[2005/05/11 01:30:10, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 printerdb: False/0 locking: False/0 doing parameter syslog = 0 doing parameter log file = /var/log/samba/%m doing parameter max log size = 0 doing parameter smb ports = 139 445 doing parameter name resolve order = wins bcast hosts doing parameter time server = Yes doing parameter add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" doing parameter delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" doing parameter add group script = /opt/IDEALX/sbin/smbldap-groupadd "%g" -t domain doing parameter delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" doing parameter add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" -t domain doing parameter delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" -t domain doing parameter set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" doing parameter add machine script = /opt/IDEALX/sbin/smbldap-useradd -w -g "Domain Computers" "%u" doing parameter add share command = /etc/samba/scripts/modify_samba_config.pl doing parameter delete share command = /etc/samba/scripts/modify_samba_config.pl doing parameter add printer command = /etc/samba/scripts/smbaddprinter.pl doing parameter delete printer command = /etc/samba/scripts/smbdelprinter.pl doing parameter logon script = scripts\logon.bat doing parameter logon path = \\%L\profiles\%U doing parameter logon drive = H: doing parameter domain logons = Yes doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins proxy = Yes doing parameter wins support = Yes doing parameter ldap admin dn = cn=Manager,dc=terpstra-world,dc=org doing parameter ldap group suffix = ou=Groups doing parameter ldap idmap suffix = ou=Idmap doing parameter ldap machine suffix = ou=Users doing parameter ldap passwd sync = Yes doing parameter ldap suffix = dc=terpstra-world,dc=org doing parameter ldap timeout = 50 doing parameter ldap user suffix = ou=Users doing parameter idmap backend = ldap:ldap://merlin.terpstra-world.org doing parameter idmap uid = 150000-200000 doing parameter idmap gid = 150000-200000 doing parameter winbind use default domain = Yes doing parameter winbind nested groups = Yes doing parameter inherit acls = Yes doing parameter ea support = Yes doing parameter map acl inherit = Yes [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[archive]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 0 for archive doing parameter comment = Full Archive Files doing parameter path = /data/archive doing parameter read only = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[hymns]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 1 for hymns doing parameter comment = Media Files doing parameter path = /data/archive/Church/HymnTunes doing parameter read only = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[ftp]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 2 for ftp doing parameter path = /srv/ftp doing parameter read only = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[www]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 3 for www doing parameter path = /srv/www doing parameter read only = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[homes]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 4 for homes doing parameter comment = Home Directories doing parameter path = /data/users/%U/Documents doing parameter valid users = %S doing parameter read only = No doing parameter browseable = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[printers]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 5 for printers doing parameter comment = SMB Print Spool doing parameter path = /var/spool/samba doing parameter guest ok = Yes doing parameter printable = Yes doing parameter browseable = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[netlogon]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 6 for netlogon doing parameter comment = Network Logon Service doing parameter path = /var/lib/samba/netlogon doing parameter guest ok = Yes doing parameter locking = No [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[profiles]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 7 for profiles doing parameter comment = Profile Share doing parameter path = /var/lib/samba/profiles doing parameter read only = No doing parameter profile acls = Yes [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[profdata]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 8 for profdata doing parameter comment = Profile Data Share doing parameter path = /var/lib/samba/profdata doing parameter read only = No doing parameter profile acls = Yes [2005/05/11 01:30:10, 2] param/loadparm.c:do_section(3485) Processing section "[print$]" [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 9 for print$ doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/drivers doing parameter write list = root [2005/05/11 01:30:10, 4] param/loadparm.c:lp_load(4001) pm_process() returned Yes [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 10 for IPC$ [2005/05/11 01:30:10, 3] param/loadparm.c:lp_add_ipc(2452) adding IPC service [2005/05/11 01:30:10, 8] param/loadparm.c:add_a_service(2370) add_a_service: Creating snum = 11 for ADMIN$ [2005/05/11 01:30:10, 3] param/loadparm.c:lp_add_ipc(2452) adding IPC service [2005/05/11 01:30:10, 10] param/loadparm.c:set_server_role(3919) set_server_role: role = ROLE_DOMAIN_PDC [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/05/11 01:30:10, 3] printing/pcap.c:pcap_cache_reload(114) reloading printcap cache [2005/05/11 01:30:10, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2005/05/11 01:30:10, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2005/05/11 01:30:10, 0] printing/print_cups.c:cups_cache_reload(85) [2005/05/11 01:30:10, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2005/05/11 01:30:10, 3] printing/pcap.c:pcap_cache_reload(213) reload status: error [2005/05/11 01:30:10, 3] printing/pcap.c:pcap_cache_reload(114) reloading printcap cache [2005/05/11 01:30:10, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2005/05/11 01:30:10, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2005/05/11 01:30:10, 0] printing/print_cups.c:cups_cache_reload(85) [2005/05/11 01:30:10, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2005/05/11 01:30:10, 3] printing/pcap.c:pcap_cache_reload(213) reload status: error [2005/05/11 