDOMAIN'
sid : *
sid :
S-1-5-21-1343024091-2000478354-725345543
trust_direction : 0x00000003 (3)
1: LSA_TRUST_DIRECTION_INBOUND
1: LSA_TRUST_DIRECTION_OUTBOUND
trust_type :
LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0:
LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
posix_offset: struct lsa_TrustDomainInfoPosixOffset
posix_offset : 0x00000000 (0)
auth_info: struct lsa_TrustDomainInfoAuthInfo
incoming_count : 0x00000001 (1)
incoming_current_auth_info: *
incoming_current_auth_info: struct
lsa_TrustDomainInfoBuffer
last_update_time : Fri Feb 27
12:07:06 2015 EET
AuthType :
TRUST_AUTH_TYPE_CLEAR (2)
data: struct lsa_DATA_BUF2
size :
0x00000080 (128)
data : *
data :
334769712e5538395826216d43662e4f3f4f324c4e616342297e216e5b3d40436347796e67654a306c6d264a532d524f7a663b3a563d355b70417e246c407e26497655352d3c437e6a4440237529704446214675464d512629632554676b5550436f244b594928314444285a536e57324f3b21703f3742502665494f6a4d353b
incoming_previous_auth_info: NULL
outgoing_count : 0x00000001 (1)
outgoing_current_auth_info: *
outgoing_current_auth_info: struct
lsa_TrustDomainInfoBuffer
last_update_time : Fri Feb 27
12:07:06 2015 EET
AuthType :
TRUST_AUTH_TYPE_CLEAR (2)
data: struct lsa_DATA_BUF2
size :
0x00000080 (128)
data : *
data :
334769712e5538395826216d43662e4f3f4f324c4e616342297e216e5b3d40436347796e67654a306c6d264a532d524f7a663b3a563d355b70417e246c407e26497655352d3c437e6a4440237529704446214675464d512629632554676b5550436f244b594928314444285a536e57324f3b21703f3742502665494f6a4d353b
outgoing_previous_auth_info: NULL
result : NT_STATUS_OK
rpc reply data:
[0000] 04 00 02 00 08 00 00 00 14 00 16 00 08 00 02 00 ........ ........
[0010] 0C 00 0E 00 0C 00 02 00 10 00 02 00 03 00 00 00 ........ ........
[0020] 02 00 00 00 08 00 00 00 00 00 00 00 01 00 00 00 ........ ........
[0030] 14 00 02 00 00 00 00 00 01 00 00 00 18 00 02 00 ........ ........
[0040] 00 00 00 00 0B 00 00 00 00 00 00 00 0A 00 00 00 ........ ........
[0050] 4C 00 49 00 42 00 45 00 52 00 4F 00 2E 00 49 00 L.I.B.E. R.O...I.
[0060] 4E 00 54 00 07 00 00 00 00 00 00 00 06 00 00 00 N.T..... ........
[0070] 4C 00 49 00 42 00 45 00 52 00 4F 00 04 00 00 00 L.I.B.E. R.O.....
[0080] 01 04 00 00 00 00 00 05 15 00 00 00 DB EB 0C 50 ........ .......P
[0090] 92 E0 3C 77 07 E5 3B 2B 00 C1 DB 23 75 52 D0 01 ..<w..;+ ...#uR..
[00A0] 02 00 00 00 80 00 00 00 1C 00 02 00 80 00 00 00 ........ ........
[00B0] 33 47 69 71 2E 55 38 39 58 26 21 6D 43 66 2E 4F 3Giq.U89 X&!mCf.O
[00C0] 3F 4F 32 4C 4E 61 63 42 29 7E 21 6E 5B 3D 40 43 ?O2LNacB )~!n[=@C
[00D0] 63 47 79 6E 67 65 4A 30 6C 6D 26 4A 53 2D 52 4F cGyngeJ0 lm&JS-RO
[00E0] 7A 66 3B 3A 56 3D 35 5B 70 41 7E 24 6C 40 7E 26 zf;:V=5[ pA~$l@~&
[00F0] 49 76 55 35 2D 3C 43 7E 6A 44 40 23 75 29 70 44 IvU5-<C~ jD@#u)pD
[0100] 46 21 46 75 46 4D 51 26 29 63 25 54 67 6B 55 50 F!FuFMQ& )c%TgkUP
[0110] 43 6F 24 4B 59 49 28 31 44 44 28 5A 53 6E 57 32 Co$KYI(1 DD(ZSnW2
[0120] 4F 3B 21 70 3F 37 42 50 26 65 49 4F 6A 4D 35 3B O;!p?7BP &eIOjM5;
[0130] 00 C1 DB 23 75 52 D0 01 02 00 00 00 80 00 00 00 ...#uR.. ........
[0140] 20 00 02 00 80 00 00 00 33 47 69 71 2E 55 38 39 ....... 3Giq.U89
[0150] 58 26 21 6D 43 66 2E 4F 3F 4F 32 4C 4E 61 63 42 X&!mCf.O ?O2LNacB
[0160] 29 7E 21 6E 5B 3D 40 43 63 47 79 6E 67 65 4A 30 )~!n[=@C cGyngeJ0
[0170] 6C 6D 26 4A 53 2D 52 4F 7A 66 3B 3A 56 3D 35 5B lm&JS-RO zf;:V=5[
[0180] 70 41 7E 24 6C 40 7E 26 49 76 55 35 2D 3C 43 7E pA~$l@~& IvU5-<C~
[0190] 6A 44 40 23 75 29 70 44 46 21 46 75 46 4D 51 26 jD@#u)pD F!FuFMQ&
[01A0] 29 63 25 54 67 6B 55 50 43 6F 24 4B 59 49 28 31 )c%TgkUP Co$KYI(1
[01B0] 44 44 28 5A 53 6E 57 32 4F 3B 21 70 3F 37 42 50 DD(ZSnW2 O;!p?7BP
[01C0] 26 65 49 4F 6A 4D 35 3B 00 00 00 00 &eIOjM5; ....
lsa_DeleteTrustedDomain: struct lsa_DeleteTrustedDomain
in: struct lsa_DeleteTrustedDomain
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
dom_sid : *
dom_sid :
S-1-5-21-1343024091-2000478354-725345543
rpc request data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 04 00 00 00 01 04 00 00 00 00 00 05 @....... ........
[0020] 15 00 00 00 DB EB 0C 50 92 E0 3C 77 07 E5 3B 2B .......P ..<w..;+
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c044d30
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e37e0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c045780
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c045780
s4_tevent: Destroying timer event 0x7fed9c4e37e0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c044d30 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cd150
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cd150
lsa_DeleteTrustedDomain: struct lsa_DeleteTrustedDomain
out: struct lsa_DeleteTrustedDomain
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 ....
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
in: struct lsa_CreateTrustedDomainEx2
policy_handle : *
policy_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
info : *
info: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'ADDOMAIN.COM'
netbios_name: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'ADDOMAIN'
sid : *
sid :
S-1-5-21-1343024091-2000478354-725345543
trust_direction : 0x00000003 (3)
1: LSA_TRUST_DIRECTION_INBOUND
1: LSA_TRUST_DIRECTION_OUTBOUND
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
auth_info_internal : *
auth_info_internal: struct
lsa_TrustDomainInfoAuthInfoInternal
auth_blob: struct lsa_DATA_BUF2
size : 0x00000440 (1088)
data : *
data: ARRAY(1088)
[0] : 0x04 (4)
[1] : 0xcc (204)
[2] : 0x6e (110)
[3] : 0xc2 (194)
[4] : 0xea (234)
[5] : 0x0f (15)
[6] : 0x8d (141)
[7] : 0x2c (44)
[8] : 0x5f (95)
[9] : 0x34 (52)
[10] : 0xa4 (164)
[11] : 0x25 (37)
[12] : 0x65 (101)
[13] : 0xa2 (162)
