se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 11:46:32, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0040 sub_auths : 00000020 00000223 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0032 size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000048 sec_io_ace ace_list[02]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0048 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0049 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 00004c sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 004c mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000050 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0050 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0051 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0052 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0053 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0054 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0055 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0056 id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0057 id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0058 sub_auths : 00000020 00000225 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 004a size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000060 sec_io_ace ace_list[03]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0060 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0061 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000064 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0064 mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000068 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0068 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0069 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0070 sub_auths : 00000020 00000220 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0062 size : 0018 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0016 size : 0064 [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 11:46:32, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2006/03/15 11:46:32, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 11:46:32, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 11:46:32, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(250) [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 11:46:32, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2006/03/15 11:46:32, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 11:46:32, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 11:46:32, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(250) [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 11:46:32, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0040 sub_auths : 00000020 00000223 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0032 size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000048 sec_io_ace ace_list[02]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0048 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0049 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 00004c sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 004c mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000050 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0050 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0051 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0052 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0053 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0054 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0055 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0056 id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0057 id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0058 sub_auths : 00000020 00000225 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 004a size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000060 sec_io_ace ace_list[03]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0060 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0061 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000064 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0064 mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000068 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0068 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0069 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0070 sub_auths : 00000020 00000220 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0062 size : 0018 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0016 size : 0064 [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 11:46:32, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2006/03/15 11:46:32, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 11:46:32, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 11:46:32, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(250) [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 11:46:32, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2006/03/15 11:46:32, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 11:46:32, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 11:46:32, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(250) [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 11:46:32, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0040 sub_auths : 00000020 00000223 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0032 size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000048 sec_io_ace ace_list[02]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0048 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0049 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 00004c sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 004c mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000050 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0050 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0051 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0052 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0053 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0054 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0055 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0056 id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0057 id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0058 sub_auths : 00000020 00000225 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 004a size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000060 sec_io_ace ace_list[03]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0060 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0061 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000064 