01:30:10, 2] lib/interface.c:add_interface(81) added interface ip=192.168.1.4 bcast=192.168.1.255 nmask=255.255.255.0 [2005/05/11 01:30:10, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_KEEPALIVE = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_REUSEADDR = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_BROADCAST = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_NODELAY = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_KEEPCNT = 9 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_KEEPIDLE = 7200 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_KEEPINTVL = 75 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option IPTOS_LOWDELAY = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option IPTOS_THROUGHPUT = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_SNDBUF = 50592 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_RCVBUF = 87888 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_SNDLOWAT = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_RCVLOWAT = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_SNDTIMEO = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_RCVTIMEO = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_KEEPALIVE = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_REUSEADDR = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_BROADCAST = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_NODELAY = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_KEEPCNT = 9 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_KEEPIDLE = 7200 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option TCP_KEEPINTVL = 75 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option IPTOS_LOWDELAY = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option IPTOS_THROUGHPUT = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_SNDBUF = 50592 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_RCVBUF = 87888 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_SNDLOWAT = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_RCVLOWAT = 1 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_SNDTIMEO = 0 [2005/05/11 01:30:10, 5] lib/util_sock.c:print_socket_options(156) socket option SO_RCVTIMEO = 0 [2005/05/11 01:30:10, 3] smbd/oplock.c:init_oplocks(1353) open_oplock_ipc: opening loopback UDP socket. [2005/05/11 01:30:10, 10] lib/util_sock.c:open_socket_in(726) bind succeeded on port 0 [2005/05/11 01:30:10, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(309) Linux kernel oplocks enabled [2005/05/11 01:30:10, 3] smbd/oplock.c:init_oplocks(1384) open_oplock ipc: pid = 14723, global_oplock_port = 1631 [2005/05/11 01:30:10, 4] lib/time.c:get_serverzone(125) Serverzone is 21600 [2005/05/11 01:30:10, 7] lib/smbldap.c:smbldap_idle_fn(1329) ldap connection idle...closing connection [2005/05/11 01:30:10, 5] lib/smbldap.c:smbldap_close(951) The connection to the LDAP server was closed [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 179 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0xb3 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 0 of length 183 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=179 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=0 smb_pid=14722 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=144 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 53 DOS LANM AN2.1..S [070] 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E 20 amba..NT LANMAN [080] 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 1.0..NT LM 0.12. [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBnegprot (pid 14723) conn 0x0 [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/11 01:30:10, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [MICROSOFT NETWORKS 1.03] [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [MICROSOFT NETWORKS 3.0] [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [LANMAN1.0] [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [LM1.2X002] [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [DOS LANMAN2.1] [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(463) Requested protocol [Samba] [2005/05/11 01:30:10, 10] lib/util.c:set_remote_arch(1988) set_remote_arch: Client arch is 'Samba' [2005/05/11 01:30:10, 6] param/loadparm.c:lp_file_list_changed(2758) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed May 11 01:27:42 2005 [2005/05/11 01:30:10, 5] smbd/connection.c:claim_connection(170) claiming 0 [2005/05/11 01:30:10, 6] param/loadparm.c:lp_file_list_changed(2758) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed May 11 01:27:42 2005 [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_nt1(334) using SPNEGO [2005/05/11 01:30:10, 3] smbd/negprot.c:reply_negprot(556) Selected protocol NT LANMAN 1.0 [2005/05/11 01:30:10, 5] smbd/negprot.c:reply_negprot(562) negprot index=7 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=14722 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=33536 (0x8300) smb_vwv[ 8]= 57 (0x39) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 3309 (0xCED) smb_vwv[13]=64323 (0xFB43) smb_vwv[14]=50517 (0xC555) smb_vwv[15]=26625 (0x6801) smb_vwv[16]=14849 (0x3A01) smb_bcc=58 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 6D 65 72 6C 69 6E 00 00 00 00 00 00 00 00 00 00 merlin.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,131) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,131) wrote 131 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 88 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x58 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 1 of length 92 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=14722 smb_uid=0 smb_mid=2 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]=14722 (0x3982) smb_vwv[ 5]=14723 (0x3983) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=49244 (0xC05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBsesssetupX (pid 14723) conn 0x0 [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/11 01:30:10, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/11 01:30:10, 3] smbd/sesssetup.c:reply_sesssetup_and_X(662) wct=13 flg2=0xc801 [2005/05/11 01:30:10, 3] smbd/sesssetup.c:reply_sesssetup_and_X(808) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2005/05/11 01:30:10, 3] smbd/sesssetup.c:reply_sesssetup_and_X(823) sesssetupX:name=[]\[]@[192.168.1.4] [2005/05/11 01:30:10, 