[14] : 0xcc (204)
[15] : 0xc4 (196)
[16] : 0x52 (82)
[17] : 0x5c (92)
[18] : 0x29 (41)
[19] : 0x28 (40)
[20] : 0x6b (107)
[21] : 0x97 (151)
[22] : 0x9a (154)
[23] : 0x12 (18)
[24] : 0x63 (99)
[25] : 0x21 (33)
[26] : 0xf1 (241)
[27] : 0x95 (149)
[28] : 0xe9 (233)
[29] : 0x58 (88)
[30] : 0x03 (3)
[31] : 0x37 (55)
[32] : 0xb0 (176)
[33] : 0x6f (111)
[34] : 0x7c (124)
[35] : 0x06 (6)
[36] : 0xea (234)
[37] : 0xfa (250)
[38] : 0xd7 (215)
[39] : 0xc9 (201)
[40] : 0x89 (137)
[41] : 0xee (238)
[42] : 0x04 (4)
[43] : 0x0c (12)
[44] : 0x74 (116)
[45] : 0x25 (37)
[46] : 0x16 (22)
[47] : 0x94 (148)
[48] : 0xbc (188)
[49] : 0xac (172)
[50] : 0x7d (125)
[51] : 0x0f (15)
[52] : 0xa1 (161)
[53] : 0x4f (79)
[54] : 0xcb (203)
[55] : 0x01 (1)
[56] : 0xb3 (179)
[57] : 0x34 (52)
[58] : 0xb6 (182)
[59] : 0xa3 (163)
[60] : 0xe2 (226)
[61] : 0x39 (57)
[62] : 0x66 (102)
[63] : 0x30 (48)
[64] : 0xc8 (200)
[65] : 0x32 (50)
[66] : 0x0a (10)
[67] : 0x2d (45)
[68] : 0x83 (131)
[69] : 0xe9 (233)
[70] : 0xbd (189)
[71] : 0x11 (17)
[72] : 0x2b (43)
[73] : 0x69 (105)
[74] : 0xe4 (228)
[75] : 0x0f (15)
[76] : 0x5e (94)
[77] : 0xfe (254)
[78] : 0xea (234)
[79] : 0xe2 (226)
[80] : 0x54 (84)
[81] : 0x06 (6)
[82] : 0x75 (117)
[83] : 0x52 (82)
[84] : 0xcf (207)
[85] : 0x4e (78)
[86] : 0x3d (61)
[87] : 0x67 (103)
[88] : 0xc8 (200)
[89] : 0xff (255)
[90] : 0xdb (219)
[91] : 0x11 (17)
[92] : 0x4f (79)
[93] : 0xac (172)
[94] : 0x12 (18)
[95] : 0xf0 (240)
[96] : 0xa0 (160)
[97] : 0x72 (114)
[98] : 0x4a (74)
[99] : 0x62 (98)
[100] : 0x4a (74)
[101] : 0x47 (71)
[102] : 0xe8 (232)
[103] : 0xd7 (215)
[104] : 0x0c (12)
[105] : 0xb3 (179)
[106] : 0x2c (44)
[107] : 0x43 (67)
[108] : 0x3c (60)
[109] : 0x6d (109)
[110] : 0x2b (43)
[111] : 0x72 (114)
[112] : 0xf8 (248)
[113] : 0x48 (72)
[114] : 0x1f (31)
[115] : 0x81 (129)
[116] : 0x4a (74)
[117] : 0x37 (55)
[118] : 0x9d (157)
[119] : 0x10 (16)
[120] : 0xdf (223)
[121] : 0x97 (151)
[122] : 0x03 (3)
[123] : 0x6a (106)
[124] : 0xb1 (177)
[125] : 0x21 (33)
[126] : 0xd2 (210)
[127] : 0xe7 (231)
[128] : 0x1d (29)
[129] : 0x93 (147)
[130] : 0xe4 (228)
[131] : 0x52 (82)
[132] : 0xe1 (225)
[133] : 0xaf (175)
[134] : 0x89 (137)
[135] : 0x44 (68)
[136] : 0x59 (89)
[137] : 0x70 (112)
[138] : 0x95 (149)
[139] : 0x68 (104)
[140] : 0x18 (24)
[141] : 0x33 (51)
[142] : 0x29 (41)
[143] : 0x97 (151)
[144] : 0x04 (4)
[145] : 0xb9 (185)
[146] : 0x9e (158)
[147] : 0xf4 (244)
[148] : 0x9c (156)
[149] : 0xab (171)
[150] : 0xb5 (181)
[151] : 0x58 (88)
[152] : 0x2f (47)
[153] : 0xaa (170)
[154] : 0xf5 (245)
[155] : 0xd2 (210)
[156] : 0x2c (44)
[157] : 0x1a (26)
[158] : 0x65 (101)
[159] : 0x30 (48)
[160] : 0x8c (140)
[161] : 0x41 (65)
[162] : 0x0e (14)
[163] : 0xac (172)
[164] : 0xcf (207)
[165] : 0x56 (86)
[166] : 0x8c (140)
[167] : 0xd2 (210)
[168] : 0xfc (252)
[169] : 0x93 (147)
[170] : 0xb9 (185)
[171] : 0xcf (207)
[172] : 0xd1 (209)
[173] : 0x63 (99)
[174] : 0x00 (0)
[175] : 0xf1 (241)
[176] : 0x15 (21)
[177] : 0x6d (109)
[178] : 0x52 (82)
[179] : 0x7e (126)
[180] : 0xd5 (213)
[181] : 0x11 (17)
[182] : 0xb5 (181)
[183] : 0x23 (35)
[184] : 0x7a (122)
[185] : 0xe1 (225)
[186] : 0xdd (221)
[187] : 0xa0 (160)
[188] : 0x74 (116)
[189] : 0xc1 (193)
[190] : 0xd6 (214)
[191] : 0xc2 (194)
[192] : 0x09 (9)
[193] : 0xc4 (196)
[194] : 0x04 (4)
[195] : 0x03 (3)
[196] : 0x15 (21)
[197] : 0xc3 (195)
[198] : 0x7a (122)
[199] : 0x45 (69)
[200] : 0xd8 (216)
[201] : 0x63 (99)
[202] : 0x96 (150)
[203] : 0x35 (53)
[204] : 0xe5 (229)
[205] : 0x54 (84)
[206] : 0x27 (39)
[207] : 0xed (237)
[208] : 0x73 (115)
[209] : 0x68 (104)
[210] : 0x68 (104)
[211] : 0x6f (111)
[212] : 0x87 (135)
[213] : 0x4c (76)
[214] : 0xd0 (208)
[215] : 0xed (237)
[216] : 0x86 (134)
[217] : 0xdb (219)
[218] : 0x4d (77)
[219] : 0x75 (117)
[220] : 0x98 (152)
[221] : 0x5c (92)
[222] : 0xf1 (241)
[223] : 0x3b (59)
[224] : 0xe2 (226)
[225] : 0x8c (140)
[226] : 0xbc (188)
[227] : 0x98 (152)
[228] : 0xe1 (225)
[229] : 0x75 (117)
[230] : 0x33 (51)
[231] : 0x8a (138)
[232] : 0x76 (118)
[233] : 0xd6 (214)
[234] : 0xb7 (183)
[235] : 0x00 (0)
[236] : 0xe8 (232)
[237] : 0x35 (53)
[238] : 0x8f (143)
[239] : 0x03 (3)
[240] : 0x73 (115)
[241] : 0x84 (132)
[242] : 0xb9 (185)
[243] : 0x92 (146)
[244] : 0x39 (57)
[245] : 0x9b (155)
[246] : 0xdd (221)
[247] : 0xfe (254)
[248] : 0x17 (23)
[249] : 0x9f (159)
[250] : 0x79 (121)
[251] : 0x1e (30)
[252] : 0xe3 (227)
[253] : 0xd4 (212)
[254] : 0xde (222)
[255] : 0xf1 (241)
[256] : 0xff (255)
[257] : 0xe3 (227)
[258] : 0x94 (148)
[259] : 0xbb (187)
[260] : 0xad (173)
[261] : 0xc2 (194)
[262] : 0x11 (17)
[263] : 0x8a (138)
[264] : 0x8d (141)
[265] : 0xcf (207)
[266] : 0x33 (51)
[267] : 0xbf (191)
[268] : 0xd3 (211)
[269] : 0x35 (53)
[270] : 0x28 (40)
[271] : 0x25 (37)
[272] : 0x49 (73)
[273] : 0x88 (136)
[274] : 0x5b (91)
[275] : 0xa3 (163)
[276] : 0x1b (27)
[277] : 0xf5 (245)
[278] : 0xe5 (229)
[279] : 0x25 (37)
[280] : 0xfd (253)
[281] : 0x13 (19)
[282] : 0x54 (84)
[283] : 0x5f (95)
[284] : 0x5d (93)
[285] : 0xc7 (199)
[286] : 0xd6 (214)
[287] : 0x65 (101)
[288] : 0x12 (18)
[289] : 0x4f (79)
[290] : 0x51 (81)
[291] : 0xe5 (229)
[292] : 0x5b (91)
[293] : 0x4d (77)
[294] : 0x77 (119)
[295] : 0x53 (83)
[296] : 0xc0 (192)
[297] : 0xf1 (241)
[298] : 0x4f (79)
[299] : 0x8b (139)
[300] : 0x35 (53)
[301] : 0x97 (151)
[302] : 0x8a (138)
[303] : 0xf0 (240)
[304] : 0xc1 (193)
[305] : 0x63 (99)
[306] : 0xa2 (162)
[307] : 0x02 (2)
[308] : 0x92 (146)
[309] : 0x85 (133)
[310] : 0xb0 (176)
[311] : 0x12 (18)
[312] : 0xba (186)
[313] : 0x2c (44)
[314] : 0x8e (142)
[315] : 0x26 (38)
[316] : 0x2c (44)
[317] : 0x6e (110)
[318] : 0xd2 (210)
[319] : 0x0e (14)
[320] : 0x10 (16)
[321] : 0x56 (86)
