[2006/01/01 18:06:06, 10] smbd/process.c:run_events(299) run_events: No events [2006/01/01 18:06:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 448 [2006/01/01 18:06:06, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x1c0 [2006/01/01 18:06:06, 3] smbd/process.c:process_smb(1194) Transaction 16 of length 452 [2006/01/01 18:06:06, 5] lib/util.c:show_msg(454) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(464) size=448 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=103 smb_mid=53504 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30165 (0x75D5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 384 (0x180) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 384 (0x180) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=385 [2006/01/01 18:06:06, 10] lib/util.c:dump_data(2058) [000] EE 05 00 00 03 10 00 00 00 80 01 20 00 01 00 00 ........ ... .... [010] 00 38 01 00 00 00 00 02 00 2A FA C8 85 83 F3 78 .8...... .*.....x [020] E9 4E 02 BA B1 30 D4 43 AC C2 D6 EA 5B 53 4A 99 .N...0.C ....[SJ. [030] E9 CE 9A C5 44 79 1D A0 14 3A 45 94 FE 50 70 3B ....Dy.. .:E..Pp; [040] 35 1E 38 15 06 92 17 9C 71 AA 1A 6D A3 18 43 E4 5.8..... q..m..C. [050] 3F CF AB BF 0B D5 C7 EF 2F 3A E1 D6 03 2E 1D AB ?....... /:...... [060] 89 B3 1F F4 0B 3E 37 F3 8E F4 72 66 5E 8B 36 BB .....>7. ..rf^.6. [070] A5 6E 15 AD 19 F3 5C 74 31 A5 57 B5 A1 01 C8 DB .n....\t 1.W..... [080] 87 04 12 F2 0B EC 29 BA E1 56 7E D5 C0 49 2D 42 ......). .V~..I-B [090] EF 15 58 CD E5 4A 34 1E AD 8D B9 3B 02 29 21 69 ..X..J4. ...;.)!i [0A0] 85 07 8F 1B F5 6D 57 8E 1D 80 B4 A7 55 50 DF 32 .....mW. ....UP.2 [0B0] E8 44 78 F2 34 94 57 69 24 12 10 4C 28 7E 3D 79 .Dx.4.Wi $..L(~=y [0C0] 2A 3A FB F6 12 73 82 4B 6D 39 CB 18 68 C3 9D 81 *:...s.K m9..h... [0D0] 20 34 9E CB C5 56 2E F0 26 B0 A7 B8 97 CC 56 62 4...V.. &.....Vb [0E0] 59 86 4F 63 E7 DE 42 43 2A 08 11 7F 93 C4 5C 9C Y.Oc..BC *.....\. [0F0] 8E 35 F7 07 DC F7 DD 97 50 DC 87 DD EC DD 6D E2 .5...... P.....m. [100] BE 61 BE 38 16 10 A0 30 2F 30 C9 62 F3 DD 88 AB .a.8...0 /0.b.... [110] 5E 31 25 E0 FE 72 66 D3 EE 6D 7C 7D E6 87 28 7E ^1%..rf. .m|}..(~ [120] 24 DD 3B 54 98 EF 70 35 B8 E3 06 26 1A D9 B2 AE $.;T..p5 ...&.... [130] FF 15 E6 14 7C A7 12 67 D7 C7 3C 1A 39 A7 15 4C ....|..g ..<.9..L [140] 01 8C DD 52 5C F0 89 6A 51 79 8A 7F 7C 2E 05 3B ...R\..j Qy..|..; [150] C6 84 94 FC 0F E9 AF 15 35 44 06 08 00 D0 8E 09 ........ 5D...... [160] 00 77 00 7A 00 FF FF 00 00 77 18 09 98 89 9F 31 .w.z.... .w.....1 [170] 07 FC 06 2B 07 89 D5 52 82 E2 6B 7D 2C D3 B6 C4 ...+...R ..k},... [180] CF . [2006/01/01 18:06:06, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 32302) conn 0x803ce868 [2006/01/01 18:06:06, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/01 18:06:06, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=75d5 [2006/01/01 18:06:06, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=75d5 (pipes_open=1) [2006/01/01 18:06:06, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 75d5 name: NETLOGON open: Yes len: 384 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 384 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 384 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 384, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 368 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 368 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0180 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0020 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/01/01 18:06:06, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 368 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 368, incoming data = 368 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000138 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0002 [2006/01/01 18:06:06, 5] rpc_server/srv_pipe.c:api_pipe_schannel_process(2035) data 320 auth 32 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000148 smb_io_rpc_hdr_auth hdr_auth [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0148 auth_type : 44 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0149 auth_level : 06 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 014a auth_pad_len : 08 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 014b auth_reserved: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 014c auth_context_id: 00098ed0 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000150 smb_io_rpc_auth_schannel_chk [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0150 sig : 77 00 7a 00 ff ff 00 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0158 seq_num: 77 18 09 98 89 9f 31 07 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0160 packet_digest: fc 06 2b 07 89 d5 52 82 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0168 confounder: e2 6b 7d 2c d3 b6 c4 cf [2006/01/01 18:06:06, 10] rpc_parse/parse_prs.c:schannel_decode(1619) SCHANNEL: schannel_decode seq_num=0 data_len=320 [2006/01/01 18:06:06, 10] rpc_parse/parse_prs.c:schannel_decode(1639) SCHANNEL: schannel_decode seq_num=0 data_len=320 [2006/01/01 18:06:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 73 [2006/01/01 18:06:06, 5] rpc_server/srv_pipe.c:api_pipe_request(2172) Requested \PIPE\NETLOGON [2006/01/01 18:06:06, 4] rpc_server/srv_pipe.c:api_rpcTNP(2207) api_rpcTNP: NETLOGON op 0x2 - api_rpcTNP: rpc command: NET_SAMLOGON [2006/01/01 18:06:06, 6] rpc_server/srv_pipe.c:api_rpcTNP(2233) api_rpc_cmds[4].fn == 0x80104570 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_sam_logon [2006/01/01 18:06:06, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_sam_info [2006/01/01 18:06:06, 7] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_info2 [2006/01/01 18:06:06, 8] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_srv [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer : 014be3a8 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000009 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000009 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 0010 buffer : \.