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0064 mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000068 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0068 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0069 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0070 sub_auths : 00000020 00000220 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0062 size : 0018 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0016 size : 0064 [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 11:46:32, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2006/03/15 11:46:32, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 11:46:32, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 11:46:32, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(250) [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 11:46:32, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2006/03/15 11:46:32, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2006/03/15 11:46:32, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 11:46:32, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 11:46:32, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(250) [2006/03/15 11:46:32, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 11:46:32, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 11:46:32, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 003f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0040 sub_auths : 00000020 00000223 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0032 size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000048 sec_io_ace ace_list[02]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0048 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0049 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 00004c sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 004c mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000050 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0050 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0051 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0052 id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0053 id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0054 id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0055 id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0056 id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0057 id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0058 sub_auths : 00000020 00000225 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 004a size : 0018 [2006/03/15 11:46:32, 7] rpc_parse/parse_prs.c:(84) 000060 sec_io_ace ace_list[03]: [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0060 type : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0061 flags: 00 [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000064 sec_io_access info [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(703) 0064 mask: 000f01ff [2006/03/15 11:46:32, 8] rpc_parse/parse_prs.c:(84) 000068 smb_io_dom_sid trustee [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0068 sid_rev_num: 01 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 0069 num_auths : 02 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006a id_auth[0] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006b id_auth[1] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006c id_auth[2] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006d id_auth[3] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006e id_auth[4] : 00 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(614) 006f id_auth[5] : 05 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(959) 0070 sub_auths : 00000020 00000220 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0062 size : 0018 [2006/03/15 11:46:32, 5] rpc_parse/parse_prs.c:(674) 0016 size : 0064 [2006/03/15 11:46:32, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (1) [2006/03/15 11:46:32, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (0) [2006/03/15 11:46:32, 10] printing/nt_printing.c:(689) update_c_setprinter: c_setprinter = 0 [2006/03/15 11:46:32, 6] libads/ldap.c:(217) ads_find_dc: looking for realm 'CIFS-DOMAIN.COM' [2006/03/15 11:46:32, 8] libsmb/namequery.c:(1433) get_sorted_dc_list: attempting lookup using [ads] [2006/03/15 11:46:32, 10] libsmb/namequery.c:(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/03/15 11:46:32, 4] libsmb/namequery.c:(1406) get_dc_list: returning 1 ip addresses in an ordered list [2006/03/15 11:46:32, 4] libsmb/namequery.c:(1407) get_dc_list: 172.16.20.227:389 [2006/03/15 11:46:32, 5] libads/ldap.c:(126) ads_try_connect: trying ldap server '172.16.20.227' port 389 [2006/03/15 11:46:32, 3] libads/ldap.c:(288) Connected to LDAP server 172.16.20.227 [2006/03/15 11:46:32, 3] libads/ldap.c:(2542) got ldap server name cifs-dc@CIFS-DOMAIN, using bind path: dc=CIFS-DOMAIN [2006/03/15 11:46:32, 4] libads/ldap.c:(2548) time offset is 3560 seconds [2006/03/15 11:46:32, 4] libads/sasl.c:(455) Found SASL mechanism GSS-SPNEGO [2006/03/15 11:46:32, 3] libads/sasl.c:(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/03/15 11:46:32, 3] libads/sasl.c:(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/03/15 11:46:32, 3] libads/sasl.c:(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/03/15 11:46:32, 3] libads/sasl.c:(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/03/15 11:46:32, 3] libads/sasl.c:(219) ads_sasl_spnego_bind: got server principal name =cifs-dc$@CIFS-DOMAIN [2006/03/15 11:46:32, 3] libsmb/clikrb5.c:(479) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/03/15 11:46:32, 0] libads/kerberos.c:(164) kerberos_kinit_password host/AURORA@CIFS-DOMAIN failed: Cannot resolve network address for KDC in requested realm [2006/03/15 11:46:32, 3] printing/nt_printing.c:(3193) ads_connect failed: Cannot resolve network address for KDC in requested realm [2006/03/15 11:46:32, 0] printing/nt_printing.c:(628) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED [2006/03/15 11:46:32, 5] smbd/connection.c:(170) claiming 0 [2006/03/15 11:46:32, 3] printing/printing.c:(1379) start_background_queue: Starting background LPQ thread [2006/03/15 11:46:32, 5] printing/printing.c:(1389) start_background_queue: background LPQ thread started [2006/03/15 11:46:32, 5] smbd/connection.c:(170) claiming smbd lpq backend 0 [2006/03/15 11:46:32, 5] printing/printing.c:(1400) start_background_queue: background LPQ thread waiting for messages [2006/03/15 11:46:32, 10] lib/util_sock.c:(835) bind succeeded on port 445 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_KEEPALIVE = 8 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_REUSEADDR = 4 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_BROADCAST = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option TCP_NODELAY = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_LOWDELAY = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_THROUGHPUT = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_SNDBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_RCVBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDTIMEO. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVTIMEO. [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_KEEPALIVE = 8 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_REUSEADDR = 4 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_BROADCAST = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option TCP_NODELAY = 1 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_LOWDELAY = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_THROUGHPUT = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_SNDBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_RCVBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDTIMEO. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVTIMEO. [2006/03/15 11:46:32, 10] lib/util_sock.c:(835) bind succeeded on port 139 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_KEEPALIVE = 8 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_REUSEADDR = 4 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_BROADCAST = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option TCP_NODELAY = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_LOWDELAY = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_THROUGHPUT = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_SNDBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_RCVBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDTIMEO. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVTIMEO. [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_KEEPALIVE = 8 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_REUSEADDR = 4 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_BROADCAST = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option TCP_NODELAY = 1 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_LOWDELAY = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option IPTOS_THROUGHPUT = 0 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_SNDBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(206) socket option SO_RCVBUF = 49152 [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVLOWAT. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_SNDTIMEO. [2006/03/15 11:46:32, 5] lib/util_sock.c:(204) Could not test socket option SO_RCVTIMEO. [2006/03/15 11:46:32, 2] smbd/server.c:(336) waiting for a connection [2006/03/15 14:30:19, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/15 14:30:19, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:19, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:19, 5] smbd/uid.c:(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/03/15 14:30:19, 2] smbd/server.c:(614) Closing connections [2006/03/15 14:30:19, 3] smbd/connection.c:(69) Yielding connection to [2006/03/15 14:30:19, 3] smbd/server.c:(655) Server exit (Caught TERM signal) [2006/03/15 14:30:19, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/15 14:30:19, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:19, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:19, 5] smbd/uid.c:(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/03/15 14:30:19, 2] smbd/server.c:(614) Closing connections [2006/03/15 14:30:19, 3] smbd/connection.c:(69) Yielding connection to [2006/03/15 14:30:19, 3] smbd/connection.c:(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2006/03/15 14:30:19, 3] smbd/server.c:(655) Server exit (Caught TERM signal) [2006/03/15 14:30:23, 6] param/loadparm.c:(2950) lp_file_list_changed() file /var/opt/CLLF/etc/smb.conf -> /var/opt/CLLF/etc/smb.conf last mod_time: Wed Mar 15 14:28:53 2006 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=10.1.1.30 bcast=10.255.255.255 nmask=255.0.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.91 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.92 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.93 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 2] lib/interface.c:(81) added interface ip=172.16.4.94 bcast=172.16.255.255 nmask=255.255.0.0 [2006/03/15 14:30:23, 5] lib/util.c:(260) Netbios name list:- my_netbios_names[0]="AURORA" [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/uid.c:(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:23, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(950) Trying to load: smbpasswd [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend ldapsam [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'ldapsam' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend ldapsam_compat [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'ldapsam_compat' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend NDS_ldapsam [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'NDS_ldapsam' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend NDS_ldapsam_compat [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'NDS_ldapsam_compat' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend smbpasswd [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'smbpasswd' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend tdbsam [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'tdbsam' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(94) Attempting to register passdb backend guest [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(107) Successfully added passdb backend 'guest' [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(822) Attempting to find an passdb backend to match smbpasswd (smbpasswd) [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(843) Found pdb backend smbpasswd [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(846) pdb backend smbpasswd has a valid init [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(822) Attempting to find an passdb backend to match guest (guest) [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(843) Found pdb backend guest [2006/03/15 14:30:23, 5] passdb/pdb_interface.c:(846) pdb backend guest has a valid init [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(1371) smbpasswd_getsampwrid: search by sid: S-1-5-21-2040308238-506828212-2346554114-501 [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(1322) getsampwnam (smbpasswd): search by name: nobody [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(184) startsmbfilepwent_internal: opening file /opt/csw/etc/samba/private/smbpasswd [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(462) getsmbfilepwent: LM password for user nobody invalidated [2006/03/15 14:30:23, 5] passdb/pdb_smbpasswd.c:(488) getsmbfilepwent: returning passwd entry for user nobody, uid 60001 [2006/03/15 14:30:23, 7] passdb/pdb_smbpasswd.c:(301) endsmbfilepwent_internal: closed password file. [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(1344) getsampwnam (smbpasswd): found by name: nobody [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(617) pdb_set_username: setting username nobody, was [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(698) pdb_set_full_name: setting full name NFS Anonymous Access User, was [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(833) pdb_set_unix_homedir: setting home dir /, was NULL [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(644) pdb_set_domain: setting domain AURORA, was [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(544) pdb_set_user_sid: setting user sid S-1-5-21-2040308238-506828212-2346554114-501 [2006/03/15 14:30:23, 10] passdb/pdb_compat.c:(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2040308238-506828212-2346554114-501 from rid 501 [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(580) pdb_set_group_sid: setting group sid S-1-5-21-2040308238-506828212-2346554114-514 [2006/03/15 14:30:23, 10] passdb/pdb_compat.c:(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-2040308238-506828212-2346554114-514 from rid 514 [2006/03/15 14:30:23, 4] lib/substitute.c:(359) Home server: aurora [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(752) pdb_set_profile_path: setting profile path \\aurora\nobody\profile, was [2006/03/15 14:30:23, 4] lib/substitute.c:(359) Home server: aurora [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(806) pdb_set_homedir: setting home dir \\aurora\nobody, was [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(779) pdb_set_dir_drive: setting dir drive , was NULL [2006/03/15 14:30:23, 10] passdb/pdb_get_set.c:(725) pdb_set_logon_script: setting logon script , was [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 10] lib/util_pw.c:(98) Got nobody from pwnam_cache [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/uid.c:(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:23, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:23, 10] lib/system_smbd.c:(167) sys_getgrouplist: user [nobody] [2006/03/15 14:30:23, 10] lib/system_smbd.c:(176) sys_getgrouplist(): disabled winbindd for group lookup [user == nobody] [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/03/15 14:30:23, 3] smbd/uid.c:(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/03/15 14:30:23, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:23, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:23, 8] lib/system_smbd.c:(49) remove_duplicate_gids: Enter 2 gids [2006/03/15 14:30:23, 8] lib/system_smbd.c:(67) remove_duplicate_gids: Exit 1 gids [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/03/15 14:30:23, 3] smbd/uid.c:(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/03/15 14:30:23, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:23, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 10] passdb/passdb.c:(1245) local_gid_to_sid: Fall back to algorithmic mapping: 60001 -> S-1-5-21-2040308238-506828212-2346554114-121003 [2006/03/15 14:30:23, 10] passdb/lookup_sid.c:(406) gid_to_sid: local 60001 -> S-1-5-21-2040308238-506828212-2346554114-121003 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 10] lib/privileges.c:(565) grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] lib/privileges.c:(565) grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] lib/privileges.c:(565) grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] lib/privileges.c:(565) grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] lib/privileges.c:(565) grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] lib/privileges.c:(565) grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] auth/auth_util.c:(438) NT user token of user S-1-5-21-2040308238-506828212-2346554114-501 contains 6 SIDs SID[ 0]: S-1-5-21-2040308238-506828212-2346554114-501 SID[ 1]: S-1-5-21-2040308238-506828212-2346554114-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-2040308238-506828212-2346554114-121003 SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 5] auth/auth_util.c:(898) make_server_info_sam: made server info for user nobody -> nobody [2006/03/15 14:30:23, 3] smbd/server.c:(840) loaded services [2006/03/15 14:30:23, 3] smbd/server.c:(855) Becoming a daemon. [2006/03/15 14:30:23, 8] lib/util.c:(1820) fcntl_lock 10 34 0 1 2 [2006/03/15 14:30:23, 8] lib/util.c:(1855) fcntl_lock: Lock call successful [2006/03/15 14:30:23, 2] lib/tallocmsg.c:(61) Registered MSG_REQ_POOL_USAGE [2006/03/15 14:30:23, 2] lib/dmallocmsg.c:(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2006/03/15 14:30:23, 5] lib/gencache.c:(59) Opening cache file at /tmp/gencache.tdb [2006/03/15 14:30:23, 5] libsmb/namecache.c:(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKU] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKU] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKCR] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKCR] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKPD] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKPD] with subkey [NULL] [2006/03/15 14:30:23, 6] registry/reg_db.c:(104) init_registry_data: Adding [HKPT] [2006/03/15 14:30:23, 10] registry/reg_db.c:(130) init_registry_data: Storing key [HKPT] with subkey [NULL] [2006/03/15 14:30:23, 10] registry/reg_db.c:(562) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2006/03/15 14:30:23, 8] registry/reg_db.c:(514) specific: [Samba Printer Port], len: 2 [2006/03/15 14:30:23, 10] registry/reg_db.c:(562) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2006/03/15 14:30:23, 8] registry/reg_db.c:(514) specific: [DefaultSpoolDirectory], len: 70 [2006/03/15 14:30:23, 10] registry/reg_db.c:(562) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2006/03/15 14:30:23, 8] registry/reg_db.c:(514) specific: [DisplayName], len: 20 [2006/03/15 14:30:23, 8] registry/reg_db.c:(514) specific: [ErrorControl], len: 4 [2006/03/15 14:30:23, 10] registry/reg_db.c:(562) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2006/03/15 14:30:23, 8] registry/reg_db.c:(514) specific: [DisplayName], len: 20 [2006/03/15 14:30:23, 8] registry/reg_db.c:(514) specific: [ErrorControl], len: 4 [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(61) reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2006/03/15 14:30:23, 8] lib/adt_tree.c:(201) pathtree_add: Enter [2006/03/15 14:30:23, 10] lib/adt_tree.c:(268) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2006/03/15 14:30:23, 8] lib/adt_tree.c:(270) pathtree_add: Exit [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(61) reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2006/03/15 14:30:23, 8] lib/adt_tree.c:(201) pathtree_add: Enter [2006/03/15 14:30:23, 10] lib/adt_tree.c:(268) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2006/03/15 14:30:23, 8] lib/adt_tree.c:(270) pathtree_add: Exit [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(61) reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2006/03/15 14:30:23, 8] lib/adt_tree.c:(201) pathtree_add: Enter [2006/03/15 14:30:23, 10] lib/adt_tree.c:(268) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2006/03/15 14:30:23, 8] lib/adt_tree.c:(270) pathtree_add: Exit [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(61) reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2006/03/15 14:30:23, 8] lib/adt_tree.c:(201) pathtree_add: Enter [2006/03/15 14:30:23, 10] lib/adt_tree.c:(268) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2006/03/15 14:30:23, 8] lib/adt_tree.c:(270) pathtree_add: Exit [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/uid.c:(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:23, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(1322) getsampwnam (smbpasswd): search by name: root [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(184) startsmbfilepwent_internal: opening file /opt/csw/etc/samba/private/smbpasswd [2006/03/15 14:30:23, 10] passdb/pdb_smbpasswd.c:(462) getsmbfilepwent: LM password for user nobody invalidated [2006/03/15 14:30:23, 5] passdb/pdb_smbpasswd.c:(488) getsmbfilepwent: returning passwd entry for user nobody, uid 60001 [2006/03/15 14:30:23, 5] passdb/pdb_smbpasswd.c:(539) getsmbfilepwent: end of file reached. [2006/03/15 14:30:23, 7] passdb/pdb_smbpasswd.c:(301) endsmbfilepwent_internal: closed password file. [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 4] passdb/passdb.c:(1146) local_uid_to_sid: User root [uid == 0] has no samba account [2006/03/15 14:30:23, 8] passdb/passdb.c:(1107) algorithmic_uid_to_sid: falling back to RID algorithm [2006/03/15 14:30:23, 10] passdb/passdb.c:(1111) algorithmic_uid_to_sid: uid (0) -> SID S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 10] passdb/passdb.c:(1154) local_uid_to_sid: uid (0) -> SID S-1-5-21-2040308238-506828212-2346554114-1000 (root). [2006/03/15 14:30:23, 10] passdb/lookup_sid.c:(364) uid_to_sid: local 0 -> S-1-5-21-2040308238-506828212-2346554114-1000 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 3] smbd/uid.c:(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/15 14:30:23, 5] auth/auth_util.c:(433) NT user token: (NULL) [2006/03/15 14:30:23, 5] auth/auth_util.c:(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/03/15 14:30:23, 3] smbd/sec_ctx.c:(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/15 14:30:23, 10] passdb/passdb.c:(1245) local_gid_to_sid: Fall back to algorithmic mapping: 0 -> S-1-5-21-2040308238-506828212-2346554114-1001 [2006/03/15 14:30:23, 10] passdb/lookup_sid.c:(406) gid_to_sid: local 0 -> S-1-5-21-2040308238-506828212-2346554114-1001 [2006/03/15 14:30:23, 10] auth/auth_util.c:(438) NT user token of user S-1-5-21-2040308238-506828212-2346554114-1000 contains 6 SIDs SID[ 0]: S-1-5-21-2040308238-506828212-2346554114-1000 SID[ 1]: S-1-5-21-2040308238-506828212-2346554114-1001 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-544 SE_PRIV 0x0 0x0 0x0 0x0 [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (1) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2006/03/15 14:30:23, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 14:30:23, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003c id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003d id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003e id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003f id_auth[5] : 05 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 0040 sub_auths : 00000020 00000223 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0032 size : 0018 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000048 sec_io_ace ace_list[02]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0048 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0049 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 00004c sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 004c mask: 000f01ff [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000050 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0050 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0051 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0052 id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0053 id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0054 id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0055 id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0056 id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0057 id_auth[5] : 05 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 0058 sub_auths : 00000020 00000225 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 004a size : 0018 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000060 sec_io_ace ace_list[03]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0060 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0061 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000064 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0064 mask: 000f01ff [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000068 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0068 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0069 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006a id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006b id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006c id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006d id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006e id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006f id_auth[5] : 05 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 0070 sub_auths : 00000020 00000220 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0062 size : 0018 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0016 size : 0064 [2006/03/15 14:30:23, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2006/03/15 14:30:23, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2006/03/15 