[322] : 0x35 (53)
[323] : 0xfa (250)
[324] : 0x0d (13)
[325] : 0x15 (21)
[326] : 0x22 (34)
[327] : 0x78 (120)
[328] : 0xc4 (196)
[329] : 0x20 (32)
[330] : 0x66 (102)
[331] : 0xac (172)
[332] : 0x9c (156)
[333] : 0x1c (28)
[334] : 0x0c (12)
[335] : 0x71 (113)
[336] : 0x1e (30)
[337] : 0xce (206)
[338] : 0x22 (34)
[339] : 0xa3 (163)
[340] : 0xc2 (194)
[341] : 0x48 (72)
[342] : 0xe2 (226)
[343] : 0xc4 (196)
[344] : 0x43 (67)
[345] : 0x59 (89)
[346] : 0x33 (51)
[347] : 0x8a (138)
[348] : 0x42 (66)
[349] : 0x74 (116)
[350] : 0x18 (24)
[351] : 0xd7 (215)
[352] : 0xf1 (241)
[353] : 0x20 (32)
[354] : 0xdc (220)
[355] : 0x5c (92)
[356] : 0x82 (130)
[357] : 0xec (236)
[358] : 0xb6 (182)
[359] : 0x04 (4)
[360] : 0xca (202)
[361] : 0xb6 (182)
[362] : 0xc2 (194)
[363] : 0xec (236)
[364] : 0x99 (153)
[365] : 0x60 (96)
[366] : 0xc4 (196)
[367] : 0xce (206)
[368] : 0xcd (205)
[369] : 0x86 (134)
[370] : 0x11 (17)
[371] : 0x9f (159)
[372] : 0x64 (100)
[373] : 0x2a (42)
[374] : 0x9b (155)
[375] : 0x3d (61)
[376] : 0x12 (18)
[377] : 0xc9 (201)
[378] : 0x09 (9)
[379] : 0xf0 (240)
[380] : 0x3d (61)
[381] : 0xf5 (245)
[382] : 0x70 (112)
[383] : 0xfb (251)
[384] : 0x19 (25)
[385] : 0x0e (14)
[386] : 0x05 (5)
[387] : 0x6e (110)
[388] : 0x9a (154)
[389] : 0x84 (132)
[390] : 0x8f (143)
[391] : 0x0d (13)
[392] : 0x55 (85)
[393] : 0xc7 (199)
[394] : 0x95 (149)
[395] : 0x6b (107)
[396] : 0xce (206)
[397] : 0x80 (128)
[398] : 0x75 (117)
[399] : 0xc9 (201)
[400] : 0xed (237)
[401] : 0x86 (134)
[402] : 0x0e (14)
[403] : 0x9d (157)
[404] : 0x9e (158)
[405] : 0xb8 (184)
[406] : 0x1f (31)
[407] : 0x63 (99)
[408] : 0x12 (18)
[409] : 0xeb (235)
[410] : 0x2f (47)
[411] : 0x5c (92)
[412] : 0xbb (187)
[413] : 0x6a (106)
[414] : 0xe3 (227)
[415] : 0x59 (89)
[416] : 0x89 (137)
[417] : 0xd6 (214)
[418] : 0xc7 (199)
[419] : 0x0c (12)
[420] : 0xb5 (181)
[421] : 0xdd (221)
[422] : 0xf2 (242)
[423] : 0x05 (5)
[424] : 0xbb (187)
[425] : 0x36 (54)
[426] : 0xc3 (195)
[427] : 0xe7 (231)
[428] : 0xc8 (200)
[429] : 0xee (238)
[430] : 0x79 (121)
[431] : 0x2c (44)
[432] : 0x41 (65)
[433] : 0x07 (7)
[434] : 0xe7 (231)
[435] : 0xab (171)
[436] : 0x57 (87)
[437] : 0x0b (11)
[438] : 0x83 (131)
[439] : 0x90 (144)
[440] : 0x92 (146)
[441] : 0x61 (97)
[442] : 0xde (222)
[443] : 0x36 (54)
[444] : 0xb7 (183)
[445] : 0xbd (189)
[446] : 0x7c (124)
[447] : 0xa5 (165)
[448] : 0xad (173)
[449] : 0x1e (30)
[450] : 0x3a (58)
[451] : 0xb7 (183)
[452] : 0xc9 (201)
[453] : 0x06 (6)
[454] : 0x43 (67)
[455] : 0x1a (26)
[456] : 0xdc (220)
[457] : 0xb8 (184)
[458] : 0xdf (223)
[459] : 0xee (238)
[460] : 0x35 (53)
[461] : 0x31 (49)
[462] : 0xe4 (228)
[463] : 0x20 (32)
[464] : 0x2f (47)
[465] : 0x13 (19)
[466] : 0xa9 (169)
[467] : 0x9e (158)
[468] : 0xa6 (166)
[469] : 0x60 (96)
[470] : 0x36 (54)
[471] : 0xed (237)
[472] : 0xa6 (166)
[473] : 0xf3 (243)
[474] : 0x33 (51)
[475] : 0xbb (187)
[476] : 0x8d (141)
[477] : 0x87 (135)
[478] : 0x5b (91)
[479] : 0x32 (50)
[480] : 0x5d (93)
[481] : 0x96 (150)
[482] : 0xfe (254)
[483] : 0x29 (41)
[484] : 0xb8 (184)
[485] : 0xe2 (226)
[486] : 0x97 (151)
[487] : 0xe5 (229)
[488] : 0xa2 (162)
[489] : 0x55 (85)
[490] : 0xe3 (227)
[491] : 0x0d (13)
[492] : 0x47 (71)
[493] : 0x2f (47)
[494] : 0xe7 (231)
[495] : 0x54 (84)
[496] : 0x10 (16)
[497] : 0x93 (147)
[498] : 0xb7 (183)
[499] : 0xff (255)
[500] : 0xeb (235)
[501] : 0x2f (47)
[502] : 0xf3 (243)
[503] : 0x8b (139)
[504] : 0x91 (145)
[505] : 0x37 (55)
[506] : 0xcc (204)
[507] : 0x97 (151)
[508] : 0xeb (235)
[509] : 0x27 (39)
[510] : 0x36 (54)
[511] : 0xf0 (240)
[512] : 0xd0 (208)
[513] : 0xaa (170)
[514] : 0x13 (19)
[515] : 0xe7 (231)
[516] : 0x37 (55)
[517] : 0xb6 (182)
[518] : 0x69 (105)
[519] : 0x20 (32)
[520] : 0x83 (131)
[521] : 0x02 (2)
[522] : 0xa2 (162)
[523] : 0x4c (76)
[524] : 0x2c (44)
[525] : 0x18 (24)
[526] : 0x90 (144)
[527] : 0x9d (157)
[528] : 0x19 (25)
[529] : 0x8a (138)
[530] : 0x95 (149)
[531] : 0x4b (75)
[532] : 0xc4 (196)
[533] : 0x24 (36)
[534] : 0x5b (91)
[535] : 0x19 (25)
[536] : 0x93 (147)
[537] : 0xea (234)
[538] : 0xf1 (241)
[539] : 0x15 (21)
[540] : 0x61 (97)
[541] : 0xd1 (209)
[542] : 0xde (222)
[543] : 0x73 (115)
[544] : 0x66 (102)
[545] : 0x81 (129)
[546] : 0xca (202)
[547] : 0x55 (85)
[548] : 0x54 (84)
[549] : 0x55 (85)
[550] : 0x02 (2)
[551] : 0x5b (91)
[552] : 0x8a (138)
[553] : 0x02 (2)
[554] : 0x84 (132)
[555] : 0x5e (94)
[556] : 0x6d (109)
[557] : 0x60 (96)
[558] : 0x73 (115)
[559] : 0x64 (100)
[560] : 0xa4 (164)
[561] : 0x87 (135)
[562] : 0xd2 (210)
[563] : 0xd2 (210)
[564] : 0xa2 (162)
[565] : 0x2b (43)
[566] : 0x58 (88)
[567] : 0x52 (82)
[568] : 0xde (222)
[569] : 0xe2 (226)
[570] : 0x37 (55)
[571] : 0x25 (37)
[572] : 0x48 (72)
[573] : 0xba (186)
[574] : 0xed (237)
[575] : 0x4d (77)
[576] : 0x2e (46)
[577] : 0xda (218)
[578] : 0x29 (41)
[579] : 0xbd (189)
[580] : 0x0e (14)
[581] : 0x08 (8)
[582] : 0xa7 (167)
[583] : 0x45 (69)
[584] : 0xa9 (169)
[585] : 0xf4 (244)
[586] : 0x7b (123)
[587] : 0x44 (68)
[588] : 0xbc (188)
[589] : 0xf4 (244)
[590] : 0x07 (7)
[591] : 0x45 (69)
[592] : 0x37 (55)
[593] : 0x51 (81)
[594] : 0x49 (73)
[595] : 0x7b (123)
[596] : 0xc5 (197)
[597] : 0x87 (135)
[598] : 0x43 (67)
[599] : 0x84 (132)
[600] : 0xd0 (208)
[601] : 0x06 (6)
[602] : 0x58 (88)
[603] : 0x4d (77)
[604] : 0xc9 (201)
[605] : 0x3a (58)
[606] : 0x1f (31)
[607] : 0xc6 (198)
[608] : 0x12 (18)
[609] : 0x0d (13)
[610] : 0x08 (8)
[611] : 0xdd (221)
[612] : 0x6c (108)
[613] : 0x45 (69)
[614] : 0x65 (101)
[615] : 0xe1 (225)
[616] : 0x8e (142)
[617] : 0x68 (104)
[618] : 0xd7 (215)
[619] : 0x51 (81)
[620] : 0x65 (101)
[621] : 0x6d (109)
[622] : 0x9a (154)
[623] : 0x77 (119)
[624] : 0x74 (116)
[625] : 0x0b (11)
