[2008/06/05 20:55:06, 0] smbd/server.c:main(805) smbd version 3.0.22-11-SUSE-CODE10 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2008/06/05 20:55:06, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:55:06, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:55:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:56:55, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:56:55, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:57:08, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:57:08, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:57:12, 0] smbd/server.c:main(805) smbd version 3.0.22-11-SUSE-CODE10 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2008/06/05 20:57:12, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:57:12, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:36, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/log.smbd: Permission denied [2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 20:59:36, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:59:36, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:59:44, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:59:44, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:59:49, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 20:59:49, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:01:23, 0] smbd/server.c:main(805) smbd version 3.0.22-11-SUSE-CODE10 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2008/06/05 21:01:23, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[homes]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 0 for homes [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2528) hash_a_service: creating tdb servicehash [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 0 for service name homes doing parameter comment = Home Directories doing parameter valid users = %S, %D%w%S doing parameter browseable = No doing parameter read only = No doing parameter inherit acls = Yes [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[profiles]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 1 for profiles [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 1 for service name profiles doing parameter comment = Network Profiles Service doing parameter path = %H doing parameter read only = No doing parameter store dos attributes = Yes doing parameter create mask = 0600 doing parameter directory mask = 0700 [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[users]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 2 for users [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 2 for service name users doing parameter comment = All users doing parameter path = /home doing parameter read only = No doing parameter inherit acls = Yes doing parameter veto files = /aquota.user/groups/shares/ [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[groups]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 3 for groups [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 3 for service name groups doing parameter comment = All groups doing parameter path = /home/groups doing parameter read only = No doing parameter inherit acls = Yes [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[printers]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 4 for printers [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 4 for service name printers doing parameter comment = All Printers doing parameter path = /var/tmp doing parameter printable = Yes doing parameter create mask = 0600 doing parameter browseable = No [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[print$]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 5 for print$ [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 5 for service name print$ doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/drivers doing parameter write list = @ntadmin root doing parameter force group = ntadmin doing parameter create mask = 0664 doing parameter directory mask = 0775 [2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) Processing section "[netlogon]" [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 6 for netlogon [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 6 for service name netlogon doing parameter comment = Network Logon Service doing parameter path = /var/lib/samba/netlogon doing parameter write list = root [2008/06/05 21:01:23, 4] param/loadparm.c:lp_load(4909) pm_process() returned Yes [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 7 for IPC$ [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 7 for service name IPC$ [2008/06/05 21:01:23, 3] param/loadparm.c:lp_add_ipc(2625) adding IPC service [2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) add_a_service: Creating snum = 8 for ADMIN$ [2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) hash_a_service: hashing index 8 for service name ADMIN$ [2008/06/05 21:01:23, 3] param/loadparm.c:lp_add_ipc(2625) adding IPC service [2008/06/05 21:01:23, 10] param/loadparm.c:set_server_role(4233) set_server_role: role = ROLE_DOMAIN_PDC [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS-2LE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS-2LE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-16LE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-16LE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS-2BE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS-2BE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-16BE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-16BE [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF8 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF8 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-8 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-8 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset ASCII [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset ASCII [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset 646 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset 646 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset ISO-8859-1 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset ISO-8859-1 [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS2-HEX [2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS2-HEX [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/06/05 21:01:23, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2008/06/05 21:01:23, 0] printing/print_cups.c:cups_cache_reload(85) [2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/06/05 21:01:23, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2008/06/05 21:01:23, 0] printing/print_cups.c:cups_cache_reload(85) [2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2008/06/05 21:01:23, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:23, 2] lib/interface.c:add_interface(81) added interface ip=192.168.0.129 bcast=192.168.0.255 nmask=255.255.255.0 [2008/06/05 21:01:23, 5] lib/util.c:init_names(260) Netbios name list:- my_netbios_names[0]="DUDOW" [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_context_list(950) Trying to load: smbpasswd [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend ldapsam [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'ldapsam' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend ldapsam_compat [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'ldapsam_compat' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend NDS_ldapsam [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'NDS_ldapsam' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend NDS_ldapsam_compat [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'NDS_ldapsam_compat' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend smbpasswd [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'smbpasswd' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend tdbsam [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'tdbsam' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) Attempting to register passdb backend guest [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) Successfully added passdb backend 'guest' [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(822) Attempting to find an passdb backend to match smbpasswd (smbpasswd) [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(843) Found pdb backend smbpasswd [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(846) pdb backend smbpasswd has a valid init [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(822) Attempting to find an passdb backend to match guest (guest) [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(843) Found pdb backend guest [2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(846) pdb backend guest has a valid init [2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwsid(1371) smbpasswd_getsampwrid: search by sid: S-1-5-21-3322384919-3754806424-3664837664-501 [2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) getsampwnam (smbpasswd): search by name: nobody [2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /etc/samba/smbpasswd [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user root, uid 0 [2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user SMBONE$, uid 1000 [2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2008/06/05 21:01:23, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username nobody, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name nobody, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 [2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 from rid 501 [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 [2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 from rid 514 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 10] lib/system_smbd.c:sys_getgrouplist(167) sys_getgrouplist: user [nobody] [2008/06/05 21:01:23, 10] lib/system_smbd.c:sys_getgrouplist(176) sys_getgrouplist(): disabled winbindd for group lookup [user == nobody] [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 10] passdb/passdb.c:local_gid_to_sid(1245) local_gid_to_sid: Fall back to algorithmic mapping: 65533 -> S-1-5-21-3322384919-3754806424-3664837664-132067 [2008/06/05 21:01:23, 10] passdb/lookup_sid.c:gid_to_sid(406) gid_to_sid: local 65533 -> S-1-5-21-3322384919-3754806424-3664837664-132067 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 10] passdb/passdb.c:local_gid_to_sid(1245) local_gid_to_sid: Fall back to algorithmic mapping: 65534 -> S-1-5-21-3322384919-3754806424-3664837664-132069 [2008/06/05 21:01:23, 10] passdb/lookup_sid.c:gid_to_sid(406) gid_to_sid: local 65534 -> S-1-5-21-3322384919-3754806424-3664837664-132069 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 contains 7 SIDs SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 5] auth/auth_util.c:make_server_info_sam(898) make_server_info_sam: made server info for user nobody -> nobody [2008/06/05 21:01:23, 3] smbd/server.c:main(840) loaded services [2008/06/05 21:01:23, 3] smbd/server.c:main(855) Becoming a daemon. [2008/06/05 21:01:23, 8] lib/util.c:fcntl_lock(1820) fcntl_lock 9 13 0 1 1 [2008/06/05 21:01:23, 8] lib/util.c:fcntl_lock(1855) fcntl_lock: Lock call successful [2008/06/05 21:01:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61) Registered MSG_REQ_POOL_USAGE [2008/06/05 21:01:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2008/06/05 21:01:23, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lib/samba/gencache.tdb [2008/06/05 21:01:23, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKU] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKU] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKCR] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKCR] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKPD] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKPD] with subkey [NULL] [2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) init_registry_data: Adding [HKPT] [2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) init_registry_data: Storing key [HKPT] with subkey [NULL] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) specific: [Samba Printer Port], len: 2 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) specific: [DefaultSpoolDirectory], len: 70 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) specific: [DisplayName], len: 20 [2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) specific: [ErrorControl], len: 4 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) specific: [DisplayName], len: 20 [2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) specific: [ErrorControl], len: 4 [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) getsampwnam (smbpasswd): search by name: root [2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /etc/samba/smbpasswd [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user root, uid 0 [2008/06/05 21:01:23, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1344) getsampwnam (smbpasswd): found by name: root [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username root, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name root, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) pdb_set_unix_homedir: setting home dir /root, was NULL [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 [2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 from rid 1000 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 [2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 from rid 1001 [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\dudow\root\.9xprofile, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive P:, was NULL [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script , was [2008/06/05 21:01:23, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username root, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username , was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name root, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\dudow\root\.9xprofile, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive P:, was NULL [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script , was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2008/06/05 21:01:23, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 [2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 from rid 1000 [2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 [2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 from rid 1001 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 10] passdb/passdb.c:local_uid_to_sid(1154) local_uid_to_sid: uid (0) -> SID S-1-5-21-3322384919-3754806424-3664837664-1000 (root). [2008/06/05 21:01:23, 10] passdb/lookup_sid.c:uid_to_sid(364) uid_to_sid: local 0 -> S-1-5-21-3322384919-3754806424-3664837664-1000 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:23, 10] passdb/passdb.c:local_gid_to_sid(1245) local_gid_to_sid: Fall back to algorithmic mapping: 0 -> S-1-5-21-3322384919-3754806424-3664837664-1001 [2008/06/05 21:01:23, 10] passdb/lookup_sid.c:gid_to_sid(406) gid_to_sid: local 0 -> S-1-5-21-3322384919-3754806424-3664837664-1001 [2008/06/05 21:01:23, 10] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-3322384919-3754806424-3664837664-1000 contains 6 SIDs SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-1000 SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-1001 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-544 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 revision : 0001 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 type : 8004 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 off_owner_sid: 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 off_grp_sid : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c off_sacl : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 off_dacl : 00000014 [2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 revision: 0002 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 num_aces : 00000004 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001c type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001d flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 mask: 0002018d [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0024 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0025 num_auths : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0026 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0027 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0028 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0029 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002a id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002b id_auth[5] : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 002c sub_auths : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e size : 0014 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0030 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0031 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000034 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 mask: 000201fd [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0040 sub_auths : 00000020 00000223 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0032 size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0048 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0049 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 004c mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0050 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0051 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0052 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0053 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0054 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0055 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0056 id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0057 id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0058 sub_auths : 00000020 00000225 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 004a size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0060 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0061 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0064 mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0068 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0069 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0070 sub_auths : 00000020 00000220 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0062 size : 0018 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 size : 0064 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 revision : 0001 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 type : 8004 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 off_owner_sid: 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 off_grp_sid : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c off_sacl : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 off_dacl : 00000014 [2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 revision: 0002 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 num_aces : 00000004 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001c type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001d flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 mask: 0002018d [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0024 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0025 num_auths : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0026 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0027 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0028 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0029 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002a id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002b id_auth[5] : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 002c sub_auths : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e size : 0014 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0030 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0031 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000034 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 mask: 000201fd [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0040 sub_auths : 00000020 00000223 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0032 size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0048 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0049 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 004c mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0050 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0051 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0052 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0053 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0054 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0055 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0056 id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0057 id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0058 sub_auths : 00000020 00000225 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 004a size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0060 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0061 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0064 mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0068 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0069 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0070 sub_auths : 00000020 00000220 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0062 size : 0018 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 size : 0064 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 revision : 0001 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 type : 8004 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 off_owner_sid: 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 off_grp_sid : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c off_sacl : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 off_dacl : 00000014 [2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 revision: 0002 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 num_aces : 00000004 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001c type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001d flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 mask: 0002018d [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0024 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0025 num_auths : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0026 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0027 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0028 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0029 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002a id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002b id_auth[5] : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 002c sub_auths : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e size : 0014 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0030 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0031 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000034 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 mask: 000201fd [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0040 sub_auths : 00000020 00000223 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0032 size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0048 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0049 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 004c mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0050 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0051 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0052 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0053 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0054 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0055 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0056 id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0057 id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0058 sub_auths : 00000020 00000225 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 004a size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0060 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0061 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0064 mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0068 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0069 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0070 sub_auths : 00000020 00000220 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0062 size : 0018 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 size : 0064 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (2) [2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 revision : 0001 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 type : 8004 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 off_owner_sid: 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 off_grp_sid : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c off_sacl : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 off_dacl : 00000014 [2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 revision: 0002 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 num_aces : 00000004 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001c