6] param/loadparm.c:lp_file_list_changed(2758) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed May 11 01:27:42 2005 [2005/05/11 01:30:10, 3] smbd/sesssetup.c:check_guest_password(122) Got anonymous request [2005/05/11 01:30:10, 5] auth/auth.c:make_auth_context_subsystem(477) Making default auth method list for DC, security=user, encrypt passwords = yes [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2005/05/11 01:30:10, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match guest [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method guest has a valid init [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match sam [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method sam has a valid init [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match trustdomain [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method trustdomain has a valid init [2005/05/11 01:30:10, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method winbind has a valid init [2005/05/11 01:30:10, 5] auth/auth_util.c:make_user_info(127) attempting to make a user_info for () [2005/05/11 01:30:10, 5] auth/auth_util.c:make_user_info(137) making strings for 's user_info struct [2005/05/11 01:30:10, 5] auth/auth_util.c:make_user_info(179) making blobs for 's user_info struct [2005/05/11 01:30:10, 10] auth/auth_util.c:make_user_info(195) made an encrypted user_info for () [2005/05/11 01:30:10, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2005/05/11 01:30:10, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: []\[]@[] [2005/05/11 01:30:10, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by fixed [2005/05/11 01:30:10, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2005/05/11 01:30:10, 5] lib/util.c:dump_data(2013) [000] 00 00 00 00 00 00 00 00 ........ [2005/05/11 01:30:10, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username nobody, was [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain MIDEARTH, was [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username , was [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name nobody, was [2005/05/11 01:30:10, 4] lib/substitute.c:automount_server(337) Home server: merlin [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\merlin\nobody, was [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive H:, was NULL [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\merlin\profiles\nobody, was [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2005/05/11 01:30:10, 10] lib/account_pol.c:account_policy_get(202) account_policy_get: password history:0 [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-501 [2005/05/11 01:30:10, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-726309263-4128913605-1168186429-501 from rid 501 [2005/05/11 01:30:10, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-514 [2005/05/11 01:30:10, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-726309263-4128913605-1168186429-514 from rid 514 [2005/05/11 01:30:10, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2005/05/11 01:30:10, 5] auth/auth.c:check_ntlm_password(305) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2005/05/11 01:30:10, 5] auth/auth_util.c:free_user_info(1375) attempting to free (and zero) a user_info structure [2005/05/11 01:30:10, 10] auth/auth_util.c:free_user_info(1378) structure was created for [2005/05/11 01:30:10, 5] auth/auth_util.c:free_user_info(1375) attempting to free (and zero) a user_info structure [2005/05/11 01:30:10, 10] smbd/password.c:register_vuid(158) register_vuid: allocated vuid = 100 [2005/05/11 01:30:10, 10] lib/util_pw.c:getpwnam_alloc(98) Got nobody from pwnam_cache [2005/05/11 01:30:10, 10] smbd/password.c:register_vuid(220) register_vuid: (65534,65533) nobody nobody MIDEARTH guest=1 [2005/05/11 01:30:10, 3] smbd/password.c:register_vuid(222) User name: nobody Real name: nobody [2005/05/11 01:30:10, 3] smbd/password.c:register_vuid(241) UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2005/05/11 01:30:10, 6] param/loadparm.c:lp_file_list_changed(2758) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed May 11 01:27:42 2005 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=156 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=14722 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=115 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 31 .b.a. .3 ...0...1 [020] 00 35 00 70 00 72 00 65 00 33 00 2D 00 53 00 56 .5.p.r.e .3.-.S.V [030] 00 4E 00 2D 00 62 00 75 00 69 00 6C 00 64 00 2D .N.-.b.u .i.l.d.- [040] 00 55 00 4E 00 4B 00 4E 00 4F 00 57 00 4E 00 2D .U.N.K.N .O.W.N.- [050] 00 50 00 53 00 2D 00 53 00 75 00 53 00 45 00 00 .P.S.-.S .u.S.E.. [060] 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 00 48 .M.I.D.E .A.R.T.H [070] 00 00 00 ... [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,160) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,160) wrote 160 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 76 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x4c [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 2 of length 80 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=14722 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC [020] 00 . [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtconX (pid 14723) conn 0x0 [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/11 01:30:10, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/11 01:30:10, 4] smbd/reply.c:reply_tcon_and_X(610) Client requested device type [IPC] for share [IPC$] [2005/05/11 01:30:10, 5] smbd/service.c:make_connection(806) making a connection to 'normal' service ipc$ [2005/05/11 01:30:10, 5] lib/username.c:Get_Pwnam(293) Finding user nobody [2005/05/11 01:30:10, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is nobody [2005/05/11 01:30:10, 10] lib/util_pw.c:getpwnam_alloc(98) Got nobody from pwnam_cache [2005/05/11 01:30:10, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [nobody]! [2005/05/11 01:30:10, 3] smbd/service.c:make_connection_snum(476) Connect path is '/tmp' for service [IPC$] [2005/05/11 01:30:10, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2005/05/11 01:30:10, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2005/05/11 01:30:10, 3] smbd/vfs.c:vfs_init_default(206) Initialising default vfs hooks [2005/05/11 01:30:10, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2005/05/11 01:30:10, 