[626] : 0xef (239)
[627] : 0x13 (19)
[628] : 0x08 (8)
[629] : 0x30 (48)
[630] : 0xae (174)
[631] : 0x46 (70)
[632] : 0x1d (29)
[633] : 0x67 (103)
[634] : 0xc8 (200)
[635] : 0xfc (252)
[636] : 0x00 (0)
[637] : 0xbf (191)
[638] : 0x13 (19)
[639] : 0x76 (118)
[640] : 0xcc (204)
[641] : 0x3c (60)
[642] : 0x79 (121)
[643] : 0x5a (90)
[644] : 0xba (186)
[645] : 0x5b (91)
[646] : 0xd8 (216)
[647] : 0x97 (151)
[648] : 0x24 (36)
[649] : 0xc6 (198)
[650] : 0x56 (86)
[651] : 0x3c (60)
[652] : 0x3b (59)
[653] : 0x71 (113)
[654] : 0x88 (136)
[655] : 0xd3 (211)
[656] : 0xbe (190)
[657] : 0xa2 (162)
[658] : 0x17 (23)
[659] : 0x73 (115)
[660] : 0x4b (75)
[661] : 0x1c (28)
[662] : 0xc9 (201)
[663] : 0xa4 (164)
[664] : 0x8b (139)
[665] : 0x0c (12)
[666] : 0xdc (220)
[667] : 0x14 (20)
[668] : 0x9c (156)
[669] : 0xe4 (228)
[670] : 0x5b (91)
[671] : 0xd7 (215)
[672] : 0x58 (88)
[673] : 0x70 (112)
[674] : 0x76 (118)
[675] : 0xd0 (208)
[676] : 0x4e (78)
[677] : 0x74 (116)
[678] : 0xaa (170)
[679] : 0x89 (137)
[680] : 0x47 (71)
[681] : 0x66 (102)
[682] : 0x74 (116)
[683] : 0x4f (79)
[684] : 0xce (206)
[685] : 0x4b (75)
[686] : 0x73 (115)
[687] : 0x99 (153)
[688] : 0x0e (14)
[689] : 0xf0 (240)
[690] : 0x10 (16)
[691] : 0xdb (219)
[692] : 0x6b (107)
[693] : 0x7b (123)
[694] : 0x0f (15)
[695] : 0x96 (150)
[696] : 0x54 (84)
[697] : 0x6c (108)
[698] : 0x6d (109)
[699] : 0xcc (204)
[700] : 0xb1 (177)
[701] : 0xd9 (217)
[702] : 0x96 (150)
[703] : 0x3f (63)
[704] : 0xb2 (178)
[705] : 0xec (236)
[706] : 0xc8 (200)
[707] : 0xb5 (181)
[708] : 0x04 (4)
[709] : 0xd4 (212)
[710] : 0x36 (54)
[711] : 0x01 (1)
[712] : 0x1f (31)
[713] : 0x7b (123)
[714] : 0x1a (26)
[715] : 0x0e (14)
[716] : 0x5e (94)
[717] : 0x74 (116)
[718] : 0x36 (54)
[719] : 0x17 (23)
[720] : 0x27 (39)
[721] : 0x2e (46)
[722] : 0x50 (80)
[723] : 0x4f (79)
[724] : 0x4c (76)
[725] : 0x50 (80)
[726] : 0xbb (187)
[727] : 0xc8 (200)
[728] : 0x99 (153)
[729] : 0x30 (48)
[730] : 0x4f (79)
[731] : 0xdd (221)
[732] : 0x03 (3)
[733] : 0xb8 (184)
[734] : 0xdf (223)
[735] : 0x66 (102)
[736] : 0x9a (154)
[737] : 0x3a (58)
[738] : 0x5e (94)
[739] : 0xd2 (210)
[740] : 0x6c (108)
[741] : 0x16 (22)
[742] : 0xde (222)
[743] : 0x89 (137)
[744] : 0xf6 (246)
[745] : 0xba (186)
[746] : 0xe4 (228)
[747] : 0xc1 (193)
[748] : 0xa6 (166)
[749] : 0x0a (10)
[750] : 0xb2 (178)
[751] : 0xd6 (214)
[752] : 0xf2 (242)
[753] : 0x5c (92)
[754] : 0x8f (143)
[755] : 0x08 (8)
[756] : 0x04 (4)
[757] : 0x53 (83)
[758] : 0x9d (157)
[759] : 0x1c (28)
[760] : 0x0b (11)
[761] : 0xc0 (192)
[762] : 0xab (171)
[763] : 0x75 (117)
[764] : 0xd1 (209)
[765] : 0xc2 (194)
[766] : 0x82 (130)
[767] : 0x84 (132)
[768] : 0x90 (144)
[769] : 0x3f (63)
[770] : 0x45 (69)
[771] : 0x7b (123)
[772] : 0x0f (15)
[773] : 0x9c (156)
[774] : 0xd0 (208)
[775] : 0xd5 (213)
[776] : 0x19 (25)
[777] : 0x5f (95)
[778] : 0xe5 (229)
[779] : 0x35 (53)
[780] : 0xfb (251)
[781] : 0x2f (47)
[782] : 0xe2 (226)
[783] : 0xa1 (161)
[784] : 0xd9 (217)
[785] : 0xcd (205)
[786] : 0x6e (110)
[787] : 0x8d (141)
[788] : 0x58 (88)
[789] : 0x5d (93)
[790] : 0xf3 (243)
[791] : 0xad (173)
[792] : 0xf0 (240)
[793] : 0x1f (31)
[794] : 0xb3 (179)
[795] : 0xa1 (161)
[796] : 0x45 (69)
[797] : 0x94 (148)
[798] : 0x7f (127)
[799] : 0x34 (52)
[800] : 0xe1 (225)
[801] : 0x3f (63)
[802] : 0x51 (81)
[803] : 0xb0 (176)
[804] : 0xa4 (164)
[805] : 0x57 (87)
[806] : 0x95 (149)
[807] : 0x98 (152)
[808] : 0xe4 (228)
[809] : 0x26 (38)
[810] : 0x32 (50)
[811] : 0xcf (207)
[812] : 0x56 (86)
[813] : 0xd5 (213)
[814] : 0xdf (223)
[815] : 0xf3 (243)
[816] : 0x61 (97)
[817] : 0xe2 (226)
[818] : 0xe8 (232)
[819] : 0x50 (80)
[820] : 0xa4 (164)
[821] : 0x64 (100)
[822] : 0x22 (34)
[823] : 0xd9 (217)
[824] : 0xb7 (183)
[825] : 0xe6 (230)
[826] : 0xf4 (244)
[827] : 0x48 (72)
[828] : 0xb3 (179)
[829] : 0x22 (34)
[830] : 0x56 (86)
[831] : 0x7d (125)
[832] : 0xde (222)
[833] : 0x88 (136)
[834] : 0xb5 (181)
[835] : 0xdd (221)
[836] : 0xe9 (233)
[837] : 0xc5 (197)
[838] : 0xe2 (226)
[839] : 0x49 (73)
[840] : 0x61 (97)
[841] : 0x99 (153)
[842] : 0x94 (148)
[843] : 0x08 (8)
[844] : 0xa8 (168)
[845] : 0x52 (82)
[846] : 0x35 (53)
[847] : 0x35 (53)
[848] : 0x59 (89)
[849] : 0x2e (46)
[850] : 0xfc (252)
[851] : 0xd8 (216)
[852] : 0x1f (31)
[853] : 0xf0 (240)
[854] : 0x66 (102)
[855] : 0x57 (87)
[856] : 0xce (206)
[857] : 0x5d (93)
[858] : 0xa3 (163)
[859] : 0x4b (75)
[860] : 0xe3 (227)
[861] : 0x44 (68)
[862] : 0xca (202)
[863] : 0x7f (127)
[864] : 0x34 (52)
[865] : 0x74 (116)
[866] : 0xf0 (240)
[867] : 0x46 (70)
[868] : 0x2b (43)
[869] : 0x0c (12)
[870] : 0x3c (60)
[871] : 0xc5 (197)
[872] : 0x1d (29)
[873] : 0x89 (137)
[874] : 0x61 (97)
[875] : 0x28 (40)
[876] : 0x94 (148)
[877] : 0x4e (78)
[878] : 0xcf (207)
[879] : 0x66 (102)
[880] : 0xbb (187)
[881] : 0x88 (136)
[882] : 0x25 (37)
[883] : 0x37 (55)
[884] : 0xc4 (196)
[885] : 0xa4 (164)
[886] : 0x08 (8)
[887] : 0xe4 (228)
[888] : 0x7b (123)
[889] : 0x2f (47)
[890] : 0xe5 (229)
[891] : 0x7b (123)
[892] : 0x1e (30)
[893] : 0x9e (158)
[894] : 0x84 (132)
[895] : 0x05 (5)
[896] : 0x81 (129)
[897] : 0xda (218)
[898] : 0xc5 (197)
[899] : 0x48 (72)
[900] : 0xf9 (249)
[901] : 0x37 (55)
[902] : 0x0c (12)
[903] : 0xb2 (178)
[904] : 0x70 (112)
[905] : 0x08 (8)
[906] : 0x36 (54)
[907] : 0x25 (37)
[908] : 0x4e (78)
[909] : 0x15 (21)
[910] : 0xcd (205)
[911] : 0xdc (220)
[912] : 0x2e (46)
[913] : 0x53 (83)
[914] : 0x00 (0)
[915] : 0x06 (6)
[916] : 0x4e (78)
[917] : 0x88 (136)
[918] : 0xd2 (210)
[919] : 0xaf (175)
[920] : 0x42 (66)
[921] : 0xd3 (211)
[922] : 0x95 (149)
[923] : 0xa4 (164)
[924] : 0x36 (54)
[925] : 0x81 (129)
[926] : 0xa7 (167)
[927] : 0x40 (64)
[928] : 0xe7 (231)
[929] : 0xb2 (178)
[930] : 0x87 (135)
