### /var/log/samba/log.smbd Unlocking key A3770000FFFFFFFF [2011/12/13 17:45:16.581228, 3] smbd/server_exit.c:181(exit_server_common) Server exit (termination signal) [2011/12/13 17:45:35, 0] smbd/server.c:1053(main) smbd version 3.6.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2011/12/13 17:45:35, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter syslog = 0 doing parameter max log size = 1000000 doing parameter max open files = 32808 doing parameter server string = %h univention corporate server doing parameter netbios name = master [2011/12/13 17:45:35, 4] param/loadparm.c:7584(handle_netbios_name) handle_netbios_name: set global_myname to: MASTER doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" doing parameter auth methods = guest sam winbind doing parameter ldap suffix = dc=x86err300s3,dc=qa doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" doing parameter ldap ssl = start tls doing parameter passdb expand explicit = no doing parameter ldap idmap suffix = cn=idmap,cn=univention doing parameter idmap config * : backend = ldap doing parameter idmap config * : range = 55000-64000 doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa doing parameter idmap config X86ERR300S3 : backend = nss doing parameter idmap config X86ERR300S3 : range = 1000-54999 doing parameter winbind max clients = 500 doing parameter winbind nested groups = no doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind separator = + doing parameter template shell = /bin/bash doing parameter template homedir = /home/%D-%U doing parameter pam password change = no doing parameter unix password sync = yes doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* doing parameter passwd chat timeout = 60 doing parameter client use spnego = yes doing parameter obey pam restrictions = yes doing parameter encrypt passwords = yes doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter security = user doing parameter domain logons = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter local master = yes doing parameter os level = 65 doing parameter wins support = yes doing parameter workgroup = X86ERR300S3 doing parameter oplocks = yes doing parameter kernel oplocks = yes doing parameter large readwrite = yes doing parameter deadtime = 15 doing parameter read raw = yes doing parameter write raw = yes doing parameter max xmit = 65535 doing parameter getwd cache = yes doing parameter wide links = no doing parameter store dos attributes = yes doing parameter logon home = \\master\%U doing parameter logon drive = I: doing parameter logon path = \\master\%U\windows-profiles\%a doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter time server = yes doing parameter host msdfs = no doing parameter msdfs root = no doing parameter guest account = nobody doing parameter map to guest = Bad User doing parameter admin users = administrator join-backup doing parameter set quota command = /usr/sbin/univention-setquota doing parameter check password script = /usr/share/univention-samba/password_check %u doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" doing parameter usershare max shares = 0 doing parameter include = /etc/samba/base.conf [2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" [2011/12/13 17:45:35, 4] param/loadparm.c:9631(lp_load_ex) pm_process() returned Yes [2011/12/13 17:45:35, 7] param/loadparm.c:9857(lp_servicenumber) lp_servicenumber: couldn't find homes [2011/12/13 17:45:35, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_PDC [2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2011/12/13 17:45:35, 4] smbd/sec_ctx.c:174(get_current_groups) get_current_groups: user is in 1 groups: 0 [2011/12/13 17:45:35, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2011/12/13 17:45:35, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2011/12/13 17:45:35.306250, 3] param/loadparm.c:9595(lp_load_ex) lp_load_ex: refreshing parameters [2011/12/13 17:45:35.306304, 3] param/loadparm.c:5212(init_globals) Initialising global parameters [2011/12/13 17:45:35.306347, 2] param/loadparm.c:5005(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2011/12/13 17:45:35.306422, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2011/12/13 17:45:35.306466, 3] param/loadparm.c:8333(do_section) Processing section "[global]" doing parameter debug level = 10 [2011/12/13 17:45:35.306521, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter syslog = 0 doing parameter max log size = 1000000 doing parameter max open files = 32808 doing parameter server string = %h univention corporate server doing parameter netbios name = master [2011/12/13 17:45:35.306883, 4] param/loadparm.c:7584(handle_netbios_name) handle_netbios_name: set global_myname to: MASTER doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" doing parameter auth methods = guest sam winbind doing parameter ldap suffix = dc=x86err300s3,dc=qa doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" doing parameter ldap ssl = start tls doing parameter passdb expand explicit = no doing parameter ldap idmap suffix = cn=idmap,cn=univention doing parameter idmap config * : backend = ldap doing parameter idmap config * : range = 55000-64000 doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa doing parameter idmap config X86ERR300S3 : backend = nss doing parameter idmap config X86ERR300S3 : range = 1000-54999 doing parameter winbind max clients = 500 doing parameter winbind nested groups = no doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind separator = + doing parameter template shell = /bin/bash doing parameter template homedir = /home/%D-%U doing parameter pam password change = no doing parameter unix password sync = yes doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* doing parameter passwd chat timeout = 60 doing parameter client use spnego = yes doing parameter obey pam restrictions = yes doing parameter encrypt passwords = yes doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter security = user doing parameter domain logons = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter local master = yes doing parameter os level = 65 doing parameter wins support = yes doing parameter workgroup = X86ERR300S3 doing parameter oplocks = yes doing parameter kernel oplocks = yes doing parameter large readwrite = yes doing parameter deadtime = 15 doing parameter read raw = yes doing parameter write raw = yes doing parameter max xmit = 65535 doing parameter getwd cache = yes doing parameter wide links = no doing parameter store dos attributes = yes doing parameter logon home = \\master\%U doing parameter logon drive = I: doing parameter logon path = \\master\%U\windows-profiles\%a doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter time server = yes doing parameter host msdfs = no doing parameter msdfs root = no doing parameter guest account = nobody doing parameter map to guest = Bad User doing parameter admin users = administrator join-backup doing parameter set quota command = /usr/sbin/univention-setquota doing parameter check password script = /usr/share/univention-samba/password_check %u doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" doing parameter usershare max shares = 0 doing parameter include = /etc/samba/base.conf [2011/12/13 17:45:35.312857, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" [2011/12/13 17:45:35.312901, 2] param/loadparm.c:8350(do_section) Processing section "[homes]" [2011/12/13 17:45:35.312968, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 0 for homes [2011/12/13 17:45:35.313006, 10] param/loadparm.c:6541(hash_a_service) hash_a_service: creating servicehash [2011/12/13 17:45:35.313041, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 0 for service name homes doing parameter comment = Heimatverzeichnisse doing parameter browsable = no doing parameter read only = no doing parameter create mask = 0700 doing parameter directory mask = 0700 doing parameter vfs objects = acl_xattr [2011/12/13 17:45:35.313242, 2] param/loadparm.c:8350(do_section) Processing section "[printers]" [2011/12/13 17:45:35.313302, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 1 for printers [2011/12/13 17:45:35.313338, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 1 for service name printers doing parameter comment = Drucker doing parameter browseable = no doing parameter path = /tmp doing parameter printable = yes doing parameter public = no doing parameter writable = no doing parameter create mode = 0700 [2011/12/13 17:45:35.313522, 2] param/loadparm.c:8350(do_section) Processing section "[print$]" [2011/12/13 17:45:35.313580, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 2 for print$ [2011/12/13 17:45:35.313615, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 2 for service name print$ doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/drivers doing parameter browseable = yes doing parameter guest ok = no doing parameter read only = no doing parameter write list = root, Administrator, @Printer-Admins [2011/12/13 17:45:35.313775, 2] param/loadparm.c:8350(do_section) Processing section "[netlogon]" [2011/12/13 17:45:35.313835, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 3 for netlogon [2011/12/13 17:45:35.313881, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 3 for service name netlogon doing parameter comment = Domain logon service doing parameter path = /var/lib/samba/netlogon doing parameter public = no doing parameter preserve case = yes doing parameter case sensitive = no doing parameter writable = yes doing parameter include = /etc/samba/installs.conf [2011/12/13 17:45:35.314084, 2] param/loadparm.c:7713(handle_include) Can't find include file /etc/samba/installs.conf doing parameter include = /etc/samba/shares.conf [2011/12/13 17:45:35.314155, 2] param/loadparm.c:7713(handle_include) Can't find include file /etc/samba/shares.conf doing parameter include = /etc/samba/printers.conf [2011/12/13 17:45:35.314231, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf" doing parameter include = /etc/samba/local.conf [2011/12/13 17:45:35.314311, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/local.conf" [2011/12/13 17:45:35.314349, 4] param/loadparm.c:9631(lp_load_ex) pm_process() returned Yes [2011/12/13 17:45:35.314419, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 4 for IPC$ [2011/12/13 17:45:35.314457, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 4 for service name IPC$ [2011/12/13 17:45:35.314499, 3] param/loadparm.c:6653(lp_add_ipc) adding IPC service [2011/12/13 17:45:35.314532, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_PDC [2011/12/13 17:45:35.314569, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2011/12/13 17:45:35.314613, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:35.315005, 2] lib/interface.c:341(add_interface) added interface eth0 ip=2001:4dd0:ff00:8c42:ff08::180 bcast=2001:4dd0:ff00:8c42:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: [2011/12/13 17:45:35.315072, 2] lib/interface.c:341(add_interface) added interface eth0 ip=fe80::5054:ff:febb:90c5%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2011/12/13 17:45:35.315163, 2] lib/interface.c:341(add_interface) added interface eth0 ip=10.200.8.180 bcast=10.200.8.255 netmask=255.255.255.0 [2011/12/13 17:45:35.315217, 3] smbd/server.c:1088(main) loaded services [2011/12/13 17:45:35.315262, 5] lib/util.c:242(init_names) Netbios name list:- my_netbios_names[0]="MASTER" [2011/12/13 17:45:35.315351, 3] smbd/server.c:1120(main) Becoming a daemon. [2011/12/13 17:45:35.321780, 8] ../lib/util/util.c:263(fcntl_lock) fcntl_lock 9 13 0 1 1 [2011/12/13 17:45:35.321868, 8] ../lib/util/util.c:298(fcntl_lock) fcntl_lock: Lock call successful [2011/12/13 17:45:35.322066, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam [2011/12/13 17:45:35.322116, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2011/12/13 17:45:35.322150, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2011/12/13 17:45:35.322183, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2011/12/13 17:45:35.322224, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2011/12/13 17:45:35.322258, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2011/12/13 17:45:35.322289, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2011/12/13 17:45:35.322322, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2011/12/13 17:45:35.322355, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend IPA_ldapsam [2011/12/13 17:45:35.322388, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'IPA_ldapsam' [2011/12/13 17:45:35.322420, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend smbpasswd [2011/12/13 17:45:35.322453, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2011/12/13 17:45:35.322486, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend tdbsam [2011/12/13 17:45:35.322518, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2011/12/13 17:45:35.322551, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend wbc_sam [2011/12/13 17:45:35.322585, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2011/12/13 17:45:35.322617, 5] passdb/pdb_interface.c:141(make_pdb_method_name) Attempting to find a passdb backend to match ldapsam:"ldap://master.x86err300s3.qa:7389" (ldapsam) [2011/12/13 17:45:35.322652, 5] passdb/pdb_interface.c:162(make_pdb_method_name) Found pdb backend ldapsam [2011/12/13 17:45:35.322705, 2] lib/smbldap_util.c:278(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=X86ERR300S3))] [2011/12/13 17:45:35.322760, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaDomain)(sambaDomainName=X86ERR300S3))], scope => [2] [2011/12/13 17:45:35.322834, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2011/12/13 17:45:35.322897, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2011/12/13 17:45:35.322945, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 [2011/12/13 17:45:35.336268, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2011/12/13 17:45:35.599194, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2011/12/13 17:45:35.599383, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" [2011/12/13 17:45:35.601092, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2011/12/13 17:45:35.601171, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2011/12/13 17:45:35.601810, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaAlgorithmicRidBase does not exist [2011/12/13 17:45:35.601864, 5] passdb/pdb_interface.c:173(make_pdb_method_name) pdb backend ldapsam:"ldap://master.x86err300s3.qa:7389" has a valid init [2011/12/13 17:45:35.616530, 10] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2011/12/13 17:45:35.616593, 10] registry/reg_cachehook.c:70(reghook_cache_init) reghook_cache_init: new tree with default ops 0xb77df800 for key [] [2011/12/13 17:45:35.616853, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2011/12/13 17:45:35.616931, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2011/12/13 17:45:35.616971, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2011/12/13 17:45:35.617022, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2011/12/13 17:45:35.617059, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:35.617109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2011/12/13 17:45:35.617146, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2011/12/13 17:45:35.617183, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:35.617233, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2011/12/13 17:45:35.617270, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2011/12/13 17:45:35.617312, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df8e0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2011/12/13 17:45:35.617348, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.617385, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2011/12/13 17:45:35.617418, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.617453, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df800 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2011/12/13 17:45:35.617486, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.617522, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2011/12/13 17:45:35.617556, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.617591, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df800 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2011/12/13 17:45:35.617624, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.617659, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2011/12/13 17:45:35.617692, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.617726, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df920 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2011/12/13 17:45:35.617759, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.617795, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2011/12/13 17:45:35.617827, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.617862, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df8a0 for key [\HKLM\SOFTWARE\Samba\smbconf] [2011/12/13 17:45:35.617894, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.617929, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2011/12/13 17:45:35.617969, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618005, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df960 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2011/12/13 17:45:35.618038, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.618073, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2011/12/13 17:45:35.618106, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618140, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df9a0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2011/12/13 17:45:35.618172, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.618207, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2011/12/13 17:45:35.618239, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618273, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77df9e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2011/12/13 17:45:35.618306, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.618340, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2011/12/13 17:45:35.618373, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618406, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77dfa20 for key [\HKPT] [2011/12/13 17:45:35.618438, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.618471, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2011/12/13 17:45:35.618503, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618537, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77dfa60 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2011/12/13 17:45:35.618569, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.618603, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2011/12/13 17:45:35.618635, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618669, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb77dfaa0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2011/12/13 17:45:35.618716, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2011/12/13 17:45:35.618751, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2011/12/13 17:45:35.618784, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2011/12/13 17:45:35.618817, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2011/12/13 17:45:35.619529, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user X86ERR300S3+root [2011/12/13 17:45:35.619737, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is x86err300s3+root [2011/12/13 17:45:35.621324, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is X86ERR300S3+root [2011/12/13 17:45:35.682242, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is X86ERR300S3+ROOT [2011/12/13 17:45:35.683516, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in x86err300s3+root [2011/12/13 17:45:35.684459, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [X86ERR300S3+root]! [2011/12/13 17:45:35.688736, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2011/12/13 17:45:35.688784, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2011/12/13 17:45:35.688919, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2011/12/13 17:45:35.689000, 5] lib/gencache.c:68(gencache_init) Opening cache file at /var/run/samba/gencache.tdb [2011/12/13 17:45:35.689116, 5] lib/gencache.c:111(gencache_init) Opening cache file at /var/run/samba/gencache_notrans.tdb [2011/12/13 17:45:35.689195, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/0 and timeout = Thu Jan 1 01:00:00 1970 (-1323794735 seconds in the past) [2011/12/13 17:45:36.703183, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2011/12/13 17:45:36.703258, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.703299, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.703334, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.703368, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.703403, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.703516, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2011/12/13 17:45:36.703924, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) [2011/12/13 17:45:36.703987, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.704028, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2011/12/13 17:45:36.704088, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2011/12/13 17:45:36.704455, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) [2011/12/13 17:45:36.704513, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2011/12/13 17:45:36.704564, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: X86ERR300S3\root => domain=[X86ERR300S3], name=[root] [2011/12/13 17:45:36.704600, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:36.704639, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.704675, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.704741, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.704776, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.704809, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.704903, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=root)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:36.705362, 