\.S.E.R.V.E.R... [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 undoc_buffer2: 000abedc [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_unistr2 unistr2 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 uni_max_len: 00000009 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 002c offset : 00000000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 uni_str_len: 00000009 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 0034 buffer : E.X.C.H.A.N.G.E... [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0048 ptr_cred: 015ef494 [2006/01/01 18:06:06, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_cred [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_chal [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 004c data: 31 14 6e 6c d4 4c a9 d0 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_utime [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0054 time: 43b80c5e [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0058 ptr_rtn_cred : 015ef4a0 [2006/01/01 18:06:06, 7] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_cred [2006/01/01 18:06:06, 8] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_chal [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 005c data: 78 16 88 77 ff ff ff ff [2006/01/01 18:06:06, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 smb_io_utime [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0064 time: 015ef4bc [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0068 logon_level : 0001 [2006/01/01 18:06:06, 7] rpc_parse/parse_prs.c:prs_debug(84) 00006a smb_io_sam_info logon_info [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 006a switch_value : 0001 [2006/01/01 18:06:06, 8] rpc_parse/parse_prs.c:prs_debug(84) 00006c net_io_id_info1 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 006c ptr_id_info1: 015ef764 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr unihdr [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0070 uni_str_len: 0008 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0072 uni_max_len: 0008 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0074 buffer : 014bf934 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0078 param_ctrl: 00000000 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 00007c smb_io_logon_id [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 007c low : 003813ea [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0080 high: 00000000 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 smb_io_unihdr unihdr [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0084 uni_str_len: 0006 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0086 uni_max_len: 0006 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0088 buffer : 014bf92c [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_unihdr unihdr [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 008c uni_str_len: 0010 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 008e uni_max_len: 0012 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0090 buffer : 00088240 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 000094 smb_io_owf_info [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0094 data: a3 54 d1 aa 01 91 80 0e e9 ae ec a2 f0 c9 3b 97 [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a4 smb_io_owf_info [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 00a4 data: 98 95 e1 52 2c 46 04 00 82 fb fa a8 73 81 7e 5b [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000b4 smb_io_unistr2 unistr2 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00b4 uni_max_len: 00000004 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00b8 offset : 00000000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00bc uni_str_len: 00000004 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 00c0 buffer : I.-.B.N. [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000c8 smb_io_unistr2 unistr2 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00c8 uni_max_len: 00000003 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00cc offset : 00000000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00d0 uni_str_len: 00000003 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 00d4 buffer : c.a.d. [2006/01/01 18:06:06, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000da smb_io_unistr2 unistr2 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00dc uni_max_len: 00000009 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00e0 offset : 00000000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 00e4 uni_str_len: 00000008 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 00e8 buffer : E.X.C.H.A.N.G.E. [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 00f8 validation_level: 0003 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_step(82) sequence = 0x43b80c5e [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_step(84) seed: 3BA1F234D1A69C74 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_step(89) seed+seq 99ADAA78D1A69C74 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_step(93) CLIENT 9D36EEDA4964B11D [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_step(98) seed+seq+1 9AADAA78D1A69C74 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_step(102) SERVER D23C8DE0F8876EE8 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_reseed(179) cred_reseed: seed 9AADAA78D1A69C74 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_server_check(157) creds_server_check: challenge : 31146E6CD44CA9D0 [2006/01/01 18:06:06, 5] libsmb/credentials.c:creds_server_check(158) calculated: 9D36EEDA4964B11D [2006/01/01 18:06:06, 0] libsmb/credentials.c:creds_server_check(159) creds_server_check: credentials check failed. [2006/01/01 18:06:06, 0] rpc_server/srv_netlog_nt.c:_net_sam_logon(667) _net_sam_logon: creds_server_step failed. Rejecting auth request from client EXCHANGE machine account EXCHANGE$ [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_sam_logon [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 buffer_creds: 00000001 [2006/01/01 18:06:06, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_cred [2006/01/01 18:06:06, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_chal [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0004 data: d2 3c 8d e0 f8 87 6e e8 [2006/01/01 18:06:06, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_utime [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c time: 43b80c5f [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0010 switch_value: 0003 [2006/01/01 18:06:06, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 net_io_user_info3 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 ptr_user_info : 00000000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 auth_resp : 00000001 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 001c status : NT_STATUS_ACCESS_DENIED [2006/01/01 18:06:06, 5] rpc_server/srv_pipe.c:api_rpcTNP(2254) api_rpcTNP: called NETLOGON successfully [2006/01/01 18:06:06, 10] rpc_server/srv_pipe.c:api_rpcTNP(2263) api_rpcTNP: rpc input buffer underflow (parse error?) [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 00fa : 00 00 8a e3 13 71 02 f4 36 71 01 00 04 00 01 00 00 00 02 40 28 00 78 56 34 12 34 12 cd ab ef 00 01 23 45 67 cf fb 01 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 00 00 [2006/01/01 18:06:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 652 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 368 [2006/01/01 18:06:06, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=75d5 nwritten=384 [2006/01/01 18:06:06, 5] lib/util.c:show_msg(454) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=103 smb_mid=53504 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 384 (0x180) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/01/01 18:06:06, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/01/01 18:06:06, 10] smbd/process.c:run_events(299) run_events: No events [2006/01/01 18:06:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 59 [2006/01/01 18:06:06, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x3b [2006/01/01 18:06:06, 3] smbd/process.c:process_smb(1194) Transaction 17 of length 63 [2006/01/01 18:06:06, 5] lib/util.c:show_msg(454) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=103 smb_mid=53568 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30165 (0x75D5) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/01/01 18:06:06, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 32302) conn 0x803ce868 [2006/01/01 18:06:06, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/01 18:06:06, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=75d5 [2006/01/01 18:06:06, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=75d5 (pipes_open=1) [2006/01/01 18:06:06, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 75d5 name: NETLOGON len: 1024 [2006/01/01 18:06:06, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0060 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0020 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000020 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_rpc_hdr_auth hdr_auth [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 auth_type : 44 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 auth_level : 06 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a auth_pad_len : 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b auth_reserved: 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint32(703) 003c auth_context_id: 00000001 [2006/01/01 18:06:06, 10] rpc_parse/parse_prs.c:schannel_encode(1542) SCHANNEL: schannel_encode seq_num=1 data_len=32 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_rpc_auth_schannel_chk [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0040 sig : 77 00 7a 00 ff ff 00 00 [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0048 seq_num: 73 f3 37 5c c4 2c da 1f [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0050 packet_digest: 1c 03 c2 a9 c8 90 5a 1f [2006/01/01 18:06:06, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0058 confounder: 6c 29 bc e7 08 5f 2b e4 [2006/01/01 18:06:06, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=75d5 min=1024 max=1024 nread=96 [2006/01/01 18:06:06, 5] lib/util.c:show_msg(454) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(464) size=155 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=103 smb_mid=53568 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 96 (0x60) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=96 [2006/01/01 18:06:06, 10] lib/util.c:dump_data(2058) [000] 05 00 02 03 10 00 00 00 60 00 20 00 01 00 00 00 ........ `. ..... [010] 20 00 00 00 00 00 00 00 FF 83 B5 33 9C 42 20 A7 ....... ...3.B . [020] 90 89 12 80 D4 B6 9D 90 12 8C 69 C3 07 35 BE 05 ........ ..i..5.. [030] 45 4B A6 8F D7 C9 22 6F 44 06 00 00 01 00 00 00 EK...."o D....... [040] 77 00 7A 00 FF FF 00 00 73 F3 37 5C C4 2C DA 1F w.z..... s.7\.,.. [050] 1C 03 C2 A9 C8 90 5A 1F 6C 29 BC E7 08 5F 2B E4 ......Z. l)..._+. [2006/01/01 18:06:06, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/01/01 18:06:06, 10] smbd/process.c:run_events(299) run_events: No events [2006/01/01 18:06:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 41 [2006/01/01 18:06:06, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x29 [2006/01/01 18:06:06, 3] smbd/process.c:process_smb(1194) Transaction 18 of length 45 [2006/01/01 18:06:06, 5] lib/util.c:show_msg(454) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=103 smb_mid=53632 smt_wct=3 smb_vwv[ 0]=30165 (0x75D5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/01/01 18:06:06, 3] smbd/process.c:switch_message(993) switch message SMBclose (pid 32302) conn 0x803ce868 [2006/01/01 18:06:06, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/01/01 18:06:06, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=75d5 [2006/01/01 18:06:06, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=75d5 (pipes_open=1) [2006/01/01 18:06:06, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:75d5 [2006/01/01 18:06:06, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2006/01/01 18:06:06, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) closed pipe name NETLOGON pnum=75d5 (pipes_open=0) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(454) [2006/01/01 18:06:06, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=103 smb_mid=53632 smt_wct=0 smb_bcc=0 [2006/01/01 18:06:06, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/01/01 18:06:06, 10] smbd/process.c:run_events(299) run_events: No events