[931] : 0xe3 (227)
[932] : 0x7a (122)
[933] : 0xe2 (226)
[934] : 0xfb (251)
[935] : 0x23 (35)
[936] : 0xe4 (228)
[937] : 0xb3 (179)
[938] : 0x9c (156)
[939] : 0xeb (235)
[940] : 0xff (255)
[941] : 0x13 (19)
[942] : 0xf2 (242)
[943] : 0x95 (149)
[944] : 0x1c (28)
[945] : 0x4d (77)
[946] : 0xaf (175)
[947] : 0x1a (26)
[948] : 0x6c (108)
[949] : 0xb2 (178)
[950] : 0x06 (6)
[951] : 0xac (172)
[952] : 0x92 (146)
[953] : 0x05 (5)
[954] : 0xcc (204)
[955] : 0x0e (14)
[956] : 0x46 (70)
[957] : 0x48 (72)
[958] : 0x82 (130)
[959] : 0x56 (86)
[960] : 0xe6 (230)
[961] : 0x1c (28)
[962] : 0x64 (100)
[963] : 0xe6 (230)
[964] : 0xca (202)
[965] : 0x5a (90)
[966] : 0xd3 (211)
[967] : 0xc2 (194)
[968] : 0xd0 (208)
[969] : 0xff (255)
[970] : 0xcc (204)
[971] : 0xae (174)
[972] : 0x2b (43)
[973] : 0xf4 (244)
[974] : 0x88 (136)
[975] : 0x38 (56)
[976] : 0xc6 (198)
[977] : 0xf4 (244)
[978] : 0xe1 (225)
[979] : 0x7c (124)
[980] : 0x93 (147)
[981] : 0xd2 (210)
[982] : 0xf2 (242)
[983] : 0x9c (156)
[984] : 0xd1 (209)
[985] : 0xcf (207)
[986] : 0x6d (109)
[987] : 0xd2 (210)
[988] : 0x55 (85)
[989] : 0x1b (27)
[990] : 0xcd (205)
[991] : 0xf4 (244)
[992] : 0x81 (129)
[993] : 0x8a (138)
[994] : 0x66 (102)
[995] : 0x18 (24)
[996] : 0x81 (129)
[997] : 0xca (202)
[998] : 0x3c (60)
[999] : 0x44 (68)
[1000] : 0x24 (36)
[1001] : 0xfc (252)
[1002] : 0x40 (64)
[1003] : 0x13 (19)
[1004] : 0x81 (129)
[1005] : 0xc7 (199)
[1006] : 0x7f (127)
[1007] : 0x00 (0)
[1008] : 0xad (173)
[1009] : 0xbc (188)
[1010] : 0x4a (74)
[1011] : 0xd4 (212)
[1012] : 0x58 (88)
[1013] : 0xb1 (177)
[1014] : 0x88 (136)
[1015] : 0xa8 (168)
[1016] : 0x72 (114)
[1017] : 0xa0 (160)
[1018] : 0xf8 (248)
[1019] : 0x7f (127)
[1020] : 0x48 (72)
[1021] : 0x7b (123)
[1022] : 0x7a (122)
[1023] : 0xf0 (240)
[1024] : 0x1b (27)
[1025] : 0x07 (7)
[1026] : 0x49 (73)
[1027] : 0xc8 (200)
[1028] : 0xd2 (210)
[1029] : 0x26 (38)
[1030] : 0x23 (35)
[1031] : 0xba (186)
[1032] : 0x8f (143)
[1033] : 0x78 (120)
[1034] : 0x73 (115)
[1035] : 0x71 (113)
[1036] : 0x48 (72)
[1037] : 0x89 (137)
[1038] : 0x2c (44)
[1039] : 0x26 (38)
[1040] : 0xc6 (198)
[1041] : 0x30 (48)
[1042] : 0x1b (27)
[1043] : 0xc5 (197)
[1044] : 0xa7 (167)
[1045] : 0xc4 (196)
[1046] : 0xe3 (227)
[1047] : 0x30 (48)
[1048] : 0xaf (175)
[1049] : 0xf7 (247)
[1050] : 0xfe (254)
[1051] : 0x94 (148)
[1052] : 0xf1 (241)
[1053] : 0x71 (113)
[1054] : 0x3e (62)
[1055] : 0xf6 (246)
[1056] : 0x2d (45)
[1057] : 0x91 (145)
[1058] : 0xd4 (212)
[1059] : 0x60 (96)
[1060] : 0xab (171)
[1061] : 0x5c (92)
[1062] : 0x13 (19)
[1063] : 0xca (202)
[1064] : 0x73 (115)
[1065] : 0x4e (78)
[1066] : 0x7b (123)
[1067] : 0xd7 (215)
[1068] : 0x73 (115)
[1069] : 0x92 (146)
[1070] : 0x2a (42)
[1071] : 0x90 (144)
[1072] : 0x18 (24)
[1073] : 0xf0 (240)
[1074] : 0xd1 (209)
[1075] : 0x06 (6)
[1076] : 0xcc (204)
[1077] : 0x6f (111)
[1078] : 0xfa (250)
[1079] : 0xbf (191)
[1080] : 0x54 (84)
[1081] : 0x57 (87)
[1082] : 0x01 (1)
[1083] : 0xae (174)
[1084] : 0x17 (23)
[1085] : 0x8b (139)
[1086] : 0x69 (105)
[1087] : 0xeb (235)
access_mask : 0x00010000 (65536)
0: LSA_TRUSTED_QUERY_DOMAIN_NAME
0: LSA_TRUSTED_QUERY_CONTROLLERS
0: LSA_TRUSTED_SET_CONTROLLERS
0: LSA_TRUSTED_QUERY_POSIX
0: LSA_TRUSTED_SET_POSIX
0: LSA_TRUSTED_SET_AUTH
0: LSA_TRUSTED_QUERY_AUTH
rpc request data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 14 00 16 00 00 00 02 00 0C 00 0E 00 @....... ........
[0020] 04 00 02 00 08 00 02 00 03 00 00 00 02 00 00 00 ........ ........
[0030] 00 00 00 00 0B 00 00 00 00 00 00 00 0A 00 00 00 ........ ........
[0040] 4C 00 49 00 42 00 45 00 52 00 4F 00 2E 00 49 00 L.I.B.E. R.O...I.
[0050] 4E 00 54 00 07 00 00 00 00 00 00 00 06 00 00 00 N.T..... ........
[0060] 4C 00 49 00 42 00 45 00 52 00 4F 00 04 00 00 00 L.I.B.E. R.O.....
[0070] 01 04 00 00 00 00 00 05 15 00 00 00 DB EB 0C 50 ........ .......P
[0080] 92 E0 3C 77 07 E5 3B 2B 40 04 00 00 0C 00 02 00 ..<w..;+ @.......
[0090] 40 04 00 00 04 CC 6E C2 EA 0F 8D 2C 5F 34 A4 25 @.....n. ...,_4.%
[00A0] 65 A2 CC C4 52 5C 29 28 6B 97 9A 12 63 21 F1 95 e...R\)( k...c!..
[00B0] E9 58 03 37 B0 6F 7C 06 EA FA D7 C9 89 EE 04 0C .X.7.o|. ........
[00C0] 74 25 16 94 BC AC 7D 0F A1 4F CB 01 B3 34 B6 A3 t%....}. .O...4..
[00D0] E2 39 66 30 C8 32 0A 2D 83 E9 BD 11 2B 69 E4 0F .9f0.2.- ....+i..
[00E0] 5E FE EA E2 54 06 75 52 CF 4E 3D 67 C8 FF DB 11 ^...T.uR .N=g....
[00F0] 4F AC 12 F0 A0 72 4A 62 4A 47 E8 D7 0C B3 2C 43 O....rJb JG....,C
[0100] 3C 6D 2B 72 F8 48 1F 81 4A 37 9D 10 DF 97 03 6A <m+r.H.. J7.....j
[0110] B1 21 D2 E7 1D 93 E4 52 E1 AF 89 44 59 70 95 68 .!.....R ...DYp.h
[0120] 18 33 29 97 04 B9 9E F4 9C AB B5 58 2F AA F5 D2 .3)..... ...X/...
[0130] 2C 1A 65 30 8C 41 0E AC CF 56 8C D2 FC 93 B9 CF ,.e0.A.. .V......
[0140] D1 63 00 F1 15 6D 52 7E D5 11 B5 23 7A E1 DD A0 .c...mR~ ...#z...
[0150] 74 C1 D6 C2 09 C4 04 03 15 C3 7A 45 D8 63 96 35 t....... ..zE.c.5
[0160] E5 54 27 ED 73 68 68 6F 87 4C D0 ED 86 DB 4D 75 .T'.shho .L....Mu
[0170] 98 5C F1 3B E2 8C BC 98 E1 75 33 8A 76 D6 B7 00 .\.;.... .u3.v...
[0180] E8 35 8F 03 73 84 B9 92 39 9B DD FE 17 9F 79 1E .5..s... 9.....y.
[0190] E3 D4 DE F1 FF E3 94 BB AD C2 11 8A 8D CF 33 BF ........ ......3.
[01A0] D3 35 28 25 49 88 5B A3 1B F5 E5 25 FD 13 54 5F .5(%I.[. ...%..T_
[01B0] 5D C7 D6 65 12 4F 51 E5 5B 4D 77 53 C0 F1 4F 8B ]..e.OQ. [MwS..O.
[01C0] 35 97 8A F0 C1 63 A2 02 92 85 B0 12 BA 2C 8E 26 5....c.. .....,.&
[01D0] 2C 6E D2 0E 10 56 35 FA 0D 15 22 78 C4 20 66 AC ,n...V5. .."x. f.
[01E0] 9C 1C 0C 71 1E CE 22 A3 C2 48 E2 C4 43 59 33 8A ...q..". .H..CY3.
[01F0] 42 74 18 D7 F1 20 DC 5C 82 EC B6 04 CA B6 C2 EC Bt... .\ ........
[0200] 99 60 C4 CE CD 86 11 9F 64 2A 9B 3D 12 C9 09 F0 .`...... d*.=....