4] passdb/pdb_ldap.c:1578(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2011/12/13 17:45:36.705423, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.705461, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.705496, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.705544, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.705578, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.705609, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.705675, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2011/12/13 17:45:36.706108, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2011/12/13 17:45:36.706239, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.706290, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2011/12/13 17:45:36.706325, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:36.707035, 10] passdb/lookup_sid.c:1544(sid_to_uid) sid S-1-22-1-0 -> uid 0 [2011/12/13 17:45:36.707185, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2011/12/13 17:45:36.707470, 10] auth/token_util.c:339(create_local_nt_token) Create local NT token for S-1-22-1-0 [2011/12/13 17:45:36.707550, 10] passdb/lookup_sid.c:1635(sid_to_gid) sid S-1-5-32-544 -> gid 5010 [2011/12/13 17:45:36.707603, 10] passdb/lookup_sid.c:1635(sid_to_gid) sid S-1-5-32-545 -> gid 5011 [2011/12/13 17:45:36.707700, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2011/12/13 17:45:36.707747, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2011/12/13 17:45:36.707790, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2011/12/13 17:45:36.707843, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2011/12/13 17:45:36.707885, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2011/12/13 17:45:36.709034, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.709091, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.709127, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.709160, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.709193, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.709264, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2011/12/13 17:45:36.709755, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) init_group_from_ldap: Entry found for group: 5022 [2011/12/13 17:45:36.709819, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute displayName does not exist [2011/12/13 17:45:36.709862, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:36.709909, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.709946, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-1-0 -> gid 5022 [2011/12/13 17:45:36.709985, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.710021, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.710054, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.710097, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.710131, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.710192, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2011/12/13 17:45:36.710573, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2011/12/13 17:45:36.710634, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.710672, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:36.710708, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:36.710745, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2011/12/13 17:45:36.710789, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-22-1-0 SID[ 1]: S-1-22-2-0 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-5022 SID[ 6]: S-1-22-2-5020 Privileges (0x 0): Rights (0x 0): [2011/12/13 17:45:36.710968, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 3 supplementary groups Group[ 0]: 0 Group[ 1]: 5022 Group[ 2]: 5020 [2011/12/13 17:45:36.711172, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2011/12/13 17:45:36.711212, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2011/12/13 17:45:36.711326, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2011/12/13 17:45:36.711386, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user X86ERR300S3+nobody [2011/12/13 17:45:36.711421, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is x86err300s3+nobody [2011/12/13 17:45:36.712010, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is X86ERR300S3+nobody [2011/12/13 17:45:36.712551, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is X86ERR300S3+NOBODY [2011/12/13 17:45:36.713130, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in x86err300s3+nobody [2011/12/13 17:45:36.713184, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [X86ERR300S3+nobody]! [2011/12/13 17:45:36.713226, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2011/12/13 17:45:36.713260, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2011/12/13 17:45:36.713296, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2011/12/13 17:45:36.713352, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/65534 and timeout = Thu Jan 1 01:00:00 1970 (-1323794736 seconds in the past) [2011/12/13 17:45:36.714381, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65534 [2011/12/13 17:45:36.714437, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.714474, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.714508, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.714542, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.714575, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.714654, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2] [2011/12/13 17:45:36.715033, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) [2011/12/13 17:45:36.715094, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.715132, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 65534 -> sid S-1-22-2-65534 [2011/12/13 17:45:36.715186, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2] [2011/12/13 17:45:36.715544, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) [2011/12/13 17:45:36.715600, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for nobody [2011/12/13 17:45:36.715637, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2011/12/13 17:45:36.715693, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-501] [2011/12/13 17:45:36.715742, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-513] [2011/12/13 17:45:36.715787, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-546] [2011/12/13 17:45:36.715831, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2011/12/13 17:45:36.715884, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2011/12/13 17:45:36.715925, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2011/12/13 17:45:36.718834, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.718897, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.718944, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.718981, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.719014, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.719072, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2011/12/13 17:45:36.719110, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:36.719144, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:36.719178, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:36.719211, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.719243, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.719324, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:36.719741, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-546] count=0 [2011/12/13 17:45:36.719819, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546))], scope => [2] [2011/12/13 17:45:36.720193, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)) [2011/12/13 17:45:36.720254, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.720291, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2011/12/13 17:45:36.720327, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.720362, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-861941570-1634457251-3974523304-546 [2011/12/13 17:45:36.720401, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.720436, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.720469, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.720502, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.720534, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.720586, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2011/12/13 17:45:36.720623, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:36.720657, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:36.720838, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:36.720874, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.720906, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.720987, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:36.721403, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-546] count=0 [2011/12/13 17:45:36.721480, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546))], scope => [2] [2011/12/13 17:45:36.721838, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)) [2011/12/13 17:45:36.721900, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.721936, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2011/12/13 17:45:36.721973, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.722008, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-861941570-1634457251-3974523304-546 [2011/12/13 17:45:36.722047, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.722083, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.722116, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.722149, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.722181, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.722256, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2011/12/13 17:45:36.722613, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2011/12/13 17:45:36.722674, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.722712, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:36.722748, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:36.722784, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-861941570-1634457251-3974523304-546 to gid, ignoring it [2011/12/13 17:45:36.722821, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2011/12/13 17:45:36.722862, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (10): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-501 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-5001 SID[ 8]: S-1-22-2-5022 SID[ 9]: S-1-22-2-5012 Privileges (0x 0): Rights (0x 0): [2011/12/13 17:45:36.723082, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 3 supplementary groups Group[ 0]: 5001 Group[ 1]: 5022 Group[ 2]: 5012 [2011/12/13 17:45:36.723268, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2011/12/13 17:45:36.723311, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.723346, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:36.723379, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:36.723412, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:36.723444, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:36.723535, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:36.723574, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2011/12/13 17:45:36.723628, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2011/12/13 17:45:36.723688, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2011/12/13 17:45:36.723723, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2011/12/13 17:45:36.723765, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2011/12/13 17:45:36.723834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2011/12/13 17:45:36.724052, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2011/12/13 17:45:36.724100, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2011/12/13 17:45:36.724140, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2011/12/13 17:45:36.724173, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2011/12/13 17:45:36.724206, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.724237, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM] [2011/12/13 17:45:36.724302, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.724385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 result : WERR_OK [2011/12/13 17:45:36.724580, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2011/12/13 17:45:36.725028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.725111, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.725147, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2011/12/13 17:45:36.725187, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.725219, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.725252, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.725283, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.725334, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.725372, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.725410, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.725451, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.725486, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.725517, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.725569, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.725605, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.725643, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.725674, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.725708, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.725739, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.725799, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.725836, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.725871, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.725948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 result : WERR_OK [2011/12/13 17:45:36.726103, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2011/12/13 17:45:36.726301, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.726384, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0xb77df800) [2011/12/13 17:45:36.726420, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.726465, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.726519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.726921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.727285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.727364, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.727400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.727698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.728053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.728131, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.728167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.728460, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.728836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.728916, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.729100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.729428, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.729775, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.729854, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.729890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.730184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.730536, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.730614, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.730650, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.730954, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.731297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.731376, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.731412, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.731707, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2011/12/13 17:45:36.732050, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.732129, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.732165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.732472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2011/12/13 17:45:36.733043, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.733124, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2011/12/13 17:45:36.733163, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.733199, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.733233, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.733268, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.733305, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.733337, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.733370, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.733401, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.733452, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.733489, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.733524, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.733561, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.733592, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.733626, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.733659, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.733710, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.733748, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.733782, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.733817, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.733853, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.733885, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.733919, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.733950, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.734010, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.734047, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2011/12/13 17:45:36.734082, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.734128, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.734162, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.734197, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.734229, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.734279, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.734316, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.734391, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.734579, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.734898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.734990, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2011/12/13 17:45:36.735028, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.735061, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0xb77df800) [2011/12/13 17:45:36.735096, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.735144, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2011/12/13 17:45:36.735181, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2011/12/13 17:45:36.735216, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2011/12/13 17:45:36.735251, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2011/12/13 17:45:36.735294, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[28] [2011/12/13 17:45:36.735331, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[54] [2011/12/13 17:45:36.735366, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[106] [2011/12/13 17:45:36.735401, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.735491, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.735802, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.735877, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2011/12/13 17:45:36.735913, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.735948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.736031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.736429, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.736509, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2011/12/13 17:45:36.736554, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.736591, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.736688, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2011/12/13 17:45:36.737346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.737425, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2011/12/13 17:45:36.737462, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.737498, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.737592, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2011/12/13 17:45:36.738288, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.738366, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2011/12/13 17:45:36.738403, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.738439, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.738525, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x73 (115) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) [2011/12/13 17:45:36.739607, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.739683, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2011/12/13 17:45:36.739720, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.739755, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.739843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2011/12/13 17:45:36.741736, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.741814, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2011/12/13 17:45:36.741851, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.741887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.741976, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.742100, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.742177, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.742252, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.742295, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.742331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.742487, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2011/12/13 17:45:36.743025, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.743105, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2011/12/13 