type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001d flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 mask: 0002018d [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0024 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0025 num_auths : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0026 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0027 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0028 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0029 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002a id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002b id_auth[5] : 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 002c sub_auths : 00000000 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e size : 0014 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0030 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0031 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000034 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 mask: 000201fd [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0040 sub_auths : 00000020 00000223 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0032 size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0048 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0049 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 004c mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0050 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0051 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0052 id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0053 id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0054 id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0055 id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0056 id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0057 id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0058 sub_auths : 00000020 00000225 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 004a size : 0018 [2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0060 type : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0061 flags: 00 [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 sec_io_access info [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0064 mask: 000f01ff [2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0068 sid_rev_num: 01 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0069 num_auths : 02 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006a id_auth[0] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006b id_auth[1] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006c id_auth[2] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006d id_auth[3] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006e id_auth[4] : 00 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) 006f id_auth[5] : 05 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0070 sub_auths : 00000020 00000220 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0062 size : 0018 [2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 size : 0064 [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (2) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2008/06/05 21:01:23, 10] printing/nt_printing.c:update_c_setprinter(689) update_c_setprinter: c_setprinter = 0 [2008/06/05 21:01:23, 5] smbd/connection.c:claim_connection(170) claiming 0 [2008/06/05 21:01:23, 3] printing/printing.c:start_background_queue(1379) start_background_queue: Starting background LPQ thread [2008/06/05 21:01:23, 5] printing/printing.c:start_background_queue(1389) start_background_queue: background LPQ thread started [2008/06/05 21:01:23, 5] smbd/connection.c:claim_connection(170) claiming smbd lpq backend 0 [2008/06/05 21:01:23, 5] printing/printing.c:start_background_queue(1400) start_background_queue: background LPQ thread waiting for messages [2008/06/05 21:01:23, 10] lib/util_sock.c:open_socket_in(835) bind succeeded on port 445 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:23, 10] lib/util_sock.c:open_socket_in(835) bind succeeded on port 139 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:23, 2] smbd/server.c:open_sockets_smbd(336) waiting for a connection [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) Linux kernel oplocks enabled [2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 190 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xbe [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 0 of length 194 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5094 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 7908) conn 0x0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [MICROSOFT NETWORKS 1.03] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [MICROSOFT NETWORKS 3.0] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [DOS LANMAN2.1] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Samba] [2008/06/05 21:01:42, 10] lib/util.c:set_remote_arch(2033) set_remote_arch: Client arch is 'Samba' [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) claiming 0 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LANMAN 1.0 [2008/06/05 21:01:42, 5] smbd/negprot.c:reply_negprot(585) negprot index=8 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5094 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=58368 (0xE400) smb_vwv[ 8]= 30 (0x1E) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=18287 (0x476F) smb_vwv[13]=16023 (0x3E97) smb_vwv[14]=51399 (0xC8C7) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 64 75 64 6F 77 00 00 00 00 00 00 00 00 00 00 00 dudow... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) Linux kernel oplocks enabled [2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_data(520) read_data: read of 4 returned 0. Error = Success [2008/06/05 21:01:42, 10] lib/util_sock.c:receive_smb_raw(669) receive_smb_raw: length < 0! [2008/06/05 21:01:42, 3] smbd/process.c:timeout_processing(1340) timeout_processing: End of file from client (client has disconnected). [2008/06/05 21:01:42, 5] lib/gencache.c:gencache_shutdown(89) Closing cache file [2008/06/05 21:01:42, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 2] smbd/server.c:exit_server(614) Closing connections [2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2008/06/05 21:01:42, 3] smbd/server.c:exit_server(655) Server exit (normal exit) [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 88 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x58 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 1 of length 92 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5094 smb_uid=0 smb_mid=2 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 5094 (0x13E6) smb_vwv[ 5]= 7908 (0x1EE4) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=49244 (0xC05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 7908) conn 0x0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=13 flg2=0xc801 [2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(968) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(983) sesssetupX:name=[]\[]@[192.168.0.131] [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/sesssetup.c:check_guest_password(132) Got anonymous request [2008/06/05 21:01:42, 5] auth/auth.c:make_auth_context_subsystem(482) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match guest [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method guest has a valid init [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match sam [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method sam has a valid init [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match trustdomain [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method trustdomain has a valid init [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method winbind has a valid init [2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(69) attempting to make a user_info for () [2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(79) making strings for 's user_info struct [2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(121) making blobs for 's user_info struct [2008/06/05 21:01:42, 10] auth/auth_util.c:make_user_info(139) made an encrypted user_info for () [2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: []\[]@[] [2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by fixed [2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) [000] 00 00 00 00 00 00 00 00 ........ [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username nobody, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name nobody, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\dudow\nobody\.9xprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive P:, was NULL [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 from rid 501 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 from rid 514 [2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2008/06/05 21:01:42, 5] auth/auth.c:check_ntlm_password(307) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) attempting to free (and zero) a user_info structure [2008/06/05 21:01:42, 10] auth/auth_util.c:free_user_info(1488) structure was created for [2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) attempting to free (and zero) a user_info structure [2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(182) register_vuid: allocated vuid = 100 [2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) Got nobody from pwnam_cache [2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(255) register_vuid: (65534,65533) nobody nobody DUDO guest=1 [2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(257) User name: nobody Real name: nobody [2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(276) UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=118 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5094 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=77 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 32 00 2D 00 31 00 31 00 2D 00 53 00 55 00 53 .2.-.1.1 .-.S.U.S [030] 00 45 00 2D 00 43 00 4F 00 44 00 45 00 31 00 30 .E.-.C.O .D.E.1.0 [040] 00 00 00 44 00 55 00 44 00 4F 00 00 00 ...D.U.D .O... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 74 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x4a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 2 of length 78 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5094 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 5C 00 44 00 55 00 44 00 4F 00 57 00 5C .\.\.D.U .D.O.W.\ [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 7908) conn 0x0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 4] smbd/reply.c:reply_tcon_and_X(660) Client requested device type [IPC] for share [IPC$] [2008/06/05 21:01:42, 5] smbd/service.c:make_connection(867) making a connection to 'normal' service ipc$ [2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user nobody [2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is nobody [2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) Got nobody from pwnam_cache [2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals did find user [nobody]! [2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(495) Connect path is '/var/tmp' for service [IPC$] [2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2008/06/05 21:01:42, 3] smbd/vfs.c:vfs_init_default(216) Initialising default vfs hooks [2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2008/06/05 21:01:42, 10] smbd/uid.c:is_share_read_only_for_user(127) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 contains 7 SIDs SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(65534,65534) gid=(0,65533) [2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(700) 192.168.0.131 (192.168.0.131) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 7908) [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 3] smbd/reply.c:reply_tcon_and_X(708) tconX service=IPC$ [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 49 50 43 00 00 00 00 IPC.