[0210] 3D F5 70 FB 19 0E 05 6E 9A 84 8F 0D 55 C7 95 6B =.p....n ....U..k
[0220] CE 80 75 C9 ED 86 0E 9D 9E B8 1F 63 12 EB 2F 5C ..u..... ...c../\
[0230] BB 6A E3 59 89 D6 C7 0C B5 DD F2 05 BB 36 C3 E7 .j.Y.... .....6..
[0240] C8 EE 79 2C 41 07 E7 AB 57 0B 83 90 92 61 DE 36 ..y,A... W....a.6
[0250] B7 BD 7C A5 AD 1E 3A B7 C9 06 43 1A DC B8 DF EE ..|...:. ..C.....
[0260] 35 31 E4 20 2F 13 A9 9E A6 60 36 ED A6 F3 33 BB 51. /... .`6...3.
[0270] 8D 87 5B 32 5D 96 FE 29 B8 E2 97 E5 A2 55 E3 0D ..[2]..) .....U..
[0280] 47 2F E7 54 10 93 B7 FF EB 2F F3 8B 91 37 CC 97 G/.T.... ./...7..
[0290] EB 27 36 F0 D0 AA 13 E7 37 B6 69 20 83 02 A2 4C .'6..... 7.i ...L
[02A0] 2C 18 90 9D 19 8A 95 4B C4 24 5B 19 93 EA F1 15 ,......K .$[.....
[02B0] 61 D1 DE 73 66 81 CA 55 54 55 02 5B 8A 02 84 5E a..sf..U TU.[...^
[02C0] 6D 60 73 64 A4 87 D2 D2 A2 2B 58 52 DE E2 37 25 m`sd.... .+XR..7%
[02D0] 48 BA ED 4D 2E DA 29 BD 0E 08 A7 45 A9 F4 7B 44 H..M..). ...E..{D
[02E0] BC F4 07 45 37 51 49 7B C5 87 43 84 D0 06 58 4D ...E7QI{ ..C...XM
[02F0] C9 3A 1F C6 12 0D 08 DD 6C 45 65 E1 8E 68 D7 51 .:...... lEe..h.Q
[0300] 65 6D 9A 77 74 0B EF 13 08 30 AE 46 1D 67 C8 FC em.wt... .0.F.g..
[0310] 00 BF 13 76 CC 3C 79 5A BA 5B D8 97 24 C6 56 3C ...v.<yZ .[..$.V<
[0320] 3B 71 88 D3 BE A2 17 73 4B 1C C9 A4 8B 0C DC 14 ;q.....s K.......
[0330] 9C E4 5B D7 58 70 76 D0 4E 74 AA 89 47 66 74 4F ..[.Xpv. Nt..GftO
[0340] CE 4B 73 99 0E F0 10 DB 6B 7B 0F 96 54 6C 6D CC .Ks..... k{..Tlm.
[0350] B1 D9 96 3F B2 EC C8 B5 04 D4 36 01 1F 7B 1A 0E ...?.... ..6..{..
[0360] 5E 74 36 17 27 2E 50 4F 4C 50 BB C8 99 30 4F DD ^t6.'.PO LP...0O.
[0370] 03 B8 DF 66 9A 3A 5E D2 6C 16 DE 89 F6 BA E4 C1 ...f.:^. l.......
[0380] A6 0A B2 D6 F2 5C 8F 08 04 53 9D 1C 0B C0 AB 75 .....\.. .S.....u
[0390] D1 C2 82 84 90 3F 45 7B 0F 9C D0 D5 19 5F E5 35 .....?E{ ....._.5
[03A0] FB 2F E2 A1 D9 CD 6E 8D 58 5D F3 AD F0 1F B3 A1 ./....n. X]......
[03B0] 45 94 7F 34 E1 3F 51 B0 A4 57 95 98 E4 26 32 CF E..4.?Q. .W...&2.
[03C0] 56 D5 DF F3 61 E2 E8 50 A4 64 22 D9 B7 E6 F4 48 V...a..P .d"....H
[03D0] B3 22 56 7D DE 88 B5 DD E9 C5 E2 49 61 99 94 08 ."V}.... ...Ia...
[03E0] A8 52 35 35 59 2E FC D8 1F F0 66 57 CE 5D A3 4B .R55Y... ..fW.].K
[03F0] E3 44 CA 7F 34 74 F0 46 2B 0C 3C C5 1D 89 61 28 .D..4t.F +.<...a(
[0400] 94 4E CF 66 BB 88 25 37 C4 A4 08 E4 7B 2F E5 7B .N.f..%7 ....{/.{
[0410] 1E 9E 84 05 81 DA C5 48 F9 37 0C B2 70 08 36 25 .......H .7..p.6%
[0420] 4E 15 CD DC 2E 53 00 06 4E 88 D2 AF 42 D3 95 A4 N....S.. N...B...
[0430] 36 81 A7 40 E7 B2 87 E3 7A E2 FB 23 E4 B3 9C EB 6.. at .... z..#....
[0440] FF 13 F2 95 1C 4D AF 1A 6C B2 06 AC 92 05 CC 0E .....M.. l.......
[0450] 46 48 82 56 E6 1C 64 E6 CA 5A D3 C2 D0 FF CC AE FH.V..d. .Z......
[0460] 2B F4 88 38 C6 F4 E1 7C 93 D2 F2 9C D1 CF 6D D2 +..8...| ......m.
[0470] 55 1B CD F4 81 8A 66 18 81 CA 3C 44 24 FC 40 13 U.....f. ..<D$. at .
[0480] 81 C7 7F 00 AD BC 4A D4 58 B1 88 A8 72 A0 F8 7F ......J. X...r...
[0490] 48 7B 7A F0 1B 07 49 C8 D2 26 23 BA 8F 78 73 71 H{z...I. .&#..xsq
[04A0] 48 89 2C 26 C6 30 1B C5 A7 C4 E3 30 AF F7 FE 94 H.,&.0.. ...0....
[04B0] F1 71 3E F6 2D 91 D4 60 AB 5C 13 CA 73 4E 7B D7 .q>.-..` .\..sN{.
[04C0] 73 92 2A 90 18 F0 D1 06 CC 6F FA BF 54 57 01 AE s.*..... .o..TW..
[04D0] 17 8B 69 EB 00 00 01 00 ..i.....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e2140
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=1264, this_data=1264, max_data=4280, param_offset=84,
param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c046240
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2a70
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2a70
s4_tevent: Destroying timer event 0x7fed9c046240 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e2140 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c044c90
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c044c90
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
out: struct lsa_CreateTrustedDomainEx2
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000015-0000-0000-f054-0c4240160000
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 15 00 00 00 00 00 00 00 F0 54 0C 42 ........ .....T.B
[0010] 40 16 00 00 00 00 00 00 @.......
lsa_OpenTrustedDomainByName: struct lsa_OpenTrustedDomainByName
in: struct lsa_OpenTrustedDomainByName
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000013-0000-0000-f054-0b4240160000
name: struct lsa_String
length : 0x0014 (20)
size : 0x0014 (20)
string : *
string : 'ADDOMAIN.COM'
access_mask : 0x02000000 (33554432)
0: LSA_TRUSTED_QUERY_DOMAIN_NAME
0: LSA_TRUSTED_QUERY_CONTROLLERS
0: LSA_TRUSTED_SET_CONTROLLERS
0: LSA_TRUSTED_QUERY_POSIX
0: LSA_TRUSTED_SET_POSIX
0: LSA_TRUSTED_SET_AUTH
0: LSA_TRUSTED_QUERY_AUTH
rpc request data:
[0000] 00 00 00 00 13 00 00 00 00 00 00 00 F0 54 0B 42 ........ .....T.B
[0010] 40 16 00 00 14 00 14 00 00 00 02 00 0A 00 00 00 @....... ........
[0020] 00 00 00 00 0A 00 00 00 4C 00 49 00 42 00 45 00 ........ L.I.B.E.
[0030] 52 00 4F 00 2E 00 49 00 4E 00 54 00 00 00 00 02 R.O...I. N.T.....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c045400
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=88, this_data=88, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e3820
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e3430
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e3430
s4_tevent: Destroying timer event 0x7fed9c4e3820 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c045400 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c044c90
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c044c90
lsa_OpenTrustedDomainByName: struct lsa_OpenTrustedDomainByName
out: struct lsa_OpenTrustedDomainByName
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000016-0000-0000-f054-0c4240160000
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 16 00 00 00 00 00 00 00 F0 54 0C 42 ........ .....T.B
[0010] 40 16 00 00 00 00 00 00 @.......
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
in: struct lsa_SetInformationTrustedDomain
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000016-0000-0000-f054-0c4240160000
level :
LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES (13)
info : *
info : union lsa_TrustedDomainInfo(case
13)
enc_types: struct lsa_TrustDomainInfoSupportedEncTypes
enc_types : 0x0000001c (28)
0: KERB_ENCTYPE_DES_CBC_CRC
0: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
rpc request data:
[0000] 00 00 00 00 16 00 00 00 00 00 00 00 F0 54 0C 42 ........ .....T.B
[0010] 40 16 00 00 0D 00 0D 00 1C 00 00 00 @....... ....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e3520
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4e2360
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e38e0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e38e0
s4_tevent: Destroying timer event 0x7fed9c4e2360 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e3520 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e3350
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e3350
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
out: struct lsa_SetInformationTrustedDomain
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 ....