17:45:36.743143, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.743179, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.743213, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.743248, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.743285, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.743318, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.743351, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.743383, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.743433, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.743470, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.743514, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.743552, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.743584, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.743617, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.743648, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.743699, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.743737, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.743771, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.743805, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.743842, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.743874, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.743908, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.743940, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.743999, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.744039, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.744072, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2011/12/13 17:45:36.744107, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.744144, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.744176, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.744210, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.744242, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2011/12/13 17:45:36.744291, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.744328, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2011/12/13 17:45:36.744363, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.744400, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2011/12/13 17:45:36.744433, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2011/12/13 17:45:36.744467, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.744498, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2011/12/13 17:45:36.744543, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2011/12/13 17:45:36.744580, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.744624, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.744726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.744929, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2011/12/13 17:45:36.747174, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.747255, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2011/12/13 17:45:36.747294, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.747328, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0xb77df800) [2011/12/13 17:45:36.747363, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2011/12/13 17:45:36.747413, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2011/12/13 17:45:36.747451, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.747535, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.747656, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.747733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.747808, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.747841, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.747875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.748029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2011/12/13 17:45:36.748554, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.748632, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2011/12/13 17:45:36.748669, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.748732, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.748770, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.748805, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.748842, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.748874, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.748908, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.748939, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.748989, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.749026, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.749061, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.749098, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.749130, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.749163, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.749195, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.749244, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.749283, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.749317, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.749352, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.749397, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.749430, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.749464, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.749495, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.749555, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.749593, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2011/12/13 17:45:36.749628, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.749665, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.749697, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.749731, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.749763, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.749814, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.749851, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.749926, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.750107, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.750419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.750494, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2011/12/13 17:45:36.750531, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.750573, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0xb77df800) [2011/12/13 17:45:36.750608, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.750657, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2011/12/13 17:45:36.750694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2011/12/13 17:45:36.750729, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2011/12/13 17:45:36.750763, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2011/12/13 17:45:36.750798, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[20] [2011/12/13 17:45:36.750833, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[54] [2011/12/13 17:45:36.750868, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[164] [2011/12/13 17:45:36.750903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.751004, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.751322, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.751400, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2011/12/13 17:45:36.751437, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.751472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.751555, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.751882, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.751960, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2011/12/13 17:45:36.751997, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.752032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.752117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2011/12/13 17:45:36.752814, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.752895, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2011/12/13 17:45:36.752933, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.752978, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.753070, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2011/12/13 17:45:36.753632, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.753709, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2011/12/13 17:45:36.753746, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.753781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.753865, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x73 (115) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) [2011/12/13 17:45:36.754974, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.755053, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2011/12/13 17:45:36.755090, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.755125, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.755214, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2011/12/13 17:45:36.758121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.758202, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2011/12/13 17:45:36.758239, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.758275, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.758359, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.758481, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.758557, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.758631, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.758666, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.758700, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.758862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2011/12/13 17:45:36.759404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.759484, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2011/12/13 17:45:36.759522, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.759558, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.759591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.759626, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.759664, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.759695, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.759729, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.759843, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.759897, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.759935, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.759971, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.760008, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.760050, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.760084, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.760115, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.760166, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.760204, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.760238, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.760273, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.760310, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.760341, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.760375, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.760406, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.760466, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.760505, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.760539, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2011/12/13 17:45:36.760574, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.760611, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.760643, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.760677, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.760757, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2011/12/13 17:45:36.760816, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.760854, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2011/12/13 17:45:36.760889, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.760927, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2011/12/13 17:45:36.760960, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2011/12/13 17:45:36.760994, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.761026, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2011/12/13 17:45:36.761073, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2011/12/13 17:45:36.761110, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.761146, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.761233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.761424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2011/12/13 17:45:36.763573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.763652, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2011/12/13 17:45:36.763690, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.763723, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0xb77df800) [2011/12/13 17:45:36.763758, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2011/12/13 17:45:36.763807, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2011/12/13 17:45:36.763844, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.763927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.764048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.764125, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.764200, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.764233, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.764267, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.764421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2011/12/13 17:45:36.764981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.765061, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2011/12/13 17:45:36.765099, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.765135, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.765168, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.765203, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.765240, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.765273, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.765306, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.765337, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.765386, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.765423, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.765537, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.765581, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.765613, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.765647, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.765679, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.765729, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.765768, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.765802, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.765836, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.765873, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.765915, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.765950, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.765982, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.766042, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.766080, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2011/12/13 17:45:36.766115, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.766152, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.766184, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.766218, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.766250, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.766300, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.766337, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.766415, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.766600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.766918, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.767009, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2011/12/13 17:45:36.767047, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.767081, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0xb77df800) [2011/12/13 17:45:36.767124, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.767174, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2011/12/13 17:45:36.767211, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2011/12/13 17:45:36.767247, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2011/12/13 17:45:36.767282, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2011/12/13 17:45:36.767316, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[48] [2011/12/13 17:45:36.767351, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[54] [2011/12/13 17:45:36.767386, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[126] [2011/12/13 17:45:36.767421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.767507, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.767982, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.768062, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2011/12/13 17:45:36.768099, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.768135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.768223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.768551, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.768629, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2011/12/13 17:45:36.768666, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.768726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.768822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2011/12/13 17:45:36.769458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.769534, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2011/12/13 17:45:36.769571, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.769607, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.769708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2011/12/13 17:45:36.770713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.770798, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2011/12/13 17:45:36.770837, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.770873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.770973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x73 (115) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) [2011/12/13 17:45:36.772074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.772152, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2011/12/13 17:45:36.772190, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.772226, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.772313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2011/12/13 17:45:36.774562, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.774642, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2011/12/13 17:45:36.774680, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.774716, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.774801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.774936, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.775016, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.775091, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.775126, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.775161, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.775317, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2011/12/13 17:45:36.775846, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.775926, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2011/12/13 17:45:36.775965, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.776000, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.776034, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.776070, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.776107, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.776139, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.776173, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.776204, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.776254, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.776291, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.776326, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.776363, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.776395, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.776429, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.776460, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.776511, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.776549, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.776591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.776627, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.776664, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.776718, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.776759, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.776791, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.776854, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.776894, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.776928, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2011/12/13 17:45:36.776963, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.777001, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.777033, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.777068, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.777099, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2011/12/13 17:45:36.777150, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.777186, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2011/12/13 17:45:36.777221, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.777259, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2011/12/13 17:45:36.777293, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2011/12/13 17:45:36.777327, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.777358, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2011/12/13 17:45:36.777405, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2011/12/13 17:45:36.777442, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.777478, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.777554, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.777753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2011/12/13 17:45:36.779900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.779986, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2011/12/13 17:45:36.780026, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.780060, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0xb77df800) [2011/12/13 17:45:36.780095, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2011/12/13 