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 100 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x64 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 3 of length 104 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=4 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 contains 7 SIDs SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(65534,65534) gid=(0,65533) [2008/06/05 21:01:42, 4] smbd/vfs.c:vfs_ChDir(738) vfs_ChDir to /var/tmp [2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \lsarpc. [2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe lsarpc opening. [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 76f2 (pipes_open=1) [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=76f2 [2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61952 (0xF200) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 154 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x9a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 4 of length 158 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30450 (0x76F2) smb_bcc=87 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f2 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f2 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f2) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f2 name: lsarpc open: Yes len: 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 3919286a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : b10c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : 11d0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : 9b a8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 00 c0 4f d9 2e f5 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\lsass. [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f2 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 108 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x6c [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 5 of length 112 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30450 (0x76F2) smb_bcc=41 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=26 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f2 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f2 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f2) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f2 name: lsarpc open: Yes len: 26 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 26 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 001a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0000 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 71 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x0 - unknown [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 23 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0020 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0018 status : NT code 0x1c010002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c reserved: 00000000 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 10 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f2 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 41 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x29 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 6 of length 45 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=7 smt_wct=3 smb_vwv[ 0]=30450 (0x76F2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f2 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f2 (pipes_open=1) [2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:76f2 [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) closed pipe name lsarpc pnum=76f2 (pipes_open=0) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=7 smt_wct=0 smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 100 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x64 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 7 of length 104 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=8 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \lsarpc. [2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe lsarpc opening. [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 76f3 (pipes_open=1) [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=76f3 [2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62208 (0xF300) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 154 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x9a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 8 of length 158 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30451 (0x76F3) smb_bcc=87 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f3 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f3 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f3) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f3 name: lsarpc open: Yes len: 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 12345778 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : 1234 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : abcd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : ef 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 01 23 45 67 89 ab [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\lsass. [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f3 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 174 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xae [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 9 of length 178 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30451 (0x76F3) smb_bcc=107 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D [040] 00 4F 00 57 00 00 00 18 00 00 00 00 00 00 00 00 .O.W.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ [060] 00 00 00 02 00 01 00 00 00 00 02 ........ ... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=92 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f3 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f3 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f3) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f3 name: lsarpc open: Yes len: 92 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 92 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 76 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 005c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000004 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 76 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 002c [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 71 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[0].fn == 0x800f5230 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr : 00000001 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.D.U.D.O.W... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_attr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 len : 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 ptr_root_dir: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 ptr_obj_name: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 002c attributes : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 ptr_sec_desc: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 ptr_sec_qos : 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 lsa_io_obj_qos sec_qos [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0038 len : 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 003c sec_imp_level : 0002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003e sec_ctxt_mode : 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003f effective_only: 00 [2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0040 des_access: 02000000 [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E4 1E 00 00 .... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 16 38 48 48 e4 1e 00 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0014 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 824 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 76 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f3 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000004 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 16 38 48 48 E4 1E 00 00 00 00 00 ......8H H....... [030] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 128 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x80 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 10 of length 132 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30451 (0x76F3) smb_bcc=61 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 16 38 48 48 E4 1E 00 00 0C 00 ....8HH. ..... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f3 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f3 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f3) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f3 name: lsarpc open: Yes len: 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000016 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 002e [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x2e - unknown [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 23 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0020 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0018 status : NT code 0x1c010002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c reserved: 00000000 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 30 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f3 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 150 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x96 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 11 of length 154 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30451 (0x76F3) smb_bcc=83 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=68 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f3 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f3 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f3) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f3 name: lsarpc open: Yes len: 68 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 68 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 52 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000006 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 52 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 0000002c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0006 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[1].fn == 0x800f53f0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr : 00000001 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 system_name: 005c [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 len : 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c ptr_root_dir: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 ptr_obj_name: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 attributes : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 ptr_sec_desc: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c ptr_sec_qos : 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 len : 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 sec_imp_level : 0002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0026 sec_ctxt_mode : 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0027 effective_only: 00 [2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 des_access: 02000000 [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E4 1E 00 00 .... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 16 38 48 48 e4 1e 00 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0014 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 808 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 52 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f3 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000006 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 16 38 48 48 E4 1E 00 00 00 00 00 ......8H H....... [030] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 128 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x80 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 12 of length 132 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30451 (0x76F3) smb_bcc=61 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 16 38 48 48 E4 1E 00 00 05 00 ....8HH. ..... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f3 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f3 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f3) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f3 name: lsarpc open: Yes len: 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000007 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000016 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0007 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[2].fn == 0x800f56b0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 16 38 48 48 e4 1e 00 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 info_class: 0005 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E4 1E 00 00 .... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 22000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 info_class: 0005 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 uni_dom_max_len: 0008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a uni_dom_str_len: 000a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c buffer_dom_name: 00000001 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 buffer_dom_sid : 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 uni_max_len: 00000005 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c uni_str_len: 00000004 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0020 buffer : D.U.D.O. [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 num_auths: 00000004 [2008/06/05 21:01:42, 8] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002c sid_rev_num: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002d num_auths : 04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002e id_auth[0] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002f id_auth[1] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0030 id_auth[2] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0031 id_auth[3] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0032 id_auth[4] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0033 id_auth[5] : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0034 sub_auths : 00000015 c6079217 dfcdcc98 da70fc20 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0044 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 30 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f3 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0060 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000007 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..96] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 07 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .H...... ...."... [020] 00 08 00 0A 00 01 00 00 00 01 00 00 00 05 00 00 ........ ........ [030] 00 00 00 00 00 04 00 00 00 44 00 55 00 44 00 4F ........ .D.U.D.O [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 17 92 07 C6 98 CC CD DF 20 FC 70 DA 00 00 00 ........ . .p.... [060] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 41 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x29 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 13 of length 45 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=14 smt_wct=3 smb_vwv[ 0]=30451 (0x76F3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f3 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f3 (pipes_open=1) [2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:76f3 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E4 1E 00 00 .... [2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E4 1E 00 00 .... [2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) closed pipe name lsarpc pnum=76f3 (pipes_open=0) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=14 smt_wct=0 smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) Linux kernel oplocks enabled [2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 190 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xbe [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 0 of length 194 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5071 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 7910) conn 0x0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [MICROSOFT NETWORKS 1.03] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [MICROSOFT NETWORKS 3.0] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [DOS LANMAN2.1] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Samba] [2008/06/05 21:01:42, 10] lib/util.c:set_remote_arch(2033) set_remote_arch: Client arch is 'Samba' [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) claiming 0 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LANMAN 1.0 [2008/06/05 21:01:42, 5] smbd/negprot.c:reply_negprot(585) negprot index=8 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5071 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=58880 (0xE600) smb_vwv[ 8]= 30 (0x1E) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=18287 (0x476F) smb_vwv[13]=16023 (0x3E97) smb_vwv[14]=51399 (0xC8C7) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 64 75 64 6F 77 00 00 00 00 00 00 00 00 00 00 00 dudow... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) Linux kernel oplocks enabled [2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_data(520) read_data: read of 4 returned 0. Error = Success [2008/06/05 21:01:42, 10] lib/util_sock.c:receive_smb_raw(669) receive_smb_raw: length < 0! [2008/06/05 21:01:42, 3] smbd/process.c:timeout_processing(1340) timeout_processing: End of file from client (client has disconnected). [2008/06/05 21:01:42, 5] lib/gencache.c:gencache_shutdown(89) Closing cache file [2008/06/05 21:01:42, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 2] smbd/server.c:exit_server(614) Closing connections [2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2008/06/05 21:01:42, 3] smbd/server.c:exit_server(655) Server exit (normal exit) [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 88 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x58 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 1 of length 92 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5071 smb_uid=0 smb_mid=2 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 5071 (0x13CF) smb_vwv[ 5]= 7910 (0x1EE6) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=49244 (0xC05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 7910) conn 0x0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=13 flg2=0xc801 [2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(968) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(983) sesssetupX:name=[]\[]@[192.168.0.131] [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 3] smbd/sesssetup.c:check_guest_password(132) Got anonymous request [2008/06/05 21:01:42, 5] auth/auth.c:make_auth_context_subsystem(482) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match guest [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method guest has a valid init [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match sam [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method sam has a valid init [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match trustdomain [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method trustdomain has a valid init [2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method winbind has a valid init [2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(69) attempting to make a user_info for () [2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(79) making strings for 's user_info struct [2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(121) making blobs for 's user_info struct [2008/06/05 21:01:42, 10] auth/auth_util.c:make_user_info(139) made an encrypted user_info for () [2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: []\[]@[] [2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by fixed [2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) [000] 00 00 00 00 00 00 00 00 ........ [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username nobody, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name nobody, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\dudow\nobody\.9xprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive P:, was NULL [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 from rid 501 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 from rid 514 [2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2008/06/05 21:01:42, 5] auth/auth.c:check_ntlm_password(307) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) attempting to free (and zero) a user_info structure [2008/06/05 21:01:42, 10] auth/auth_util.c:free_user_info(1488) structure was created for [2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) attempting to free (and zero) a user_info structure [2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(182) register_vuid: allocated vuid = 100 [2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) Got nobody from pwnam_cache [2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(255) register_vuid: (65534,65533) nobody nobody DUDO guest=1 [2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(257) User name: nobody Real name: nobody [2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(276) UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=118 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5071 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=77 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 32 00 2D 00 31 00 31 00 2D 00 53 00 55 00 53 .2.-.1.1 .-.S.U.S [030] 00 45 00 2D 00 43 00 4F 00 44 00 45 00 31 00 30 .E.-.C.O .D.E.1.0 [040] 00 00 00 44 00 55 00 44 00 4F 00 00 00 ...D.U.D .O... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 74 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x4a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 2 of length 78 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5071 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 5C 00 44 00 55 00 44 00 4F 00 57 00 5C .\.\.D.U .D.O.W.\ [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 7910) conn 0x0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 4] smbd/reply.c:reply_tcon_and_X(660) Client requested device type [IPC] for share [IPC$] [2008/06/05 21:01:42, 5] smbd/service.c:make_connection(867) making a connection to 'normal' service ipc$ [2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user nobody [2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is nobody [2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) Got nobody from pwnam_cache [2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals did find user [nobody]! [2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(495) Connect path is '/var/tmp' for service [IPC$] [2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2008/06/05 21:01:42, 3] smbd/vfs.c:vfs_init_default(216) Initialising default vfs hooks [2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2008/06/05 21:01:42, 10] smbd/uid.c:is_share_read_only_for_user(127) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 contains 7 SIDs SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(65534,65534) gid=(0,65533) [2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(700) 192.168.0.131 (192.168.0.131) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 7910) [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:01:42, 3] smbd/reply.c:reply_tcon_and_X(708) tconX service=IPC$ [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 49 50 43 00 00 00 00 IPC.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 100 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x64 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 3 of length 104 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=4 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 contains 7 SIDs SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(65534,65534) gid=(0,65533) [2008/06/05 21:01:42, 4] smbd/vfs.c:vfs_ChDir(738) vfs_ChDir to /var/tmp [2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \lsarpc. [2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe lsarpc opening. [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 76f0 (pipes_open=1) [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=76f0 [2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61440 (0xF000) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 154 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x9a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 4 of length 158 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30448 (0x76F0) smb_bcc=87 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f0 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f0) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f0 name: lsarpc open: Yes len: 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 3919286a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : b10c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : 11d0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : 9b a8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 00 c0 4f d9 2e f5 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\lsass. [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f0 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 108 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x6c [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 5 of length 112 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30448 (0x76F0) smb_bcc=41 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=26 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f0 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f0) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f0 name: lsarpc open: Yes len: 26 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 26 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 001a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0000 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 71 