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
in: struct lsa_SetInformationTrustedDomain
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000016-0000-0000-f054-0c4240160000
level : LSA_TRUSTED_DOMAIN_INFO_INFO_EX (6)
info : *
info : union lsa_TrustedDomainInfo(case
6)
info_ex: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'ADDOMAIN.COM'
netbios_name: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'ADDOMAIN'
sid : *
sid :
S-1-5-21-1343024091-2000478354-725345543
trust_direction : 0x00000003 (3)
1: LSA_TRUST_DIRECTION_INBOUND
1: LSA_TRUST_DIRECTION_OUTBOUND
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
rpc request data:
[0000] 00 00 00 00 16 00 00 00 00 00 00 00 F0 54 0C 42 ........ .....T.B
[0010] 40 16 00 00 06 00 06 00 14 00 16 00 00 00 02 00 @....... ........
[0020] 0C 00 0E 00 04 00 02 00 08 00 02 00 03 00 00 00 ........ ........
[0030] 02 00 00 00 08 00 00 00 0B 00 00 00 00 00 00 00 ........ ........
[0040] 0A 00 00 00 4C 00 49 00 42 00 45 00 52 00 4F 00 ....L.I. B.E.R.O.
[0050] 2E 00 49 00 4E 00 54 00 07 00 00 00 00 00 00 00 ..I.N.T. ........
[0060] 06 00 00 00 4C 00 49 00 42 00 45 00 52 00 4F 00 ....L.I. B.E.R.O.
[0070] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........
[0080] DB EB 0C 50 92 E0 3C 77 07 E5 3B 2B ...P..<w ..;+
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4e3db0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=164, this_data=164, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c0451b0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c243eb0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d7ba0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d8210
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d8210
s4_tevent: Destroying timer event 0x7fed9c0451b0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4e3db0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e3b70
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e3b70
lsa_SetInformationTrustedDomain: struct lsa_SetInformationTrustedDomain
out: struct lsa_SetInformationTrustedDomain
result : NT_STATUS_OK
rpc reply data:
[0000] 00 00 00 00 ....
Using binding ncacn_np:ad01.ADDOMAIN.COM[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7fed9c4e17b0
s4_tevent: Added timed event "composite_trigger": 0x7fed9c4e2180
s4_tevent: Added timed event "composite_trigger": 0x7fed9c3edd50
s4_tevent: Running timer event 0x7fed9c4e2180 "composite_trigger"
s4_tevent: Destroying timer event 0x7fed9c3edd50 "composite_trigger"
Mapped to DCERPC endpoint \pipe\netlogon
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7fed9c4e2180 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c4e3940
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2180
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2180
s4_tevent: Destroying timer event 0x7fed9c4e3940 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 23080
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c046820
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Destroying timer event 0x7fed9c046820 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0008 (8)
DomainNameMaxLen : 0x0008 (8)
DomainName : *
DomainName : 'IPADOMAIN'
WorkstationLen : 0x0008 (8)
WorkstationMaxLen : 0x0008 (8)
Workstation : *
Workstation : 'IPADOMAIN'
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c047970
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Destroying timer event 0x7fed9c047970 "tevent_req_timedout"
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c0481d0
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Destroying timer event 0x7fed9c0481d0 "tevent_req_timedout"
smb_signing_activate: user_session_key
[0000] 4F 18 F5 EA FA 3C 1B B9 53 B3 2B 78 8F 63 EE 72 O....<.. S.+x.c.r
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] 4D 45 92 B7 DF 51 DF C8 ME...Q..
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c047ba0
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] 52 C9 9A AA 55 9E 51 53 R...U.QS
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] D4 EA 2E 53 20 40 02 CB ...S @..
s4_tevent: Destroying timer event 0x7fed9c047ba0 "tevent_req_timedout"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c046bf0
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] B2 0C A0 A1 05 FA 90 B4 ........
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] B0 CA D3 09 0F AA A5 32 .......2
s4_tevent: Destroying timer event 0x7fed9c046bf0 "tevent_req_timedout"
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=65535, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c048470
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] 49 12 59 88 DC 32 BA 32 I.Y..2.2
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c048910
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] 70 AA 3D EA 52 D6 87 79 p.=.R..y
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c0466e0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c0466e0
s4_tevent: Destroying timer event 0x7fed9c048470 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c048910 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c044ed0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c044ed0
s4_tevent: Destroying timer event 0x7fed9c4e17b0
"dcerpc_connect_timeout_handler"
netr_LogonControl2Ex: struct netr_LogonControl2Ex
in: struct netr_LogonControl2Ex
logon_server : NULL
function_code : NETLOGON_CONTROL_TC_VERIFY (10)
level : 0x00000002 (2)
data : *
data : union
netr_CONTROL_DATA_INFORMATION(case 10)
domain : *
domain : 'IPADOMAIN.COM'
rpc request data:
[0000] 00 00 00 00 0A 00 00 00 02 00 00 00 0A 00 00 00 ........ ........
[0010] 00 00 02 00 0D 00 00 00 00 00 00 00 0D 00 00 00 ........ ........
[0020] 62 00 69 00 6C 00 79 00 6F 00 6E 00 65 00 72 00 b.i.l.y. o.n.e.r.
[0030] 2E 00 63 00 6F 00 6D 00 00 00 ..c.o.m. ..
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4e1650
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c044ed0
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4e1650
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c4e1650
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=82, this_data=82, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c0487b0
smb_signing_md5: sequence number 8
smb_signing_sign_pdu: sent SMB signature of
[0000] 55 92 36 D1 BF 97 08 11 U.6.....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c4e1650
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
smb_signing_md5: sequence number 9
smb_signing_check_pdu: seq 9: got good SMB signature of
[0000] 85 A6 68 FD 0D BF 20 B8 ..h... .
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2a90
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2a90
s4_tevent: Destroying timer event 0x7fed9c0487b0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c044ed0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2760
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2760
netr_LogonControl2Ex: struct netr_LogonControl2Ex
out: struct netr_LogonControl2Ex
query : *
query : union
netr_CONTROL_QUERY_INFORMATION(case 2)
info2 : *
info2: struct netr_NETLOGON_INFO_2
flags : 0x00000080 (128)
0: NETLOGON_REPLICATION_NEEDED
0: NETLOGON_REPLICATION_IN_PROGRESS
0: NETLOGON_FULL_SYNC_REPLICATION
0: NETLOGON_REDO_NEEDED
0: NETLOGON_HAS_IP
0: NETLOGON_HAS_TIMESERV
0: NETLOGON_DNS_UPDATE_FAILURE
1: NETLOGON_VERIFY_STATUS_RETURNED
pdc_connection_status : WERR_NO_LOGON_SERVERS
trusted_dc_name : *
trusted_dc_name : ''
tc_connection_status : WERR_NO_LOGON_SERVERS
result : WERR_OK
rpc reply data:
[0000] 02 00 00 00 00 00 02 00 80 00 00 00 1F 05 00 00 ........ ........
[0010] 04 00 02 00 1F 05 00 00 01 00 00 00 00 00 00 00 ........ ........
[0020] 01 00 00 00 00 00 00 00 00 00 00 00 ........ ....
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cd150
smb_signing_md5: sequence number 10
smb_signing_sign_pdu: sent SMB signature of
[0000] 15 FC 55 E7 10 84 CF 09 ..U.....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4e3940
s4_tevent: Destroying timer event 0x7fed9c4cd150 "tevent_req_timedout"
s4_tevent: Cancel immediate event 0x7fed9c4e3940
"tevent_queue_immediate_trigger"
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file
"/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
all: 100
tdb: 100
printdrivers: 100
lanman: 100
smb: 100
rpc_parse: 100
rpc_srv: 100
rpc_cli: 100
passdb: 100
sam: 100
auth: 100
winbind: 100
vfs: 100
idmap: 100
quota: 100
acls: 100
locking: 100
msdfs: 100
dmapi: 100
registry: 100
scavenger: 100
dns: 100
ldb: 100
pm_process() returned Yes
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain ADDOMAIN.COM
finddcs: looking for SRV records for _ldap._tcp.ADDOMAIN.COM
ads_dns_lookup_srv: 3 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed ad02.ADDOMAIN.COM [0, 100, 389]
ads_dns_parse_rr_srv: Parsed ad03.ADDOMAIN.COM [0, 100, 389]
ads_dns_parse_rr_srv: Parsed ad01.ADDOMAIN.COM [0, 100, 389]
Addrs = 172.16.50.70 at 389/ad02,192.168.12.239 at 389/ad03,192.168.12.236 at 389
/ad01
finddcs: DNS SRV response 0 at '172.16.50.70'
finddcs: DNS SRV response 1 at '192.168.12.239'
finddcs: DNS SRV response 2 at '192.168.12.236'
finddcs: performing CLDAP query on 172.16.50.70
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cf530
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c023740
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c023740
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c02e710
s4_tevent: Running timer event 0x7fed9c02e710 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3f19c0
s4_tevent: Ending timer event 0x7fed9c02e710 "tevent_req_timedout"
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3f19c0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3d4760
s4_tevent: Running timer event 0x7fed9c3d4760 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4c6110
s4_tevent: Ending timer event 0x7fed9c3d4760 "tevent_req_timedout"
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4c6110
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4559d0
s4_tevent: Running timer event 0x7fed9c4cf530 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4559d0 "tevent_req_timedout"
finddcs: performing CLDAP query on 192.168.12.239
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4574d0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cfdd0
s4_tevent: Ending timer event 0x7fed9c4cf530 "tevent_req_timedout"
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cfdd0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4df090
s4_tevent: Destroying timer event 0x7fed9c4df090 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c4574d0 "tevent_req_timedout"
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000013fc (5116)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 6aac190b-04eb-464f-bdcc-b07e27e2d1e5
forest : 'ADDOMAIN.COM'
dns_domain : 'ADDOMAIN.COM'
pdc_dns_name : 'ad03.ADDOMAIN.COM'
domain_name : 'ADDOMAIN'
pdc_name : 'ad03'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
finddcs: Found matching DC 192.168.12.239 with server_type=0x000013fc
Using binding ncacn_np:ad03.ADDOMAIN.COM[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7fed9c4b0e00
s4_tevent: Added timed event "composite_trigger": 0x7fed9c143740
s4_tevent: Added timed event "composite_trigger": 0x7fed9c44fa30
s4_tevent: Running timer event 0x7fed9c143740 "composite_trigger"
s4_tevent: Destroying timer event 0x7fed9c44fa30 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7fed9c143740 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c3db990
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cfdd0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cfdd0
s4_tevent: Destroying timer event 0x7fed9c3db990 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 23080
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4def10
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Destroying timer event 0x7fed9c4def10 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0008 (8)
DomainNameMaxLen : 0x0008 (8)
DomainName : *
DomainName : 'IPADOMAIN'
WorkstationLen : 0x0008 (8)
WorkstationMaxLen : 0x0008 (8)
Workstation : *
Workstation : 'IPADOMAIN'
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3c0c80
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Destroying timer event 0x7fed9c3c0c80 "tevent_req_timedout"
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d96e0
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Destroying timer event 0x7fed9c4d96e0 "tevent_req_timedout"
smb_signing_activate: user_session_key
[0000] 49 48 D5 4C 6B BC EF 57 05 A0 A8 6D 94 DB 81 A2 IH.Lk..W ...m....