17:45:36.780145, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2011/12/13 17:45:36.780183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.780267, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.780389, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.780464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.780537, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.780570, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.780604, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.780796, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2011/12/13 17:45:36.781326, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.781404, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2011/12/13 17:45:36.781441, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.781476, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.781509, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.781544, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.781580, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.781612, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.781645, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.781677, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.781726, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.781762, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.781798, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.781835, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.781867, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.781900, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.781931, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.781981, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.782019, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.782053, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.782087, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.782123, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.782155, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.782189, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.782220, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.782279, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.782316, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2011/12/13 17:45:36.782359, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.782398, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.782431, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.782465, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.782496, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.782545, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.782583, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.782660, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.782844, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.783244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.783325, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2011/12/13 17:45:36.783363, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.783397, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0xb77df800) [2011/12/13 17:45:36.783431, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.783481, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2011/12/13 17:45:36.783519, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2011/12/13 17:45:36.783555, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2011/12/13 17:45:36.783599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2011/12/13 17:45:36.783636, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[74] [2011/12/13 17:45:36.783671, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[54] [2011/12/13 17:45:36.783706, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[178] [2011/12/13 17:45:36.783741, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.783828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.784147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.784224, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2011/12/13 17:45:36.784261, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.784297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.784381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2011/12/13 17:45:36.784721, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.784807, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2011/12/13 17:45:36.784854, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.784890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.784979, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2011/12/13 17:45:36.785609, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.785687, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2011/12/13 17:45:36.785724, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.785759, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.785852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2011/12/13 17:45:36.787306, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.787385, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2011/12/13 17:45:36.787422, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.787458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.787546, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x6e (110) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) [2011/12/13 17:45:36.788660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.788767, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2011/12/13 17:45:36.788807, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.788842, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.788931, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2011/12/13 17:45:36.792013, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.792090, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2011/12/13 17:45:36.792127, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.792163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.792246, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.792367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.792444, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.792520, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.792555, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.792590, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.792775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2011/12/13 17:45:36.793309, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.793388, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2011/12/13 17:45:36.793426, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.793462, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.793496, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.793531, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.793568, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.793601, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.793634, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.793666, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.793716, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.793753, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.793788, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.793826, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.793857, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.793891, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.793923, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.793972, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.794010, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.794044, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.794079, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.794125, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.794158, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.794192, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.794223, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.794283, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.794321, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2011/12/13 17:45:36.794355, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2011/12/13 17:45:36.794390, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.794427, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.794459, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.794493, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.794525, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2011/12/13 17:45:36.794575, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.794611, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2011/12/13 17:45:36.794646, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.794683, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2011/12/13 17:45:36.794715, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2011/12/13 17:45:36.794750, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.794781, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2011/12/13 17:45:36.794826, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2011/12/13 17:45:36.794863, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.794899, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.794988, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-e74e-30819f7b0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2011/12/13 17:45:36.795179, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-e74e-30819f7b0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2011/12/13 17:45:36.797416, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.797497, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2011/12/13 17:45:36.797535, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2011/12/13 17:45:36.797569, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0xb77df800) [2011/12/13 17:45:36.797613, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2011/12/13 17:45:36.797664, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2011/12/13 17:45:36.797702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2011/12/13 17:45:36.797787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.797910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.797987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.798062, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.798096, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.798130, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.798276, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.798397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.798474, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.798549, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.798584, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2011/12/13 17:45:36.798618, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.798764, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2011/12/13 17:45:36.798827, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2011/12/13 17:45:36.798875, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2011/12/13 17:45:36.798918, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg [2011/12/13 17:45:36.798976, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2011/12/13 17:45:36.799022, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2011/12/13 17:45:36.799226, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2011/12/13 17:45:36.799262, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2011/12/13 17:45:36.799299, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2011/12/13 17:45:36.799331, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2011/12/13 17:45:36.799364, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.799396, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM] [2011/12/13 17:45:36.799450, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.799533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-e74e-30819f7b0000 result : WERR_OK [2011/12/13 17:45:36.799684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-e74e-30819f7b0000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2011/12/13 17:45:36.800082, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.800172, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2011/12/13 17:45:36.800208, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2011/12/13 17:45:36.800245, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2011/12/13 17:45:36.800277, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2011/12/13 17:45:36.800310, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.800341, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] [2011/12/13 17:45:36.800394, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2011/12/13 17:45:36.800432, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2011/12/13 17:45:36.800470, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.800505, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.800538, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.800569, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] [2011/12/13 17:45:36.800622, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2011/12/13 17:45:36.800659, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2011/12/13 17:45:36.800720, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.800758, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.800793, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.800824, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2011/12/13 17:45:36.800888, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2011/12/13 17:45:36.800926, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2011/12/13 17:45:36.800964, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:36.800999, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:36.801034, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2011/12/13 17:45:36.801065, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:36.801116, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2011/12/13 17:45:36.801153, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2011/12/13 17:45:36.801187, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2011/12/13 17:45:36.801222, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.801299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-e74e-30819f7b0000 result : WERR_OK [2011/12/13 17:45:36.801461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-e74e-30819f7b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2011/12/13 17:45:36.801657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.801737, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0xb77df800) [2011/12/13 17:45:36.801772, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:36.801823, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2011/12/13 17:45:36.801861, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2011/12/13 17:45:36.801897, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2011/12/13 17:45:36.801949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2011/12/13 17:45:36.802343, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-e74e-30819f7b0000 [2011/12/13 17:45:36.802464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.802542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. [0010] 9F 7B 00 00 .{.. [2011/12/13 17:45:36.802625, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:36.802659, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2011/12/13 17:45:36.802694, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2011/12/13 17:45:36.802862, 3] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2011/12/13 17:45:36.802918, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2011/12/13 17:45:36.802974, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9787b58 [2011/12/13 17:45:36.803079, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2011/12/13 17:45:36.803136, 5] printing/print_cups.c:408(cups_pcap_load_async) cups_pcap_load_async: asynchronously loading cups printers [2011/12/13 17:45:36.803374, 10] printing/print_cups.c:425(cups_pcap_load_async) cups_pcap_load_async: child pid = 31653 [2011/12/13 17:45:36.803454, 10] printing/print_cups.c:545(cups_cache_reload) cups_cache_reload: async read on fd 26 [2011/12/13 17:45:36.803496, 3] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2011/12/13 17:45:36.803548, 3] printing/printing.c:1644(start_background_queue) start_background_queue: Starting background LPQ thread [2011/12/13 17:45:36.803915, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2011/12/13 17:45:36.803983, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.804244, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.804535, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2011/12/13 17:45:36.804582, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.804869, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.805155, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2011/12/13 17:45:36.805201, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.805458, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.805736, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2011/12/13 17:45:36.805781, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.806027, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:36.806418, 5] printing/printing.c:1667(start_background_queue) start_background_queue: background LPQ thread started [2011/12/13 17:45:36.806755, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A67B0000FFFFFFFF [2011/12/13 17:45:36.806823, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb97747e0 [2011/12/13 17:45:36.806878, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A67B0000FFFFFFFF [2011/12/13 17:45:36.806939, 5] printing/printing.c:1703(start_background_queue) start_background_queue: background LPQ thread waiting for messages [2011/12/13 17:45:36.807270, 5] printing/print_cups.c:277(cups_cache_reload_async) reloading cups printcap cache [2011/12/13 17:45:36.808244, 10] printing/print_cups.c:89(cups_connect) connecting to cups server master.x86err300s3.qa:631 [2011/12/13 17:45:36.806291, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 9F7B0000FFFFFFFF [2011/12/13 17:45:36.810210, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9786728 [2011/12/13 17:45:36.810267, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 9F7B0000FFFFFFFF [2011/12/13 17:45:36.810320, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(parent_housekeeping) 0xb97867d0 [2011/12/13 17:45:36.810358, 5] lib/messages.c:300(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2011/12/13 17:45:36.810438, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2011/12/13 17:45:36.810479, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2011/12/13 17:45:36.810519, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2011/12/13 17:45:36.810588, 2] smbd/server.c:842(smbd_parent_loop) waiting for connections [2011/12/13 17:45:36.813498, 0] printing/print_cups.c:318(cups_cache_reload_async) Unable to get printer list - client-error-forbidden [2011/12/13 17:45:36.813608, 5] printing/print_cups.c:471(cups_async_callback) cups_async_callback: callback received for printer data. fd = 26 [2011/12/13 17:45:36.813675, 10] printing/print_cups.c:155(recv_pcap_blob) successfully recvd blob of len 12 [2011/12/13 17:45:36.813721, 0] printing/print_cups.c:487(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2011/12/13 17:45:36.813776, 10] printing/print_cups.c:130(send_pcap_blob) successfully sent blob of len 12 [2011/12/13 17:45:36.814055, 2] smbd/server.c:301(remove_child_pid) Could not find child 31653 -- ignoring [2011/12/13 17:45:44.752195, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A97B0000FFFFFFFF [2011/12/13 17:45:44.752322, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9785058 [2011/12/13 17:45:44.752383, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A97B0000FFFFFFFF [2011/12/13 17:45:44.752441, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 50700 SO_RCVBUF = 87520 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:44.752695, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 50700 SO_RCVBUF = 87520 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:44.753045, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:44.753306, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2011/12/13 17:45:44.753341, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:127.0.0.1:50397 to ipv4:127.0.0.1:445 [2011/12/13 17:45:44.753401, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2011/12/13 17:45:44.753494, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2011/12/13 17:45:44.753538, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2011/12/13 17:45:44.753585, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0xb9785a88 [2011/12/13 17:45:44.753623, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0xb9773a60 [2011/12/13 17:45:44.753660, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0xb9751f10 [2011/12/13 17:45:44.753733, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2011/12/13 17:45:44.753781, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2011/12/13 17:45:44.753817, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2011/12/13 17:45:44.753850, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:44.753871, 5] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=31656 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2011/12/13 17:45:44.754033, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2011/12/13 17:45:44.754374, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 31657) conn 0x0 [2011/12/13 17:45:44.754415, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.754452, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.754488, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.754550, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:44.754889, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2011/12/13 17:45:44.754949, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2011/12/13 17:45:44.754985, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2011/12/13 17:45:44.755019, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2011/12/13 17:45:44.755054, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2011/12/13 17:45:44.755087, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2011/12/13 17:45:44.755121, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2011/12/13 17:45:44.755156, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2011/12/13 17:45:44.755190, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2011/12/13 17:45:44.755224, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2011/12/13 17:45:44.755262, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2011/12/13 17:45:44.755306, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:44.755543, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A97B0000FFFFFFFF [2011/12/13 17:45:44.755583, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb97921e0 [2011/12/13 17:45:44.755627, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A97B0000FFFFFFFF [2011/12/13 17:45:44.755679, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:44.755950, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2011/12/13 17:45:44.755985, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2011/12/13 17:45:44.756017, 5] smbd/negprot.c:711(reply_negprot) negprot index=8 [2011/12/13 17:45:44.756049, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:44.756078, 5] lib/util.c:342(show_msg) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31656 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]=65280 (0xFF00) smb_vwv[ 4]= 255 (0xFF) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=43264 (0xA900) smb_vwv[ 8]= 123 (0x7B) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=65408 (0xFF80) smb_vwv[12]=26947 (0x6943) smb_vwv[13]=46760 (0xB6A8) smb_vwv[14]=52409 (0xCCB9) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2011/12/13 17:45:44.756444, 10] ../lib/util/util.c:415(dump_data) [0000] 6D 61 73 74 65 72 00 00 00 00 00 00 00 00 00 00 master.. ........ [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2011/12/13 17:45:44.756903, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 164 [2011/12/13 17:45:44.756959, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2011/12/13 17:45:44.756994, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 168 (0 toread) [2011/12/13 17:45:44.757027, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:44.757047, 5] lib/util.c:342(show_msg) size=164 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31656 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49244 (0xC05C) smb_vwv[11]=32768 (0x8000) smb_bcc=105 [2011/12/13 17:45:44.757356, 10] ../lib/util/util.c:415(dump_data) [0000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... ...G0E.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7....3 [0020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .1NTLMSS P....... [0030] 08 60 0B 00 0B 00 20 00 00 00 06 00 06 00 2B 00 .`.... . ......+. [0040] 00 00 58 38 36 45 52 52 33 30 30 53 33 4D 41 53 ..X86ERR 300S3MAS [0050] 54 45 52 55 00 6E 00 69 00 78 00 00 00 53 00 61 TERU.n.i .x...S.a [0060] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . [2011/12/13 17:45:44.757586, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 31657) conn 0x0 [2011/12/13 17:45:44.757621, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.757654, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.757685, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.757735, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:44.757773, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2011/12/13 17:45:44.757812, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/12/13 17:45:44.757849, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2011/12/13 17:45:44.757886, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2011/12/13 17:45:44.757952, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2011/12/13 17:45:44.757988, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 49 [2011/12/13 17:45:44.758221, 5] auth/auth.c:528(make_auth_context_subsystem) Using specified auth order [2011/12/13 17:45:44.758282, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2011/12/13 17:45:44.758317, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2011/12/13 17:45:44.758348, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2011/12/13 17:45:44.758381, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2011/12/13 17:45:44.758414, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2011/12/13 17:45:44.758447, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2011/12/13 17:45:44.758477, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2011/12/13 17:45:44.758510, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2011/12/13 17:45:44.758541, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2011/12/13 17:45:44.758573, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2011/12/13 17:45:44.758605, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend smbserver [2011/12/13 17:45:44.758638, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'smbserver' [2011/12/13 17:45:44.758671, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2011/12/13 17:45:44.758704, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2011/12/13 17:45:44.758734, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2011/12/13 17:45:44.758767, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2011/12/13 17:45:44.758799, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2011/12/13 17:45:44.758846, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2011/12/13 17:45:44.758878, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2011/12/13 17:45:44.758911, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2011/12/13 17:45:44.758944, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2011/12/13 17:45:44.758976, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2011/12/13 17:45:44.759008, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind [2011/12/13 17:45:44.759040, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method winbind has a valid init [2011/12/13 17:45:44.759087, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2011/12/13 17:45:44.759240, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x000b (11) DomainNameMaxLen : 0x000b (11) DomainName : * DomainName : 'X86ERR300S3' WorkstationLen : 0x0006 (6) WorkstationMaxLen : 0x0006 (6) Workstation : * Workstation : 'MASTER' [2011/12/13 17:45:44.759826, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2011/12/13 17:45:44.759861, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2011/12/13 17:45:44.759893, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2011/12/13 17:45:44.759931, 5] auth/auth.c:134(get_ntlm_challenge) auth_context challenge created by random [2011/12/13 17:45:44.759964, 5] auth/auth.c:135(get_ntlm_challenge) challenge is: [2011/12/13 17:45:44.759995, 5] ../lib/util/util.c:415(dump_data) [0000] 77 78 6A 2D A9 B7 10 82 wxj-.... [2011/12/13 17:45:44.760063, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0016 (22) TargetNameMaxLen : 0x0016 (22) TargetName : * TargetName : 'X86ERR300S3' NegotiateFlags : 0x60898215 (1619624469) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : 77786a2da9b71082 Reserved : 0000000000000000 TargetInfoLen : 0x007c (124) TargetNameInfoMaxLen : 0x007c (124) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'X86ERR300S3' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'MASTER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x002a (42) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'master.x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) [2011/12/13 17:45:44.761119, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:44.761144, 5] lib/util.c:342(show_msg) size=326 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=31656 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 225 (0xE1) smb_bcc=283 [2011/12/13 17:45:44.761353, 10] ../lib/util/util.c:415(dump_data) [0000] A1 81 DE 30 81 DB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 C5 04 81 C2 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 00 30 TLMSSP.. .......0 [0030] 00 00 00 15 82 89 60 77 78 6A 2D A9 B7 10 82 00 ......`w xj-..... [0040] 00 00 00 00 00 00 00 7C 00 7C 00 46 00 00 00 58 .......| .|.F...X [0050] 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 30 .8.6.E.R .R.3.0.0 [0060] 00 53 00 33 00 02 00 16 00 58 00 38 00 36 00 45 .S.3.... .X.8.6.E [0070] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 .R.R.3.0 .0.S.3.. [0080] 00 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 ...M.A.S .T.E.R.. [0090] 00 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 ...x.8.6 .e.r.r.3 [00A0] 00 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 .0.0.s.3 ...q.a.. [00B0] 00 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E .*.m.a.s .t.e.r.. [00C0] 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 .x.8.6.e .r.r.3.0 [00D0] 00 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 .0.s.3.. .q.a.... [00E0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [00F0] 00 62 00 61 00 20 00 33 00 2E 00 36 00 2E 00 36 .b.a. .3 ...6...6 [0100] 00 00 00 58 00 38 00 36 00 45 00 52 00 52 00 33 ...X.8.6 .E.R.R.3 [0110] 00 30 00 30 00 53 00 33 00 00 00 .0.0.S.3 ... [2011/12/13 17:45:44.762144, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 430 [2011/12/13 17:45:44.762198, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1ae [2011/12/13 17:45:44.762233, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 434 (0 toread) [2011/12/13 17:45:44.762265, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:44.762284, 5] lib/util.c:342(show_msg) size=430 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31656 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 348 (0x15C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49244 (0xC05C) smb_vwv[11]=32768 (0x8000) smb_bcc=371 [2011/12/13 17:45:44.762599, 10] ../lib/util/util.c:415(dump_data) [0000] A1 82 01 58 30 82 01 54 A2 82 01 50 04 82 01 4C ...X0..T ...P...L [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [0020] 40 00 00 00 A8 00 A8 00 58 00 00 00 16 00 16 00 @....... X....... [0030] 00 01 00 00 1A 00 1A 00 16 01 00 00 0C 00 0C 00 ........ ........ [0040] 30 01 00 00 10 00 10 00 3C 01 00 00 15 82 08 60 0....... <......` [0050] FF 59 BC 87 3D B1 AC E1 E3 44 91 CC 6A CB 1F 86 .Y..=... .D..j... [0060] 50 44 F6 D2 11 D5 0F E0 20 5A A3 2F B5 5C 6C 7A PD...... Z./.\lz [0070] A7 26 6C BF 1B FD 96 37 01 01 00 00 00 00 00 00 .&l....7 ........ [0080] 00 EC F5 A7 B6 B9 CC 01 9B A2 74 2D 57 1D 4F 34 ........ ..t-W.O4 [0090] 00 00 00 00 02 00 16 00 58 00 38 00 36 00 45 00 ........ X.8.6.E. [00A0] 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 00 R.R.3.0. 0.S.3... [00B0] 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 00 ..M.A.S. T.E.R... [00C0] 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 ..x.8.6. e.r.r.3. [00D0] 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 00 0.0.s.3. ..q.a... [00E0] 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E 00 *.m.a.s. t.e.r... [00F0] 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 00 x.8.6.e. r.r.3.0. [0100] 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 00 0.s.3... q.a..... [0110] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. [0120] 30 00 53 00 33 00 41 00 64 00 6D 00 69 00 6E 00 0.S.3.A. d.m.i.n. [0130] 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 i.s.t.r. a.t.o.r. [0140] 4D 00 41 00 53 00 54 00 45 00 52 00 A5 B5 9F 4D M.A.S.T. E.R....M [0150] CA E2 17 A0 C1 5C 97 18 0E 8E 27 33 00 55 00 6E .....\.. ..'3.U.n [0160] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0170] 00 00 00 ... [2011/12/13 17:45:44.763306, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 31657) conn 0x0 [2011/12/13 17:45:44.763343, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.763375, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.763406, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.763456, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:44.763491, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2011/12/13 17:45:44.763524, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/12/13 17:45:44.763558, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2011/12/13 17:45:44.763635, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : ff59bc873db1ace1e34491cc6acb1f865044f6d211d50fe0 NtChallengeResponseLen : 0x00a8 (168) NtChallengeResponseMaxLen: 0x00a8 (168) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 168) v2: struct NTLMv2_RESPONSE Response : 205aa32fb55c6c7aa7266cbf1bfd9637 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Di Dez 13 17:45:44 2011 CET ChallengeFromClient : 9ba2742d571d4f34 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'X86ERR300S3' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'MASTER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x002a (42) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'master.x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0016 (22) DomainNameMaxLen : 0x0016 (22) DomainName : * DomainName : 'X86ERR300S3' UserNameLen : 0x001a (26) UserNameMaxLen : 0x001a (26) UserName : * UserName : 'Administrator' WorkstationLen : 0x000c (12) WorkstationMaxLen : 0x000c (12) Workstation : * Workstation : 'MASTER' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] A5 B5 9F 4D CA E2 17 A0 C1 5C 97 18 0E 8E 27 33 ...M.... .\....'3 NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 [2011/12/13 17:45:44.765249, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) Got user=[Administrator] domain=[X86ERR300S3] workstation=[MASTER] len1=24 len2=168 [2011/12/13 17:45:44.765313, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:44.765554, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [X86ERR300S3]\[Administrator] from workstation [MASTER] [2011/12/13 17:45:44.765593, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for Administrator (Administrator) [2011/12/13 17:45:44.765629, 5] auth/user_info.c:70(make_user_info) making strings for Administrator's user_info struct [2011/12/13 17:45:44.765662, 5] auth/user_info.c:87(make_user_info) making blobs for Administrator's user_info struct [2011/12/13 17:45:44.765694, 10] auth/user_info.c:123(make_user_info) made a user_info for Administrator (Administrator) [2011/12/13 17:45:44.765726, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [X86ERR300S3]\[Administrator]@[MASTER] with the new password interface [2011/12/13 17:45:44.765759, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [X86ERR300S3]\[Administrator]@[MASTER] [2011/12/13 17:45:44.765791, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2011/12/13 17:45:44.765823, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2011/12/13 17:45:44.765853, 5] ../lib/util/util.c:415(dump_data) [0000] 77 78 6A 2D A9 B7 10 82 wxj-.... [2011/12/13 17:45:44.765903, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [Administrator] [2011/12/13 17:45:44.765933, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2011/12/13 17:45:44.765968, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [Administrator] [2011/12/13 17:45:44.765999, 8] lib/util.c:1521(is_myname) is_myname("X86ERR300S3") returns 0 [2011/12/13 17:45:44.766036, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.766071, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:44.766104, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.766135, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.766166, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.766257, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=Administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:44.767055, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2011/12/13 17:45:44.767110, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 [2011/12/13 17:45:44.772148, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2011/12/13 17:45:44.772205, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2011/12/13 17:45:44.772239, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" [2011/12/13 17:45:44.773509, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2011/12/13 17:45:44.773582, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2011/12/13 17:45:44.774197, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Administrator [2011/12/13 17:45:44.774254, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:44.774295, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:44.774329, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:44.774373, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:44.774412, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:44.774463, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:44.774504, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:44.774543, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:44.774581, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:44.774620, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:44.774660, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:44.774701, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:44.774734, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:44.774774, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:44.774827, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:44.774874, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:44.774909, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:44.774949, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:44.774988, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:44.775030, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:44.775069, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:44.775107, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:44.775159, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.775195, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:44.775239, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.775271, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.775303, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.775391, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Jan 1 01:00:00 1970 (-1323794744 seconds in the past) [2011/12/13 17:45:44.775485, 10] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2011/12/13 17:45:44.775525, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(objectClass=sambaDomain)], scope => [0] [2011/12/13 17:45:44.775930, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2011/12/13 17:45:44.775985, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Tue Dec 13 17:46:44 2011 (60 seconds ahead) [2011/12/13 17:45:44.776060, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.776111, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:44.776152, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:44.776191, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:44.776269, 5] passdb/login_cache.c:47(login_cache_init) Opening cache file at /var/cache/samba/login_cache.tdb [2011/12/13 17:45:44.776330, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user Administrator [2011/12/13 17:45:44.776369, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:44.776402, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:44.776445, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.776480, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:44.776512, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.776544, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.776576, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.776638, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Jan 1 01:00:00 1970 (-1323794744 seconds in the past) [2011/12/13 17:45:44.776737, 10] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2011/12/13 17:45:44.776782, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(objectClass=sambaDomain)], scope => [0] [2011/12/13 17:45:44.777182, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2011/12/13 17:45:44.777238, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Tue Dec 13 17:46:44 2011 (60 seconds ahead) [2011/12/13 17:45:44.777310, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.777359, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:44.777393, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:44.777537, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:44.777603, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5000 -> sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:44.777652, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.777688, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:44.777722, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.777755, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.777786, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.777851, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.777901, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:44.777937, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:44.777970, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:44.778003, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:44.778043, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:44.778078, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:44.778113, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:44.778153, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:44.778189, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:44.778224, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.778258, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:44.778290, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.778322, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.778354, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.778414, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.778454, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:44.778491, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 [2011/12/13 17:45:44.778545, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:44.778589, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.778628, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) ntlm_password_check: Checking NTLMv2 password with domain [X86ERR300S3] [2011/12/13 17:45:44.778687, 