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x0 - unknown [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 23 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0020 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0018 status : NT code 0x1c010002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c reserved: 00000000 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 10 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f0 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 41 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x29 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 6 of length 45 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=7 smt_wct=3 smb_vwv[ 0]=30448 (0x76F0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f0 (pipes_open=1) [2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:76f0 [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) closed pipe name lsarpc pnum=76f0 (pipes_open=0) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=7 smt_wct=0 smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 100 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x64 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 7 of length 104 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=8 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \lsarpc. [2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe lsarpc opening. [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe lsarpc (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 76f1 (pipes_open=1) [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=76f1 [2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61696 (0xF100) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 154 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x9a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 8 of length 158 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30449 (0x76F1) smb_bcc=87 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f1 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f1 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f1) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f1 name: lsarpc open: Yes len: 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 12345778 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : 1234 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : abcd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : ef 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 01 23 45 67 89 ab [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\lsass. [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f1 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 174 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xae [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 9 of length 178 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30449 (0x76F1) smb_bcc=107 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D [040] 00 4F 00 57 00 00 00 18 00 00 00 00 00 00 00 00 .O.W.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ [060] 00 00 00 02 00 01 00 00 00 00 02 ........ ... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=92 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f1 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f1 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f1) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f1 name: lsarpc open: Yes len: 92 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 92 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 76 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 005c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000004 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 76 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 002c [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 71 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[0].fn == 0x800f5230 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr : 00000001 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.D.U.D.O.W... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_attr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 len : 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 ptr_root_dir: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 ptr_obj_name: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 002c attributes : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 ptr_sec_desc: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 ptr_sec_qos : 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 lsa_io_obj_qos sec_qos [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0038 len : 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 003c sec_imp_level : 0002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003e sec_ctxt_mode : 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003f effective_only: 00 [2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0040 des_access: 02000000 [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E6 1E 00 00 .... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 16 38 48 48 e6 1e 00 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0014 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 824 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 76 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f1 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000004 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 16 38 48 48 E6 1E 00 00 00 00 00 ......8H H....... [030] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 128 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x80 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 10 of length 132 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30449 (0x76F1) smb_bcc=61 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 16 38 48 48 E6 1E 00 00 0C 00 ....8HH. ..... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f1 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f1 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f1) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f1 name: lsarpc open: Yes len: 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000016 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 002e [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x2e - unknown [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 23 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0020 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0018 status : NT code 0x1c010002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c reserved: 00000000 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 30 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f1 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 150 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x96 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 11 of length 154 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30449 (0x76F1) smb_bcc=83 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=68 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f1 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f1 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f1) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f1 name: lsarpc open: Yes len: 68 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 68 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 52 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000006 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 52 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 0000002c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0006 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[1].fn == 0x800f53f0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr : 00000001 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 system_name: 005c [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 len : 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c ptr_root_dir: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 ptr_obj_name: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 attributes : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 ptr_sec_desc: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c ptr_sec_qos : 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 len : 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 sec_imp_level : 0002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0026 sec_ctxt_mode : 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0027 effective_only: 00 [2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 des_access: 02000000 [2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) [2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E6 1E 00 00 .... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 16 38 48 48 e6 1e 00 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0014 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 808 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 52 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f1 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000006 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 16 38 48 48 E6 1E 00 00 00 00 00 ......8H H....... [030] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 128 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x80 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 12 of length 132 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30449 (0x76F1) smb_bcc=61 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 16 38 48 48 E6 1E 00 00 05 00 ....8HH. ..... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f1 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f1 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 76f1) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f1 name: lsarpc open: Yes len: 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000007 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000016 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0007 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[2].fn == 0x800f56b0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 16 38 48 48 e6 1e 00 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 info_class: 0005 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E6 1E 00 00 .... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 22000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 info_class: 0005 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 uni_dom_max_len: 0008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a uni_dom_str_len: 000a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c buffer_dom_name: 00000001 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 buffer_dom_sid : 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 uni_max_len: 00000005 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c uni_str_len: 00000004 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0020 buffer : D.U.D.O. [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_dom_sid2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 num_auths: 00000004 [2008/06/05 21:01:42, 8] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_dom_sid sid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002c sid_rev_num: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002d num_auths : 04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002e id_auth[0] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 002f id_auth[1] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0030 id_auth[2] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0031 id_auth[3] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0032 id_auth[4] : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0033 id_auth[5] : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 0034 sub_auths : 00000015 c6079217 dfcdcc98 da70fc20 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0044 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 10 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 30 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f1 name: lsarpc len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0060 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000007 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..96] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 07 00 00 ........ .`...... [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .H...... ...."... [020] 00 08 00 0A 00 01 00 00 00 01 00 00 00 05 00 00 ........ ........ [030] 00 00 00 00 00 04 00 00 00 44 00 55 00 44 00 4F ........ .D.U.D.O [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 17 92 07 C6 98 CC CD DF 20 FC 70 DA 00 00 00 ........ . .p.... [060] 00 . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 41 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x29 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 13 of length 45 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=14 smt_wct=3 smb_vwv[ 0]=30449 (0x76F1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 7910) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f1 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=76f1 (pipes_open=1) [2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:76f1 [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E6 1E 00 00 .... [2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH [010] E6 1E 00 00 .... [2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) closed pipe name lsarpc pnum=76f1 (pipes_open=0) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5071 smb_uid=100 smb_mid=14 smt_wct=0 smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 104 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x68 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 14 of length 108 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=15 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \NETLOGON. [2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe NETLOGON opening. [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested NETLOGON (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested NETLOGON [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe NETLOGON (pipes_open=0) [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe NETLOGON with handle 76f4 (pipes_open=1) [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name NETLOGON pnum=76f4 [2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=15 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62464 (0xF400) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 154 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x9a [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 15 of length 158 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=87 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=72 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f4 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=76f4 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f4 name: NETLOGON open: Yes len: 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000008 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 12345678 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : 1234 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : abcd [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : ef 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 01 23 45 67 cf fb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000001 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\NETLOGON [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\samr [2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\NETLOGON [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\lsass. [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000008 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f4 name: NETLOGON len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 180 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xb4 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 16 of length 184 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=113 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 09 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D [040] 00 4F 00 57 00 00 00 0B 00 00 00 00 00 00 00 0B .O.W.... ........ [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- [060] 00 53 00 52 00 56 00 00 00 9C 45 AF F4 92 60 3B .S.R.V.. ..E...`; [070] 9E . [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=98 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f4 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=76f4 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f4 name: NETLOGON open: Yes len: 98 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 98 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 82 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0062 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000009 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 82 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 82, incoming data = 82 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 0000004a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0004 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 73 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\NETLOGON [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[0].fn == 0x80109a60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 00000001 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.D.U.D.O.W... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 uni_max_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 uni_str_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 002c buffer : S.M.B.O.N.E.-.S.R.V... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0042 data: 9c 45 af f4 92 60 3b 9e [2008/06/05 21:01:42, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0000 data: 62 08 3e bc 89 37 98 c8 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0008 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called NETLOGON successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 38 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 82 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f4 name: NETLOGON len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0024 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000009 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 09 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 62 08 3E BC 89 37 98 ........ .b.>..7. [020] C8 00 00 00 00 ..... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 218 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xda [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 17 of length 222 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=218 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 136 (0x88) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=151 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 88 00 00 00 0A 00 00 00 70 ........ .......p [020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D [040] 00 4F 00 57 00 00 00 08 00 00 00 00 00 00 00 08 .O.W.... ........ [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 24 ...S.M.B .O.N.E.$ [060] 00 00 00 04 00 00 00 0B 00 00 00 00 00 00 00 0B ........ ........ [070] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- [080] 00 53 00 52 00 56 00 00 00 BF 5F 28 FD 5A 92 59 .S.R.V.. .._(.Z.Y [090] F6 00 00 FF FF 0F 60 ......` [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=136 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f4 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=76f4 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f4 name: NETLOGON open: Yes len: 136 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 136 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 136 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 136, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 120 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 120 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0088 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 0000000a [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 120 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 120, incoming data = 120 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000070 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 000f [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\NETLOGON [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[2].fn == 0x80109dd0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.D.U.D.O.W... [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 002c buffer : S.M.B.O.N.E.$... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 003c sec_chan: 0004 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003e smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0040 uni_max_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0044 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0048 uni_str_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 004c buffer : S.M.B.O.N.E.-.S.R.V... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000062 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0062 data: bf 5f 28 fd 5a 92 59 f6 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006a net_io_neg_flags [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 006c neg_flags: 600fffff [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) getsampwnam (smbpasswd): search by name: SMBONE$ [2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /etc/samba/smbpasswd [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user root, uid 0 [2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user SMBONE$, uid 1000 [2008/06/05 21:01:42, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1344) getsampwnam (smbpasswd): found by name: SMBONE$ [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username SMBONE$, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Machine, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) pdb_set_unix_homedir: setting home dir /home/SMBONE$, was NULL [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username SMBONE$, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Machine, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\dudow\smbone_\.9xprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive P:, was NULL [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) [000] E1 5C F4 69 B7 92 22 22 D0 CB 2D E0 D7 38 79 FE .\.i.."" ..-..8y. [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(116) creds_server_init: client chal : 9C45AFF492603B9E [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(117) creds_server_init: server chal : 62083EBC893798C8 [2008/06/05 21:01:42, 4] libsmb/credentials.c:cred_create_session_key(65) cred_create_session_key [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(67) clnt_chal_in: 9C45AFF492603B9E [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(68) srv_chal_in : 62083EBC893798C8 [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(69) clnt+srv : FE4DEDB01B98D366 [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(70) sess_key_out : 9BF923E2DBDF13E2 [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(143) creds_server_init: clnt : 7574A743F705DE3A [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(144) creds_server_init: server : E5DC7C408E2E8C9C [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(145) creds_server_init: seed : 7574A743F705DE3A [2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(157) creds_server_check: challenge : BF5F28FD5A9259F6 [2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(158) calculated: 7574A743F705DE3A [2008/06/05 21:01:42, 2] libsmb/credentials.c:creds_server_check(159) creds_server_check: credentials check failed. [2008/06/05 21:01:42, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0000 data: 00 00 00 00 00 00 00 00 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 neg_flags: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 000c status: NT_STATUS_ACCESS_DENIED [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called NETLOGON successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 54 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 120 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f4 name: NETLOGON len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0028 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 0000000a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000010 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0A 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 22 00 00 C0 .....".. . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 180 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xb4 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 18 of length 184 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=113 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 0B 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D [040] 00 4F 00 57 00 00 00 0B 00 00 00 00 00 00 00 0B .O.W.... ........ [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- [060] 00 53 00 52 00 56 00 00 00 AA 49 B8 EF DA 6E C5 .S.R.V.. ..I...n. [070] 78 x [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=98 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f4 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=76f4 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f4 name: NETLOGON open: Yes len: 98 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 98 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 82 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0062 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 0000000b [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 82 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 82, incoming data = 82 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 0000004a [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0004 [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\NETLOGON [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[0].fn == 0x80109a60 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 00000001 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.D.U.D.O.W... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 uni_max_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 uni_str_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 002c buffer : S.M.B.O.N.E.-.S.R.V... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0042 data: aa 49 b8 ef da 6e c5 78 [2008/06/05 21:01:42, 10] rpc_server/srv_netlog_nt.c:_net_req_chal(276) _net_req_chal: new challenge requested. Clearing old state. [2008/06/05 21:01:42, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0000 data: d0 b1 ab ea e9 44 04 62 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0008 status: NT_STATUS_OK [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called NETLOGON successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 38 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 82 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f4 name: NETLOGON len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0024 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0B 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 D0 B1 AB EA E9 44 04 ........ ......D. [020] 62 00 00 00 00 b.... [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 218 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0xda [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 19 of length 222 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=218 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 136 (0x88) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30452 (0x76F4) smb_bcc=151 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 88 00 00 00 0C 00 00 00 70 ........ .......p [020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D [040] 00 4F 00 57 00 00 00 08 00 00 00 00 00 00 00 08 .O.W.... ........ [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 24 ...S.M.B .O.N.E.$ [060] 00 00 00 04 00 00 00 0B 00 00 00 00 00 00 00 0B ........ ........ [070] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- [080] 00 53 00 52 00 56 00 00 00 FD 3F F3 40 94 5E 86 .S.R.V.. ..?.@.^. [090] 57 00 00 FF FF 0F 60 W.....` [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=136 params=0 setup=2 [2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f4 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=76f4 (pipes_open=1) [2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) [2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 76f4 name: NETLOGON open: Yes len: 136 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 136 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 136 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 136, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 120 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 120 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0088 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 0000000c [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 120 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 120, incoming data = 120 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000070 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 000f [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\NETLOGON [2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[2].fn == 0x80109dd0 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 00000001 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.D.U.D.O.W... [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 uni_max_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 uni_str_len: 00000008 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 002c buffer : S.M.B.O.N.E.$... [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 003c sec_chan: 0004 [2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) 00003e smb_io_unistr2 unistr2 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0040 uni_max_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0044 offset : 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0048 uni_str_len: 0000000b [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 004c buffer : S.M.B.O.N.E.-.S.R.V... [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000062 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0062 data: fd 3f f3 40 94 5e 86 57 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006a net_io_neg_flags [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 006c neg_flags: 600fffff [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) getsampwnam (smbpasswd): search by name: SMBONE$ [2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /etc/samba/smbpasswd [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) getsmbfilepwent: skipping comment or blank line [2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user root, uid 0 [2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) getsmbfilepwent: returning passwd entry for user SMBONE$, uid 1000 [2008/06/05 21:01:42, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1344) getsampwnam (smbpasswd): found by name: SMBONE$ [2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) Got SMBONE$ from pwnam_cache [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username SMBONE$, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Machine, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) pdb_set_unix_homedir: setting home dir /home/SMBONE$, was NULL [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username SMBONE$, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain DUDO, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name Machine, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\dudow\smbone_\.9xprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive P:, was NULL [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script , was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 [2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 [2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 [2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) [000] E1 5C F4 69 B7 92 22 22 D0 CB 2D E0 D7 38 79 FE .\.i.."" ..-..8y. [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(116) creds_server_init: client chal : AA49B8EFDA6EC578 [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(117) creds_server_init: server chal : D0B1ABEAE9440462 [2008/06/05 21:01:42, 4] libsmb/credentials.c:cred_create_session_key(65) cred_create_session_key [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(67) clnt_chal_in: AA49B8EFDA6EC578 [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(68) srv_chal_in : D0B1ABEAE9440462 [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(69) clnt+srv : 7AFB63DAC3B3C9DA [2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(70) sess_key_out : 56DD31A590DCCA8C [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(143) creds_server_init: clnt : CBC666CF37C380B2 [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(144) creds_server_init: server : C2D3A96489BDA691 [2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(145) creds_server_init: seed : CBC666CF37C380B2 [2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(157) creds_server_check: challenge : FD3FF340945E8657 [2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(158) calculated: CBC666CF37C380B2 [2008/06/05 21:01:42, 2] libsmb/credentials.c:creds_server_check(159) creds_server_check: credentials check failed. [2008/06/05 21:01:42, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0000 data: 00 00 00 00 00 00 00 00 [2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 neg_flags: 00000000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 000c status: NT_STATUS_ACCESS_DENIED [2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called NETLOGON successfully [2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 54 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 120 [2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 76f4 name: NETLOGON len: 4280 [2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0028 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 0000000c [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000010 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0C 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 22 00 00 C0 .....".. . [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 41 [2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) got message type 0x0 of len 0x29 [2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) Transaction 20 of length 45 [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=21 smt_wct=3 smb_vwv[ 0]=30452 (0x76F4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 7908) conn 0x803ab748 [2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=76f4 [2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name NETLOGON pnum=76f4 (pipes_open=1) [2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:76f4 [2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) closed pipe name NETLOGON pnum=76f4 (pipes_open=0) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) [2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5094 smb_uid=100 smb_mid=21 smt_wct=0 smb_bcc=0 [2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:01:42, 10] lib/events.c:run_events(87) run_events: No events [2008/06/05 21:02:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:02:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:02:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:02:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:02:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:02:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:02:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:02:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:02:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:02:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:03:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:03:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:03:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:03:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:03:42, 3] smbd/process.c:check_reload(1321) Printcap cache time expired. [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2008/06/05 21:03:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:03:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:03:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:03:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:03:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:03:42, 3] smbd/process.c:check_reload(1321) Printcap cache time expired. [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) reloading cups printcap cache [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) [2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost Unable to connect to CUPS server localhost - Connection refused [2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2008/06/05 21:03:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:04:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:04:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:04:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:04:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:04:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:04:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1 [2008/06/05 21:04:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/05 21:04:42, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2008/06/05 21:04:42, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/05 21:04:42, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/05 21:04:42, 6] param/loadparm.c:lp_file_list_changed(2992) lp_file_list_changed() file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 [2008/06/05 21:04:42, 10] smbd/process.c:setup_select_timeout(1265) change_notify_timeout: -1