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] A2 2B A4 AE 75 66 A7 18 .+..uf..
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4c5ee0
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] E1 FB 62 87 CB CF 97 FB ..b.....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] 8B 96 23 AD 33 4C 9B D7 ..#.3L..
s4_tevent: Destroying timer event 0x7fed9c4c5ee0 "tevent_req_timedout"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c446990
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] EE 7E FA 78 DE 5A B2 61 .~.x.Z.a
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] 7E E3 DA 67 DE DB BC C0 ~..g....
s4_tevent: Destroying timer event 0x7fed9c446990 "tevent_req_timedout"
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=65535, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3c0b40
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] 27 30 57 0B BD 00 E9 C2 '0W.....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c3b9160
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] 72 F9 3E FB D7 51 7D BF r.>..Q}.
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d9e80
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d9e80
s4_tevent: Destroying timer event 0x7fed9c3c0b40 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c3b9160 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3d7b90
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3d7b90
s4_tevent: Destroying timer event 0x7fed9c4b0e00
"dcerpc_connect_timeout_handler"
Using binding ncacn_np:ad03.ADDOMAIN.COM[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7fed9c4cfdd0
s4_tevent: Added timed event "composite_trigger": 0x7fed9c4c5ee0
s4_tevent: Added timed event "composite_trigger": 0x7fed9c4e29f0
s4_tevent: Running timer event 0x7fed9c4c5ee0 "composite_trigger"
s4_tevent: Destroying timer event 0x7fed9c4e29f0 "composite_trigger"
Mapped to DCERPC endpoint \pipe\netlogon
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
netmask=255.255.0.0
added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7fed9c4c5ee0 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c505f60
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c505ea0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c505ea0
s4_tevent: Destroying timer event 0x7fed9c505f60 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 23080
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3ed5f0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Destroying timer event 0x7fed9c3ed5f0 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0008 (8)
DomainNameMaxLen : 0x0008 (8)
DomainName : *
DomainName : 'IPADOMAIN'
WorkstationLen : 0x0008 (8)
WorkstationMaxLen : 0x0008 (8)
Workstation : *
Workstation : 'IPADOMAIN'
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c44e060
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Destroying timer event 0x7fed9c44e060 "tevent_req_timedout"
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3e5b90
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Destroying timer event 0x7fed9c3e5b90 "tevent_req_timedout"
smb_signing_activate: user_session_key
[0000] 5D AF 08 96 5F 4B A1 72 96 B0 37 24 95 09 ED E2 ]..._K.r ..7$....
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] 89 B1 AB 4F 7F B0 96 34 ...O...4
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c146aa0
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] 36 DB 64 3A 0B D9 0D B3 6.d:....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] 3A 65 AE D7 10 E7 02 6D :e.....m
s4_tevent: Destroying timer event 0x7fed9c146aa0 "tevent_req_timedout"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3e4480
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] 8B DA CF 8F 3D 4D 6D 96 ....=Mm.
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] F6 A8 68 C5 4C 33 90 83 ..h.L3..
s4_tevent: Destroying timer event 0x7fed9c3e4480 "tevent_req_timedout"
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=65535, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c146d30
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] 84 F6 F0 B6 6C 90 F5 D6 ....l...
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c046c40
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] CE 11 7B 20 C4 99 7C 70 ..{ ..|p
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c50a3c0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c50a3c0
s4_tevent: Destroying timer event 0x7fed9c146d30 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c046c40 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2b50
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2b50
s4_tevent: Destroying timer event 0x7fed9c4cfdd0
"dcerpc_connect_timeout_handler"
netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts
in: struct netr_DsrEnumerateDomainTrusts
server_name : *
server_name : 'ncacn_np:ad03.ADDOMAIN.COM[,]'
trust_flags : 0x00000001 (1)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
rpc request data:
[0000] 00 00 02 00 20 00 00 00 00 00 00 00 20 00 00 00 .... ... .... ...
[0010] 6E 00 63 00 61 00 63 00 6E 00 5F 00 6E 00 70 00 n.c.a.c. n._.n.p.
[0020] 3A 00 42 00 45 00 41 00 54 00 52 00 49 00 43 00 :.B.E.A. T.R.I.C.
[0030] 45 00 2E 00 4C 00 49 00 42 00 45 00 52 00 4F 00 E...L.I. B.E.R.O.
[0040] 2E 00 49 00 4E 00 54 00 5B 00 2C 00 5D 00 00 00 ..I.N.T. [.,.]...
[0050] 01 00 00 00 ....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c3f19c0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c3ed410
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c3f19c0
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c3f19c0
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=108, this_data=108, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c50a430
smb_signing_md5: sequence number 8
smb_signing_sign_pdu: sent SMB signature of
[0000] D8 50 CD 6B C3 F1 53 4F .P.k..SO
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c3f19c0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
smb_signing_md5: sequence number 9
smb_signing_check_pdu: seq 9: got good SMB signature of
[0000] FB 79 A8 62 00 8B 53 4A .y.b..SJ
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4bc450
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4bc450
s4_tevent: Destroying timer event 0x7fed9c50a430 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fed9c3ed410 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3e5210
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3e5210
netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts
out: struct netr_DsrEnumerateDomainTrusts
trusts : *
trusts: struct netr_DomainTrustList
count : 0x00000001 (1)
array : *
array: ARRAY(1)
array: struct netr_DomainTrust
netbios_name : *
netbios_name : 'ADDOMAIN'
dns_name : *
dns_name : 'ADDOMAIN.COM
'
trust_flags : 0x0000001d (29)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
1: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type :
NETR_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0:
NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0:
NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0:
NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST
0:
NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
sid : *
sid :
S-1-5-21-1343024091-2000478354-725345543
guid :
6aac190b-04eb-464f-bdcc-b07e27e2d1e5
result : WERR_OK
rpc reply data:
[0000] 01 00 00 00 00 00 02 00 01 00 00 00 04 00 02 00 ........ ........
[0010] 08 00 02 00 1D 00 00 00 00 00 00 00 02 00 00 00 ........ ........
[0020] 00 00 00 00 0C 00 02 00 0B 19 AC 6A EB 04 4F 46 ........ ...j..OF
[0030] BD CC B0 7E 27 E2 D1 E5 07 00 00 00 00 00 00 00 ...~'... ........
[0040] 07 00 00 00 4C 00 49 00 42 00 45 00 52 00 4F 00 ....L.I. B.E.R.O.
[0050] 00 00 00 00 0B 00 00 00 00 00 00 00 0B 00 00 00 ........ ........
[0060] 4C 00 49 00 42 00 45 00 52 00 4F 00 2E 00 49 00 L.I.B.E. R.O...I.
[0070] 4E 00 54 00 00 00 00 00 04 00 00 00 01 04 00 00 N.T..... ........
[0080] 00 00 00 05 15 00 00 00 DB EB 0C 50 92 E0 3C 77 ........ ...P..<w
[0090] 07 E5 3B 2B 00 00 00 00 ..;+....
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c455a40
smb_signing_md5: sequence number 10
smb_signing_sign_pdu: sent SMB signature of
[0000] 87 69 DD 6A E2 1C DF 1A .i.j....
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4d0920
s4_tevent: Destroying timer event 0x7fed9c455a40 "tevent_req_timedout"
s4_tevent: Cancel immediate event 0x7fed9c4d0920
"tevent_queue_immediate_trigger"
s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c3f19c0
smb_signing_md5: sequence number 8
smb_signing_sign_pdu: sent SMB signature of
[0000] 13 D8 E1 24 19 29 CC 2B ...$.).+
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7fed9c4b08e0
s4_tevent: Destroying timer event 0x7fed9c3f19c0 "tevent_req_timedout"
s4_tevent: Cancel immediate event 0x7fed9c4b08e0
"tevent_queue_immediate_trigger"
[Fri Feb 27 12:08:18.865821 2015] [:error] [pid 5366] ipa: INFO:
admin at IPADOMAIN.COM: trust_add(u'ADDOMAIN.COM', trust_type=u'ad',
realm_admin=u'websense', realm_passwd=u'********', all=False, raw=False,
version=u'2.65'): SUCCESS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150227/f4f68533/attachment.htm>
More information about the Freeipa-users
mailing list