10] smbd/uid.c:is_share_read_only_for_user(122) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2005/05/11 01:30:10, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) get_share_security: using default secdesc for IPC$ [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2005/05/11 01:30:10, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token of user S-1-5-21-726309263-4128913605-1168186429-501 contains 7 SIDs SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-501 SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-132067 SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2005/05/11 01:30:10, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(65534,65534) gid=(0,65533) [2005/05/11 01:30:10, 3] smbd/service.c:make_connection_snum(640) 192.168.1.4 (192.168.1.4) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 14723) [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/11 01:30:10, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/05/11 01:30:10, 3] smbd/reply.c:reply_tcon_and_X(658) tconX service=IPC$ [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 49 50 43 00 00 00 00 IPC.... [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,52) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,52) wrote 52 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 100 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x64 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 3 of length 104 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=4 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token of user S-1-5-21-726309263-4128913605-1168186429-501 contains 7 SIDs SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-501 SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-132067 SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2005/05/11 01:30:10, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(65534,65534) gid=(0,65533) [2005/05/11 01:30:10, 4] smbd/vfs.c:vfs_ChDir(662) vfs_ChDir to /tmp [2005/05/11 01:30:10, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x0, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2005/05/11 01:30:10, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \lsarpc. [2005/05/11 01:30:10, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe lsarpc opening. [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested lsarpc (pipes_open=0) [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested lsarpc [2005/05/11 01:30:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2005/05/11 01:30:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe lsarpc (pipes_open=0) [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe lsarpc with handle 7501 (pipes_open=1) [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name lsarpc pnum=7501 [2005/05/11 01:30:10, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \lsarpc [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 154 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x9a [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 4 of length 158 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29953 (0x7501) smb_bcc=87 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7501 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7501 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7501) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 1024 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7501 name: lsarpc open: Yes len: 72 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345778 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ab [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000000 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\lsarpc [2005/05/11 01:30:10, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\lsass. [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000001 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7501 name: lsarpc len: 1024 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,128) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,128) wrote 128 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 142 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x8e [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 5 of length 146 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29953 (0x7501) smb_bcc=75 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 2C .......< ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=60 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7501 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7501 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7501) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7501 name: lsarpc open: Yes len: 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 003c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000002c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0006 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 22 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/11 01:30:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2005/05/11 01:30:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[1].fn == 0x81238b5 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_open_pol [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr : 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 system_name: 005c [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_obj_attr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 len : 00000018 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c ptr_root_dir: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 ptr_obj_name: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 attributes : 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 ptr_sec_desc: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c ptr_sec_qos : 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 des_access: 02000000 [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_open_pol [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 800 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 44 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7501 name: lsarpc len: 4280 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000002 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 82 B4 81 42 83 39 00 00 00 00 00 ........ B.9..... [030] 00 . [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 6 of length 132 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29953 (0x7501) smb_bcc=61 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 1E ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 82 B4 81 42 83 39 00 00 05 00 ......B. 9.... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7501 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7501 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7501) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7501 name: lsarpc open: Yes len: 46 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001e [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/11 01:30:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/05/11 01:30:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[2].fn == 0x8123af1 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_query [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 info_class: 0005 [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_query [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 undoc_buffer: 22000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 info_class: 0005 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 lsa_io_dom_query [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 uni_dom_max_len: 0010 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a uni_dom_str_len: 0012 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c buffer_dom_name: 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 buffer_dom_sid : 00000001 [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unistr2 unistr2 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 uni_max_len: 00000009 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 offset : 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 001c uni_str_len: 00000008 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0020 buffer : M.I.D.E.A.R.T.H. [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000030 smb_io_dom_sid2 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 num_auths: 00000004 [2005/05/11 01:30:10, 8] rpc_parse/parse_prs.c:prs_debug(82) 000034 smb_io_dom_sid sid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0034 sid_rev_num: 01 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0035 num_auths : 04 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0036 id_auth[0] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0037 id_auth[1] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0038 id_auth[2] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0039 id_auth[3] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003a id_auth[4] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 003b id_auth[5] : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 004c status: NT_STATUS_OK [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 18 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 30 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7501 name: lsarpc len: 4280 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0068 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000003 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000050 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,164) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,164) wrote 164 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 126 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x7e [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 7 of length 130 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29953 (0x7501) smb_bcc=59 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 1C ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 82 B4 81 42 83 39 00 00 ......B. 9.. [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7501 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7501 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7501) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7501 name: lsarpc open: Yes len: 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0000 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\lsarpc [2005/05/11 01:30:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2005/05/11 01:30:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[4].fn == 0x8123f72 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_close [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_close [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 00 00 00 00 00 00 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called lsarpc successfully [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7501 name: lsarpc len: 4280 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000004 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 41 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x29 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 8 of length 45 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=9 smt_wct=3 smb_vwv[ 0]=29953 (0x7501) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBclose (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7501 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7501 (pipes_open=1) [2005/05/11 01:30:10, 5] smbd/pipes.c:reply_pipe_close(260) reply_pipe_close: pnum:7501 [2005/05/11 01:30:10, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) closed pipe name lsarpc pnum=7501 (pipes_open=0) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=9 smt_wct=0 smb_bcc=0 [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,39) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,39) wrote 39 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 96 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x60 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 9 of length 100 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=10 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=13 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBntcreateX (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 10] smbd/nttrans.c:reply_ntcreate_and_X(621) reply_ntcreateX: flags = 0x0, desired_access = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2005/05/11 01:30:10, 4] smbd/nttrans.c:nt_open_pipe(512) nt_open_pipe: Opening pipe \samr. [2005/05/11 01:30:10, 3] smbd/nttrans.c:nt_open_pipe(529) nt_open_pipe: Known pipe samr opening. [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) Open pipe requested samr (pipes_open=0) [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) Create pipe requested samr [2005/05/11 01:30:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe samr [2005/05/11 01:30:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe samr [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) Created internal pipe samr (pipes_open=0) [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) Opened pipe samr with handle 7502 (pipes_open=1) [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) open pipes: name samr pnum=7502 [2005/05/11 01:30:10, 5] smbd/nttrans.c:do_ntcreate_pipe_open(577) do_ntcreate_pipe_open: open pipe = \samr [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,107) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,107) wrote 107 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 154 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x9a [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 10 of length 158 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=87 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7502 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7502 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 7502) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7502 name: samr open: Yes len: 72 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 72 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0b [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0048 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 11, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 56 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 56, incoming data = 56 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 11 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(879) api_pipe_bind_req: decode request. 879 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(890) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_rb [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 num_elements: 00000001 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000c context_id : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 000e num_syntaxes: 01 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 00000f smb_io_rpc_iface [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_uuid uuid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 data : 12345778 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 data : 1234 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0016 data : abcd [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0018 data : ef 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 001a data : 01 23 45 67 89 ac [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 version: 00000001 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_rpc_iface [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_uuid uuid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0024 data : 8a885d04 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0028 data : 1ceb [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 002a data : 11c9 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002c data : 9f e8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002e data : 08 00 2b 10 48 60 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0034 version: 00000002 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1020) api_pipe_bind_req: make response. 1020 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe.c:check_bind_req(764) check_bind_req for \PIPE\samr [2005/05/11 01:30:10, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/11 01:30:10, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\lsarpc [2005/05/11 01:30:10, 10] rpc_server/srv_pipe.c:check_bind_req(770) checking \PIPE\samr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_ba [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_bba [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0000 max_tsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0002 max_rsize: 10b8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 assoc_gid: 000053f0 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_rpc_addr_str [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 len: 000c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000a str: \PIPE\lsass. [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 smb_io_rpc_results [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0018 num_results: 01 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001c result : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 001e reason : 0000 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_rpc_iface [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_uuid uuid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 data : 8a885d04 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0024 data : 1ceb [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0026 data : 11c9 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 0028 data : 9f e8 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 002a data : 08 00 2b 10 48 60 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0030 version: 00000002 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 0c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0044 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000005 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 56 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7502 name: samr len: 4280 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,128) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,128) wrote 128 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 142 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x8e [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 11 of length 146 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=75 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 2C .......< ......., [020] 00 00 00 00 00 39 00 01 00 00 00 07 00 00 00 00 .....9.. ........ [030] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I [040] 00 4E 00 00 00 00 00 00 00 00 02 .N...... ... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=60 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7502 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7502 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 7502) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7502 name: samr open: Yes len: 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 003c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 44, incoming data = 44 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000002c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0039 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 20 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/11 01:30:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT [2005/05/11 01:30:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[1].fn == 0x8154bb1 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 ptr_srv_name: 00000001 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 uni_max_len: 00000007 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0008 offset : 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c uni_str_len: 00000007 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841) 0010 buffer : M.E.R.L.I.N... [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0020 access_mask: 02000000 [2005/05/11 01:30:10, 5] rpc_server/srv_samr_nt.c:_samr_connect(2154) _samr_connect: 2154 [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 [2005/05/11 01:30:10, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_connect: access GRANTED (requested: 0x02000000, granted: 0x00020031) [2005/05/11 01:30:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid (NULL) [2005/05/11 01:30:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(246) get_samr_info_by_sid: created new info for NULL sid. [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 5] rpc_server/srv_samr_nt.c:_samr_connect(2186) _samr_connect: 2186 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000002 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 970 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 44 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7502 name: samr len: 4280 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000006 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 82 B4 81 42 83 39 00 00 00 00 00 ........ B.9..... [030] 00 . [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 158 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x9e [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 12 of length 162 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=91 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 3C .......L .......< [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 82 B4 81 42 83 39 00 00 00 00 00 02 04 ......B. 9....... [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 8F ........ ........ [050] 99 4A 2B C5 38 1A F6 3D 1C A1 45 .J+.8..= ..E [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7502 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7502 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 7502) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7502 name: samr open: Yes len: 76 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 004c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000003c [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0007 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/11 01:30:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/05/11 01:30:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[39].fn == 0x8153186 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000002 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0014 flags: 02000000 [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0018 num_auths: 00000004 [2005/05/11 01:30:10, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001c sid_rev_num: 01 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001d num_auths : 04 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001e id_auth[0] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 001f id_auth[1] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0020 id_auth[2] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0021 id_auth[3] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0022 id_auth[4] : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0023 id_auth[5] : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32s(896) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(196) _samr_open_domain: access check ((granted: 0x00020031; required: 0x00000020) [2005/05/11 01:30:10, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(250) [2005/05/11 01:30:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 [2005/05/11 01:30:10, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) _samr_open_domain: access GRANTED (requested: 0x02000000, granted: 0x000f07ff) [2005/05/11 01:30:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(242) get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(699) 0014 status: NT_STATUS_OK [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(1580) api_rpcTNP: called samr successfully [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7502 name: samr len: 4280 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 02 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 0030 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000007 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0010 alloc_hint: 00000018 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0016 cancel_ct : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0017 reserved : 00 [2005/05/11 01:30:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 82 B4 81 42 83 39 00 00 00 00 00 ........ B.9..... [030] 00 . [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(458) write_socket(29,108) [2005/05/11 01:30:10, 6] lib/util_sock.c:write_socket(461) write_socket(29,108) wrote 108 [2005/05/11 01:30:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(514) got smb length of 128 [2005/05/11 01:30:10, 6] smbd/process.c:process_smb(1101) got message type 0x0 of len 0x80 [2005/05/11 01:30:10, 3] smbd/process.c:process_smb(1102) Transaction 13 of length 132 [2005/05/11 01:30:10, 5] lib/util.c:show_msg(454) [2005/05/11 01:30:10, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=14722 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29954 (0x7502) smb_bcc=61 [2005/05/11 01:30:10, 10] lib/util.c:dump_data(2013) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 08 00 00 00 1E ........ ........ [020] 00 00 00 00 00 08 00 00 00 00 00 03 00 00 00 00 ........ ........ [030] 00 00 00 82 B4 81 42 83 39 00 00 02 00 ......B. 9.... [2005/05/11 01:30:10, 3] smbd/process.c:switch_message(893) switch message SMBtrans (pid 14723) conn 0x83b15dc [2005/05/11 01:30:10, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/05/11 01:30:10, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/05/11 01:30:10, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/05/11 01:30:10, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/05/11 01:30:10, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/05/11 01:30:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7502 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=7502 (pipes_open=1) [2005/05/11 01:30:10, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 7502) [2005/05/11 01:30:10, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83b2300 max_trans_reply: 4280 [2005/05/11 01:30:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7502 name: samr open: Yes len: 46 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 46 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0000 major : 05 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0001 minor : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0002 pkt_type : 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0003 flags : 03 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0004 pack_type0: 10 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0005 pack_type1: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0006 pack_type2: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8(580) 0007 pack_type3: 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 frag_len : 002e [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a auth_len : 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 000c call_id : 00000008 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 30 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 30, incoming data = 30 [2005/05/11 01:30:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 alloc_hint: 0000001e [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0004 context_id: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0006 opnum : 0008 [2005/05/11 01:30:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2005/05/11 01:30:10, 5] rpc_server/srv_pipe.c:api_pipe_request(1499) Requested \PIPE\samr [2005/05/11 01:30:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1533) api_rpcTNP: samr op 0x8 - api_rpcTNP: rpc command: SAMR_QUERY_DOMAIN_INFO [2005/05/11 01:30:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(1559) api_rpc_cmds[24].fn == 0x8154751 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_query_dom_info [2005/05/11 01:30:10, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0000 data1: 00000000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint32(669) 0004 data2: 00000003 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0008 data3: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 000a data4: 0000 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint8s(756) 000c data5: 82 b4 81 42 83 39 00 00 [2005/05/11 01:30:10, 5] rpc_parse/parse_prs.c:prs_uint16(640) 0014 switch_value: 0002 [2005/05/11 01:30:10, 5] rpc_server/srv_samr_nt.c:_samr_query_dom_info(1806) _samr_query_dom_info: 1806 [2005/05/11 01:30:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 82 B4 81 42 ........ .......B [010] 83 39 00 00 .9.. [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2005/05/11 01:30:10, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/05/11 01:30:10, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_nt_user_token(480) NT user token: (NULL) [2005/05/11 01:30:10, 5] auth/auth_util.c:debug_unix_user_token(501) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/05/11 01:30:10, 3] lib/smbldap.c:smbldap_search_paged(1133) smbldap_search_paged: base => [ou=Users,dc=terpstra-world,dc=org], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024] [2005/05/11 01:30:10, 5] lib/smbldap.c:smbldap_search_ext(1042) smbldap_search_ext: base => [ou=Users,dc=terpstra-world,dc=org], filter => [(&(uid=*)(objectclass=sambaSamAccount))], scope => [2] [2005/05/11 01:30:10, 5] lib/smbldap.c:smbldap_close(951) The connection to the LDAP server was closed [2005/05/11 01:30:10, 10] lib/smbldap.c:smbldap_open_connection(596) smbldap_open_connection: ldap://merlin.terpstra-world.org [2005/05/11 01:30:10, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/05/11 01:30:10, 10] lib/smbldap.c:smbldap_connect_system(824) ldap_connect_system: Binding to ldap server ldap://merlin.terpstra-world.org as "cn=Manager,dc=terpstra-world,dc=org" [2005/05/11 01:30:10, 3] lib/smbldap.c:smbldap_connect_system(867) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/05/11 01:30:10, 4] lib/smbldap.c:smbldap_open(931) The LDAP server is succesfully connected [2005/05/11 01:30:10, 3] lib/smbldap.c:smbldap_search_paged(1172) smbldap_search_paged: search was successfull [2005/05/11 01:30:10, 0] lib/fault.c:fault_report(36) =============================================================== [2005/05/11 01:30:10, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 14723 (3.0.15pre3-SVN-build-UNKNOWN-PS-SuSE) Please read the appendix Bugs of the Samba HOWTO collection [2005/05/11 01:30:10, 0] lib/fault.c:fault_report(39) =============================================================== [2005/05/11 01:30:10, 0] lib/util.c:smb_panic2(1508) PANIC: internal error [2005/05/11 01:30:10, 0] lib/util.c:smb_panic2(1516) BACKTRACE: 29 stack frames: #0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81f1590] #1 /usr/sbin/smbd(smb_panic+0x19) [0x81f13d8] #2 /usr/sbin/smbd [0x81df10d] #3 /usr/sbin/smbd [0x81df182] #4 [0xffffe420] #5 /usr/sbin/smbd [0x81cb7c7] #6 /usr/sbin/smbd [0x81cb5f8] #7 /usr/sbin/smbd [0x81bf6a4] #8 /usr/sbin/smbd(pdb_search_entries+0x28) [0x81bf854] #9 /usr/sbin/smbd [0x8157b8b] #10 /usr/sbin/smbd(_samr_query_dom_info+0x1fb) [0x815b53d] #11 /usr/sbin/smbd [0x8154837] #12 /usr/sbin/smbd(api_rpcTNP+0x232) [0x816a2c7] #13 /usr/sbin/smbd(api_pipe_request+0xdf) [0x816a00b] #14 /usr/sbin/smbd [0x8164e9d] #15 /usr/sbin/smbd [0x81650be] #16 /usr/sbin/smbd [0x8165376] #17 /usr/sbin/smbd [0x8165583] #18 /usr/sbin/smbd(write_to_pipe+0x109) [0x81654f2] #19 /usr/sbin/smbd [0x809800a] #20 /usr/sbin/smbd [0x80982b5] #21 /usr/sbin/smbd(reply_trans+0xbe2) [0x8098f0c] #22 /usr/sbin/smbd [0x80e6028] #23 /usr/sbin/smbd [0x80e60d8] #24 /usr/sbin/smbd(process_smb+0x1fb) [0x80e642e] #25 /usr/sbin/smbd(smbd_process+0x170) [0x80e701b] #26 /usr/sbin/smbd(main+0x8a1) [0x826c4b4] #27 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x40243260] #28 /usr/sbin/smbd [0x8083f61]