4] auth/check_samsec.c:183(sam_account_ok) sam_account_ok: Checking SMB password for user Administrator [2011/12/13 17:45:44.778733, 5] auth/check_samsec.c:165(logon_hours_ok) logon_hours_ok: user Administrator allowed to logon at this time (Tue Dec 13 16:45:44 2011 ) [2011/12/13 17:45:44.778788, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.778838, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:44.778871, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.778903, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.778935, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.778996, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.779035, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.779068, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:44.779100, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.779132, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.779164, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.779214, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:44.779248, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:44.779283, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:44.779322, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.779356, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:44.779388, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.779420, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.779451, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.779513, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Jan 1 01:00:00 1970 (-1323794744 seconds in the past) [2011/12/13 17:45:44.779585, 10] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2011/12/13 17:45:44.779623, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(objectClass=sambaDomain)], scope => [0] [2011/12/13 17:45:44.780027, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2011/12/13 17:45:44.780081, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Tue Dec 13 17:46:44 2011 (60 seconds ahead) [2011/12/13 17:45:44.780155, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.780193, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.780226, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:44.780259, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:44.780291, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.780322, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.780383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.780423, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:44.780466, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:44.780502, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:44.780556, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [Administrator] [2011/12/13 17:45:44.790493, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5001 -> sid S-1-5-21-861941570-1634457251-3974523304-513 [2011/12/13 17:45:44.790563, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5005 -> sid S-1-5-21-861941570-1634457251-3974523304-11012 [2011/12/13 17:45:44.790617, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 1005 -> sid S-1-5-21-861941570-1634457251-3974523304-11011 [2011/12/13 17:45:44.790666, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5020 -> sid S-1-5-11 [2011/12/13 17:45:44.790715, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5006 -> sid S-1-5-21-861941570-1634457251-3974523304-11013 [2011/12/13 17:45:44.790765, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5007 -> sid S-1-5-21-861941570-1634457251-3974523304-11015 [2011/12/13 17:45:44.790820, 5] auth/server_info_sam.c:120(make_server_info_sam) make_server_info_sam: made server info for user Administrator -> Administrator [2011/12/13 17:45:44.790866, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.790909, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: sam authentication for user [Administrator] succeeded [2011/12/13 17:45:44.790945, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.790978, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:44.791011, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.791043, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.791074, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.791127, 4] auth/pampass.c:483(smb_pam_start) smb_pam_start: PAM: Init user: Administrator [2011/12/13 17:45:44.793834, 4] auth/pampass.c:492(smb_pam_start) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2011/12/13 17:45:44.793883, 4] auth/pampass.c:501(smb_pam_start) smb_pam_start: PAM: setting tty [2011/12/13 17:45:44.793918, 4] auth/pampass.c:509(smb_pam_start) smb_pam_start: PAM: Init passed for user: Administrator [2011/12/13 17:45:44.793951, 4] auth/pampass.c:567(smb_pam_account) smb_pam_account: PAM: Account Management for User: Administrator [2011/12/13 17:45:44.832972, 4] auth/pampass.c:586(smb_pam_account) smb_pam_account: PAM: Account OK for User: Administrator [2011/12/13 17:45:44.833195, 4] auth/pampass.c:465(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2011/12/13 17:45:44.833247, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.833283, 5] auth/auth.c:296(check_ntlm_password) check_ntlm_password: PAM Account for user [Administrator] succeeded [2011/12/13 17:45:44.833316, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded [2011/12/13 17:45:44.833355, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for Administrator [2011/12/13 17:45:44.833432, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-21-861941570-1634457251-3974523304-500 Privilege set: 0x20 [2011/12/13 17:45:44.833492, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-512] [2011/12/13 17:45:44.833536, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-513] [2011/12/13 17:45:44.833593, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11012] [2011/12/13 17:45:44.833637, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11011] [2011/12/13 17:45:44.833680, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11013] [2011/12/13 17:45:44.833722, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11015] [2011/12/13 17:45:44.833763, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2011/12/13 17:45:44.833804, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2011/12/13 17:45:44.833856, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2011/12/13 17:45:44.833896, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2011/12/13 17:45:44.837348, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.837407, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:44.837442, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:44.837475, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:44.837507, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:44.837573, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2011/12/13 17:45:44.837954, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2011/12/13 17:45:44.838015, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:44.838053, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:44.838089, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:44.838127, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2011/12/13 17:45:44.838171, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:44.838537, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 2002 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:44.838684, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2011/12/13 17:45:44.838728, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 8 [2011/12/13 17:45:44.838761, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2011/12/13 17:45:44.838800, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2011/12/13 17:45:44.838850, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2011/12/13 17:45:44.838997, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (2002,5000) Administrator Administrator X86ERR300S3 guest=0 [2011/12/13 17:45:44.839035, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: Administrator Real name: Administrator [2011/12/13 17:45:44.839067, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 2002 is UNIX user Administrator, and will be vuid 100 [2011/12/13 17:45:44.839114, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F33313635372F31 [2011/12/13 17:45:44.839159, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb97720c0 [2011/12/13 17:45:44.839196, 4] auth/pampass.c:483(smb_pam_start) smb_pam_start: PAM: Init user: Administrator [2011/12/13 17:45:44.841571, 4] auth/pampass.c:492(smb_pam_start) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2011/12/13 17:45:44.841616, 4] auth/pampass.c:501(smb_pam_start) smb_pam_start: PAM: setting tty [2011/12/13 17:45:44.841650, 4] auth/pampass.c:509(smb_pam_start) smb_pam_start: PAM: Init passed for user: Administrator [2011/12/13 17:45:44.841684, 4] auth/pampass.c:646(smb_internal_pam_session) smb_internal_pam_session: PAM: tty set to: smb/31657/100 [2011/12/13 17:45:46.302806, 4] auth/pampass.c:465(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2011/12/13 17:45:46.303231, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F33313635372F31 [2011/12/13 17:45:46.303326, 7] param/loadparm.c:9857(lp_servicenumber) lp_servicenumber: couldn't find Administrator [2011/12/13 17:45:46.303366, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:46.303400, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:46.303437, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:46.303470, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'Administrator' using home directory: '/home/Administrator' [2011/12/13 17:45:46.303547, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 5 for Administrator [2011/12/13 17:45:46.303585, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 5 for service name Administrator [2011/12/13 17:45:46.303627, 3] param/loadparm.c:6605(lp_add_home) adding home's share [Administrator] for user 'Administrator' at '/home/Administrator' [2011/12/13 17:45:46.303690, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:46.303961, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.303994, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=31656 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2011/12/13 17:45:46.304208, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 58 00 38 00 36 ...6...6 ...X.8.6 [0030] 00 45 00 52 00 52 00 33 00 30 00 30 00 53 00 33 .E.R.R.3 .0.0.S.3 [0040] 00 00 00 ... [2011/12/13 17:45:46.304633, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 82 [2011/12/13 17:45:46.304688, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x52 [2011/12/13 17:45:46.304769, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 86 (0 toread) [2011/12/13 17:45:46.304805, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.304825, 5] lib/util.c:342(show_msg) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31656 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [2011/12/13 17:45:46.305037, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 31 00 32 00 37 00 2E 00 30 00 2E .\.\.1.2 .7...0.. [0010] 00 30 00 2E 00 31 00 5C 00 49 00 50 00 43 00 24 .0...1.\ .I.P.C.$ [0020] 00 00 00 49 50 43 00 ...IPC. [2011/12/13 17:45:46.305148, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 31657) conn 0x0 [2011/12/13 17:45:46.305184, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.305218, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.305251, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.305308, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:46.305357, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [IPC] for share [IPC$] [2011/12/13 17:45:46.305410, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2011/12/13 17:45:46.305453, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2011/12/13 17:45:46.305493, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user Administrator [2011/12/13 17:45:46.305541, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:46.305576, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:46.305610, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:46.305650, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:46.305686, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2011/12/13 17:45:46.305744, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2011/12/13 17:45:46.305787, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2011/12/13 17:45:46.305827, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2011/12/13 17:45:46.305865, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2011/12/13 17:45:46.305899, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2011/12/13 17:45:46.305943, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2011/12/13 17:45:46.305977, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2011/12/13 17:45:46.306009, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2011/12/13 17:45:46.306042, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2011/12/13 17:45:46.306094, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2011/12/13 17:45:46.306188, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A97B0000FFFFFFFFA765 [2011/12/13 17:45:46.306229, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9792230 [2011/12/13 17:45:46.306438, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A97B0000FFFFFFFFA765 [2011/12/13 17:45:46.306575, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:46.306620, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user Administrator [2011/12/13 17:45:46.306657, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user Administrator [2011/12/13 17:45:46.306701, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2011/12/13 17:45:46.306741, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID administrator is not in a valid format [2011/12/13 17:45:46.306781, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: X86ERR300S3\administrator => domain=[X86ERR300S3], name=[administrator] [2011/12/13 17:45:46.306837, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:46.306877, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.306912, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:46.306945, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.306977, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.307008, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.307085, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:46.307885, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Administrator [2011/12/13 17:45:46.307941, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:46.307978, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:46.308012, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:46.308055, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:46.308092, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:46.308143, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:46.308184, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:46.308222, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:46.308271, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:46.308311, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:46.308350, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:46.308392, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:46.308424, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:46.308464, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:46.308504, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:46.308545, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:46.308579, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:46.308619, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:46.308658, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:46.308743, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:46.308793, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:46.308832, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:46.308883, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.308919, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:46.308952, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.308985, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.309016, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.309084, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.309134, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:46.309175, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:46.309214, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:46.309266, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user Administrator [2011/12/13 17:45:46.309305, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:46.309338, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:46.309377, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.309410, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:46.309443, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.309475, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.309506, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.309565, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.309605, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:46.309647, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:46.309682, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:46.309720, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.309754, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:46.309786, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.309817, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.309848, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.309908, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.309952, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:46.309987, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:46.310019, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:46.310052, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:46.310091, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:46.310126, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:46.310160, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:46.310199, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:46.310234, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:46.310269, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.310302, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:46.310334, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.310366, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.310398, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.310458, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.310496, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:46.310533, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 [2011/12/13 17:45:46.310585, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:46.310634, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.310688, 2] smbd/uid.c:180(check_user_ok) check_user_ok: user Administrator is an admin user. Setting uid as 0 [2011/12/13 17:45:46.310729, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.310764, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.311144, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.311298, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.311337, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.311370, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.311402, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.311451, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:46.311490, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:46.311537, 3] smbd/service.c:1114(make_connection_snum) master (127.0.0.1) connect to service IPC$ initially as user Administrator (uid=0, gid=5000) (pid 31657) [2011/12/13 17:45:46.311582, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2011/12/13 17:45:46.311813, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2011/12/13 17:45:46.311867, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2011/12/13 17:45:46.311902, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 106 (0 toread) [2011/12/13 17:45:46.311935, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.311954, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=19 [2011/12/13 17:45:46.312413, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 00 00 ... [2011/12/13 17:45:46.312489, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.312534, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.312571, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.312967, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.313118, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.313158, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2011/12/13 17:45:46.313210, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2011/12/13 17:45:46.313255, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2011/12/13 17:45:46.313298, 5] smbd/files.c:140(file_new) allocated file structure 23011, fnum = 27107 (1 used) [2011/12/13 17:45:46.313338, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/lsarpc hash 0xa9e2e929 [2011/12/13 17:45:46.313386, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2011/12/13 17:45:46.313437, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2011/12/13 17:45:46.313472, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2011/12/13 17:45:46.313513, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2011/12/13 17:45:46.313550, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2011/12/13 17:45:46.313773, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2011/12/13 17:45:46.313827, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2011/12/13 17:45:46.313862, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 160 (0 toread) [2011/12/13 17:45:46.313895, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.313915, 5] lib/util.c:342(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27107 (0x69E3) smb_bcc=89 [2011/12/13 17:45:46.314276, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:46.314479, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.314532, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.314571, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.314938, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.315091, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.315137, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2011/12/13 17:45:46.315176, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.315207, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.315242, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.315276, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e3) [2011/12/13 17:45:46.315311, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.315345, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 72 [2011/12/13 17:45:46.315381, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:46.315414, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:46.315447, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.315481, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.315512, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:46.315544, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 [2011/12/13 17:45:46.315580, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.315612, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:46.315644, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 [2011/12/13 17:45:46.315679, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.315725, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:46.316236, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2011/12/13 17:45:46.316276, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:46.316312, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2011/12/13 17:45:46.316344, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2011/12/13 17:45:46.316381, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:46.316432, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:46.316948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 56 [2011/12/13 17:45:46.317003, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.317043, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2011/12/13 17:45:46.317080, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:46.317143, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2011/12/13 17:45:46.317181, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2011/12/13 17:45:46.317215, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.317235, 5] lib/util.c:342(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2011/12/13 17:45:46.317518, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2011/12/13 17:45:46.317890, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 144 [2011/12/13 17:45:46.317945, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2011/12/13 17:45:46.317980, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 148 (0 toread) [2011/12/13 17:45:46.318013, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.318033, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27107 (0x69E3) smb_bcc=77 [2011/12/13 17:45:46.318395, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .$...... .....\.. [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ ..... [2011/12/13 17:45:46.318567, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.318611, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.318648, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.319116, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.319281, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.319323, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2011/12/13 17:45:46.319360, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.319391, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.319423, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.319455, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e3) [2011/12/13 17:45:46.319488, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.319521, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2011/12/13 17:45:46.319554, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2011/12/13 17:45:46.319586, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 [2011/12/13 17:45:46.319618, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.319652, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.319683, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:46.319714, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:46.319748, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.319779, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:46.319810, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 [2011/12/13 17:45:46.319843, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.319879, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=36 [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 02 .... [2011/12/13 17:45:46.320339, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.320372, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.320416, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.320453, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2011/12/13 17:45:46.320492, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[6].fn == 0xb7147920 [2011/12/13 17:45:46.320534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2011/12/13 17:45:46.321047, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2011/12/13 17:45:46.321094, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2011/12/13 17:45:46.321140, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.321215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-3a81a97b0000 result : NT_STATUS_OK [2011/12/13 17:45:46.321352, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.321390, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 44 [2011/12/13 17:45:46.321433, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.321470, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:46.321514, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:46.321915, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2011/12/13 17:45:46.321960, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:46.321996, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:46.322029, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.322049, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:46.322328, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 00 00 00 ......N: ..{..... [0030] 00 . [2011/12/13 17:45:46.322629, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 130 [2011/12/13 17:45:46.322683, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x82 [2011/12/13 17:45:46.322718, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 134 (0 toread) [2011/12/13 17:45:46.322751, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.322771, 5] lib/util.c:342(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27107 (0x69E3) smb_bcc=63 [2011/12/13 17:45:46.323142, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 05 00 ......N: ..{.... [2011/12/13 17:45:46.323288, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.323326, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.323362, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.323728, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.323879, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.323919, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2011/12/13 17:45:46.323955, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.323986, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.324017, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.324048, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e3) [2011/12/13 17:45:46.324082, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.324115, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 46 [2011/12/13 17:45:46.324148, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 46 [2011/12/13 17:45:46.324180, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 46 [2011/12/13 17:45:46.324212, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.324245, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.324276, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 30 [2011/12/13 17:45:46.324308, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 30 [2011/12/13 17:45:46.324341, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.324372, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 30 [2011/12/13 17:45:46.324404, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 30, incoming data = 30 [2011/12/13 17:45:46.324437, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.324472, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002e (46) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=22 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 05 00 .{.... [2011/12/13 17:45:46.324937, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.324973, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.325006, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.325041, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2011/12/13 17:45:46.325076, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[7].fn == 0xb7147620 [2011/12/13 17:45:46.325115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-3a81a97b0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2011/12/13 17:45:46.325253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.325334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'X86ERR300S3' sid : * sid : S-1-5-21-861941570-1634457251-3974523304 result : NT_STATUS_OK [2011/12/13 17:45:46.325583, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.325623, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 30 [2011/12/13 17:45:46.325668, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.325705, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 88. [2011/12/13 17:45:46.325746, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0070 (112) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000058 (88) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=88 [0000] 00 00 02 00 05 00 00 00 16 00 18 00 04 00 02 00 ........ ........ [0010] 08 00 02 00 0C 00 00 00 00 00 00 00 0B 00 00 00 ........ ........ [0020] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. [0030] 30 00 53 00 33 00 00 00 04 00 00 00 01 04 00 00 0.S.3... ........ [0040] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka [0050] A8 69 E6 EC 00 00 00 00 .i...... [2011/12/13 17:45:46.326298, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 68 [2011/12/13 17:45:46.326342, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 112 bytes. There is no more data outstanding [2011/12/13 17:45:46.326377, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..112] (align 0) [2011/12/13 17:45:46.326411, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.326430, 5] lib/util.c:342(show_msg) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2011/12/13 17:45:46.326709, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 70 00 00 00 03 00 00 ........ .p...... [0010] 00 58 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .X...... ........ [0020] 00 16 00 18 00 04 00 02 00 08 00 02 00 0C 00 00 ........ ........ [0030] 00 00 00 00 00 0B 00 00 00 58 00 38 00 36 00 45 ........ .X.8.6.E [0040] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 00 .R.R.3.0 .0.S.3.. [0050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0060] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC 00 00 00 .B/`3..k a.i..... [0070] 00 . [2011/12/13 17:45:46.327149, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2011/12/13 17:45:46.327203, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2011/12/13 17:45:46.327238, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 132 (0 toread) [2011/12/13 17:45:46.327271, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.327290, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27107 (0x69E3) smb_bcc=61 [2011/12/13 17:45:46.327648, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 ......N: ..{.. [2011/12/13 17:45:46.327790, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.327828, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.327864, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.328227, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.328378, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.328419, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2011/12/13 17:45:46.328455, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.328486, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.328517, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.328548, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e3) [2011/12/13 17:45:46.328582, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.328615, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2011/12/13 17:45:46.328648, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:46.328679, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:46.328744, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.328780, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.328812, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:46.328843, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2011/12/13 17:45:46.328877, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.328908, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:46.328939, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2011/12/13 17:45:46.328972, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.329008, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.329437, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.329470, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.329503, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.329537, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2011/12/13 17:45:46.329573, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[0].fn == 0xb71489f0 [2011/12/13 17:45:46.329611, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-3a81a97b0000 [2011/12/13 17:45:46.329730, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.329807, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.329881, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:46.329914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2011/12/13 17:45:46.330202, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.330244, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2011/12/13 17:45:46.330289, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.330327, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:46.330368, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2011/12/13 17:45:46.330760, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:46.330824, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:46.330864, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:46.330898, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.330918, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:46.331198, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2011/12/13 17:45:46.331486, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2011/12/13 17:45:46.331540, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2011/12/13 17:45:46.331575, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 45 (0 toread) [2011/12/13 17:45:46.331608, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.331628, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=10 smt_wct=3 smb_vwv[ 0]=27107 (0x69E3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/12/13 17:45:46.331827, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:46.331849, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.331887, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.331923, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.332280, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.332433, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.332474, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=27107 (numopen=1) [2011/12/13 17:45:46.332513, 6] smbd/close.c:532(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2011/12/13 17:45:46.332562, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2011/12/13 17:45:46.332601, 5] smbd/files.c:482(file_free) freed files structure 27107 (0 used) [2011/12/13 17:45:46.332646, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.332667, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=10 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:46.332857, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:46.333012, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2011/12/13 17:45:46.333065, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2011/12/13 17:45:46.333100, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 106 (0 toread) [2011/12/13 17:45:46.333132, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.333152, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=11 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=19 [2011/12/13 17:45:46.333609, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 00 00 ... [2011/12/13 17:45:46.333685, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.333723, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.333759, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.334118, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.334271, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.334311, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2011/12/13 17:45:46.334349, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2011/12/13 17:45:46.334384, 5] smbd/files.c:140(file_new) allocated file structure 23012, fnum = 27108 (1 used) [2011/12/13 17:45:46.334422, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/lsarpc hash 0xa9e2e929 [2011/12/13 17:45:46.334470, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2011/12/13 17:45:46.334510, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2011/12/13 17:45:46.334544, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2011/12/13 17:45:46.334585, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2011/12/13 17:45:46.334622, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2011/12/13 17:45:46.334813, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2011/12/13 17:45:46.334868, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2011/12/13 17:45:46.334904, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 160 (0 toread) [2011/12/13 17:45:46.334937, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.334957, 5] lib/util.c:342(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=89 [2011/12/13 17:45:46.335318, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:46.335519, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.335557, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.335593, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.335947, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.336099, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.336139, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2011/12/13 17:45:46.336175, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.336215, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.336248, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.336279, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.336312, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.336345, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 72 [2011/12/13 17:45:46.336379, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:46.336410, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:46.336443, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.336475, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.336507, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:46.336538, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 [2011/12/13 17:45:46.336571, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.336602, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:46.336633, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 [2011/12/13 17:45:46.336666, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.336729, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:46.337229, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2011/12/13 17:45:46.337264, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:46.337297, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2011/12/13 17:45:46.337329, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2011/12/13 17:45:46.337372, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:46.337416, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:46.337885, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 56 [2011/12/13 17:45:46.337931, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.337968, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2011/12/13 17:45:46.338003, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:46.338043, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2011/12/13 17:45:46.338078, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2011/12/13 17:45:46.338112, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.338131, 5] lib/util.c:342(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2011/12/13 17:45:46.338415, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2011/12/13 17:45:46.338763, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 152 [2011/12/13 17:45:46.338830, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x98 [2011/12/13 17:45:46.338867, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 156 (0 toread) [2011/12/13 17:45:46.338900, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.338920, 5] lib/util.c:342(show_msg) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=85 [2011/12/13 17:45:46.339288, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [0020] 00 2C 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .,...... .....