14:30:23, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 14:30:23, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003c id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003d id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003e id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003f id_auth[5] : 05 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 0040 sub_auths : 00000020 00000223 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0032 size : 0018 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000048 sec_io_ace ace_list[02]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0048 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0049 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 00004c sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 004c mask: 000f01ff [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000050 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0050 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0051 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0052 id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0053 id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0054 id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0055 id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0056 id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0057 id_auth[5] : 05 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 0058 sub_auths : 00000020 00000225 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 004a size : 0018 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000060 sec_io_ace ace_list[03]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0060 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0061 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000064 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0064 mask: 000f01ff [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000068 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0068 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0069 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006a id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006b id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006c id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006d id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006e id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 006f id_auth[5] : 05 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 0070 sub_auths : 00000020 00000220 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0062 size : 0018 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0016 size : 0064 [2006/03/15 14:30:23, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2006/03/15 14:30:23, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 10] registry/reg_db.c:(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2006/03/15 14:30:23, 10] registry/reg_db.c:(279) regdb_close: decrementing refcount (2) [2006/03/15 14:30:23, 10] registry/reg_db.c:(248) regdb_open: incrementing refcount (2) [2006/03/15 14:30:23, 7] registry/reg_frontend.c:(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2006/03/15 14:30:23, 10] registry/reg_cachehook.c:(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2006/03/15 14:30:23, 10] lib/adt_tree.c:(413) pathtree_find: Exit [2006/03/15 14:30:23, 5] registry/reg_frontend.c:(59) registry_access_check: using root's token [2006/03/15 14:30:23, 10] lib/util_seaccess.c:(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-2040308238-506828212-2346554114-1000. [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(250) [2006/03/15 14:30:23, 3] lib/util_seaccess.c:(251) se_access_check: user sid is S-1-5-21-2040308238-506828212-2346554114-1000 se_access_check: also S-1-5-21-2040308238-506828212-2346554114-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2006/03/15 14:30:23, 5] lib/util_seaccess.c:(308) se_access_check: access (f003f) granted. [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(84) 000000 sec_io_desc sec_desc [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0000 revision : 0001 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0002 type : 8004 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0004 off_owner_sid: 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0008 off_grp_sid : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 000c off_sacl : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0010 off_dacl : 00000014 [2006/03/15 14:30:23, 6] rpc_parse/parse_prs.c:(84) 000014 sec_io_acl dacl [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 0014 revision: 0002 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0018 num_aces : 00000004 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 00001c sec_io_ace ace_list[00]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 001c type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 001d flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000020 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0020 mask: 0002018d [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000024 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0024 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0025 num_auths : 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0026 id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0027 id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0028 id_auth[2] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0029 id_auth[3] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 002a id_auth[4] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 002b id_auth[5] : 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(959) 002c sub_auths : 00000000 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(674) 001e size : 0014 [2006/03/15 14:30:23, 7] rpc_parse/parse_prs.c:(84) 000030 sec_io_ace ace_list[01]: [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0030 type : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0031 flags: 00 [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000034 sec_io_access info [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(703) 0034 mask: 000201fd [2006/03/15 14:30:23, 8] rpc_parse/parse_prs.c:(84) 000038 smb_io_dom_sid trustee [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0038 sid_rev_num: 01 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 0039 num_auths : 02 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003a id_auth[0] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614) 003b id_auth[1] : 00 [2006/03/15 14:30:23, 5] rpc_parse/parse_prs.c:(614)