\.. [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ [0050] 00 00 00 00 02 ..... [2011/12/13 17:45:46.339484, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.339522, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.339557, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.339910, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.340061, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.340102, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=68 params=0 setup=2 [2011/12/13 17:45:46.340139, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.340169, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.340201, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.340233, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.340266, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.340300, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 68 [2011/12/13 17:45:46.340333, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 68 [2011/12/13 17:45:46.340365, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 68 [2011/12/13 17:45:46.340397, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.340430, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.340462, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 52 [2011/12/13 17:45:46.340502, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 52 [2011/12/13 17:45:46.340536, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.340567, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 52 [2011/12/13 17:45:46.340598, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 52, incoming data = 52 [2011/12/13 17:45:46.340631, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.340666, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=44 [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 00 ........ ........ [0020] 0C 00 00 00 02 00 01 00 00 00 00 02 ........ .... [2011/12/13 17:45:46.341164, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.341199, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.341232, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.341267, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2011/12/13 17:45:46.341303, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[6].fn == 0xb7147920 [2011/12/13 17:45:46.341338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2011/12/13 17:45:46.341824, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2011/12/13 17:45:46.341866, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2011/12/13 17:45:46.341906, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.341983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-e74e-3a81a97b0000 result : NT_STATUS_OK [2011/12/13 17:45:46.342113, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.342151, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 52 [2011/12/13 17:45:46.342194, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.342231, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:46.342271, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:46.342660, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2011/12/13 17:45:46.342704, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:46.342740, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:46.342774, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.342794, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:46.343097, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 00 00 00 ......N: ..{..... [0030] 00 . [2011/12/13 17:45:46.343408, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 184 [2011/12/13 17:45:46.343462, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb8 [2011/12/13 17:45:46.343497, 3] smbd/process.c:1662(process_smb) Transaction 13 of length 188 (0 toread) [2011/12/13 17:45:46.343531, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.343550, 5] lib/util.c:342(show_msg) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=117 [2011/12/13 17:45:46.343913, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 07 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 0E 00 00 00 00 00 0E 00 00 .L...... ........ [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 01 00 00 ......N: ..{..... [0040] 00 01 00 00 00 0A 00 0A 00 00 00 02 00 05 00 00 ........ ........ [0050] 00 00 00 00 00 05 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r [0060] 00 31 00 00 00 00 00 00 00 00 00 00 00 01 00 00 .1...... ........ [0070] 00 00 00 00 00 ..... [2011/12/13 17:45:46.344171, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.344209, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.344244, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.344598, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.344783, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.344826, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=100 params=0 setup=2 [2011/12/13 17:45:46.344862, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.344894, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.344935, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.344967, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.345001, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.345034, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 100 [2011/12/13 17:45:46.345067, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2011/12/13 17:45:46.345099, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 100 [2011/12/13 17:45:46.345131, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.345164, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.345196, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 84 [2011/12/13 17:45:46.345227, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 84 [2011/12/13 17:45:46.345261, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.345292, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 84 [2011/12/13 17:45:46.345323, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 84, incoming data = 84 [2011/12/13 17:45:46.345357, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.345392, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0064 (100) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x000e (14) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=76 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 01 00 00 00 01 00 00 00 0A 00 0A 00 .{...... ........ [0020] 00 00 02 00 05 00 00 00 00 00 00 00 05 00 00 00 ........ ........ [0030] 75 00 73 00 65 00 72 00 31 00 00 00 00 00 00 00 u.s.e.r. 1....... [0040] 00 00 00 00 01 00 00 00 00 00 00 00 ........ .... [2011/12/13 17:45:46.345930, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.345964, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.345996, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.346031, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0xe - api_rpcTNP: rpc command: LSA_LOOKUPNAMES [2011/12/13 17:45:46.346067, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[14].fn == 0xb71461e0 [2011/12/13 17:45:46.346113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-e74e-3a81a97b0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000a (10) size : 0x000a (10) string : * string : 'user1' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2011/12/13 17:45:46.346448, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.346527, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.346564, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:46.346597, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.346629, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.346661, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.346711, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name user1 [2011/12/13 17:45:46.346749, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: user1 => domain=[], name=[user1] [2011/12/13 17:45:46.346781, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:46.346830, 10] lib/util_wellknown.c:152(lookup_wellknown_name) map_name_to_wellknown_sid: looking up user1 [2011/12/13 17:45:46.346871, 10] passdb/pdb_ldap.c:6170(ldapsam_get_trusteddom_pw) ldapsam_get_trusteddom_pw called for domain user1 [2011/12/13 17:45:46.346914, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=user1,sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=user1))], scope => [2] [2011/12/13 17:45:46.347341, 10] lib/smbldap.c:1504(smbldap_search_ext) Failed search for base: sambaDomainName=user1,sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa, error: 32 (No such object) (unknown) [2011/12/13 17:45:46.347414, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.347451, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:46.347484, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.347517, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.347549, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.347620, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=user1)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:46.348222, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: user1 [2011/12/13 17:45:46.348275, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username user1, was [2011/12/13 17:45:46.348400, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:46.348437, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username user1, was [2011/12/13 17:45:46.348480, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 [2011/12/13 17:45:46.348515, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 [2011/12/13 17:45:46.348566, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:46.348607, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:46.348646, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:46.348685, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:46.348753, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:46.348794, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name univention, was [2011/12/13 17:45:46.348836, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:46.348868, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:46.348908, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:46.348946, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\user1, was [2011/12/13 17:45:46.348987, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:46.349021, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:46.349061, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:46.349100, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was [2011/12/13 17:45:46.349142, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:46.349182, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:46.349237, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.349273, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:46.349305, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.349337, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.349368, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.349433, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.349481, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:46.349523, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:46.349562, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:46.349610, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user user1 [2011/12/13 17:45:46.349647, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:46.349680, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:46.349727, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.349761, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:46.349793, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.349825, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.349856, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.349917, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.349956, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user user1 [2011/12/13 17:45:46.349989, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is user1 [2011/12/13 17:45:46.351707, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [user1]! [2011/12/13 17:45:46.351764, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.351801, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:46.351834, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.351867, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.351899, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.351964, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.352009, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username user1, was [2011/12/13 17:45:46.352044, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:46.352077, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username user1, was [2011/12/13 17:45:46.352110, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name univention, was [2011/12/13 17:45:46.352150, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\user1, was [2011/12/13 17:45:46.352185, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:46.352219, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:46.352258, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was [2011/12/13 17:45:46.352294, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:46.352329, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.352362, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:46.352395, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:46.352427, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.352458, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.352519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:46.352557, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 [2011/12/13 17:45:46.352594, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 from rid 5014 [2011/12/13 17:45:46.352656, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-513 [2011/12/13 17:45:46.352730, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:46.352780, 5] rpc_server/lsa/srv_lsa_nt.c:219(lookup_lsa_rids) init_lsa_rids: user1 found [2011/12/13 17:45:46.352823, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.352859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'X86ERR300S3' sid : * sid : S-1-5-21-861941570-1634457251-3974523304 max_size : 0x00000020 (32) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_USER (1) rid : 0x00001396 (5014) sid_index : 0x00000000 (0) count : * count : 0x00000001 (1) result : NT_STATUS_OK [2011/12/13 17:45:46.353331, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.353373, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 84 [2011/12/13 17:45:46.353421, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.353458, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 128. [2011/12/13 17:45:46.353499, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0098 (152) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000080 (128) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=128 [0000] 04 00 02 00 01 00 00 00 08 00 02 00 20 00 00 00 ........ .... ... [0010] 01 00 00 00 16 00 18 00 0C 00 02 00 10 00 02 00 ........ ........ [0020] 0C 00 00 00 00 00 00 00 0B 00 00 00 58 00 38 00 ........ ....X.8. [0030] 36 00 45 00 52 00 52 00 33 00 30 00 30 00 53 00 6.E.R.R. 3.0.0.S. [0040] 33 00 00 00 04 00 00 00 01 04 00 00 00 00 00 05 3....... ........ [0050] 15 00 00 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC ....B/`3 ..ka.i.. [0060] 01 00 00 00 14 00 02 00 01 00 00 00 01 00 00 00 ........ ........ [0070] 96 13 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [2011/12/13 17:45:46.354135, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 140 [2011/12/13 17:45:46.354181, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 152 bytes. There is no more data outstanding [2011/12/13 17:45:46.354217, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..152] (align 0) [2011/12/13 17:45:46.354251, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.354270, 5] lib/util.c:342(show_msg) size=208 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 152 (0x98) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 152 (0x98) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=153 [2011/12/13 17:45:46.354555, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 98 00 00 00 07 00 00 ........ ........ [0010] 00 80 00 00 00 00 00 00 00 04 00 02 00 01 00 00 ........ ........ [0020] 00 08 00 02 00 20 00 00 00 01 00 00 00 16 00 18 ..... .. ........ [0030] 00 0C 00 02 00 10 00 02 00 0C 00 00 00 00 00 00 ........ ........ [0040] 00 0B 00 00 00 58 00 38 00 36 00 45 00 52 00 52 .....X.8 .6.E.R.R [0050] 00 33 00 30 00 30 00 53 00 33 00 00 00 04 00 00 .3.0.0.S .3...... [0060] 00 01 04 00 00 00 00 00 05 15 00 00 00 42 2F 60 ........ .....B/` [0070] 33 A3 D6 6B 61 A8 69 E6 EC 01 00 00 00 14 00 02 3..ka.i. ........ [0080] 00 01 00 00 00 01 00 00 00 96 13 00 00 00 00 00 ........ ........ [0090] 00 01 00 00 00 00 00 00 00 ........ . [2011/12/13 17:45:46.355076, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2011/12/13 17:45:46.355130, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2011/12/13 17:45:46.355166, 3] smbd/process.c:1662(process_smb) Transaction 14 of length 132 (0 toread) [2011/12/13 17:45:46.355198, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.355218, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=61 [2011/12/13 17:45:46.355575, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 08 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 ......N: ..{.. [2011/12/13 17:45:46.355716, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.355753, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.355789, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.356151, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.356300, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.356342, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2011/12/13 17:45:46.356378, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.356408, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.356439, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.356470, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.356504, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.356537, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2011/12/13 17:45:46.356570, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:46.356601, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:46.356633, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.356666, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.356728, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:46.356767, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2011/12/13 17:45:46.356801, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.356833, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:46.356864, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2011/12/13 17:45:46.356897, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.356933, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.357349, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.357383, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.357415, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.357449, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2011/12/13 17:45:46.357484, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[0].fn == 0xb71489f0 [2011/12/13 17:45:46.357517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-e74e-3a81a97b0000 [2011/12/13 17:45:46.357629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.357703, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.357773, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:46.357805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2011/12/13 17:45:46.357931, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.357972, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2011/12/13 17:45:46.358020, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.358058, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:46.358098, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2011/12/13 17:45:46.358489, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:46.358532, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:46.358568, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:46.358602, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.358621, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:46.358912, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2011/12/13 17:45:46.359215, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 184 [2011/12/13 17:45:46.359269, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb8 [2011/12/13 17:45:46.359304, 3] smbd/process.c:1662(process_smb) Transaction 15 of length 188 (0 toread) [2011/12/13 17:45:46.359337, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.359357, 5] lib/util.c:342(show_msg) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=117 [2011/12/13 17:45:46.359716, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 09 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 2C 00 00 00 02 00 0C 00 00 .L....., ........ [0030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 31 00 32 ........ .\.\.1.2 [0040] 00 37 00 2E 00 30 00 2E 00 30 00 2E 00 31 00 00 .7...0.. .0...1.. [0050] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ [0070] 00 00 00 00 02 ..... [2011/12/13 17:45:46.359971, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.360009, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.360045, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.360412, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.360562, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.360603, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=100 params=0 setup=2 [2011/12/13 17:45:46.360639, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.360670, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.360732, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.360767, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.360801, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.360835, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 100 [2011/12/13 17:45:46.360868, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2011/12/13 17:45:46.360900, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 100 [2011/12/13 17:45:46.360932, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.360965, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.360997, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 84 [2011/12/13 17:45:46.361028, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 84 [2011/12/13 17:45:46.361062, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.361093, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 84 [2011/12/13 17:45:46.361124, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 84, incoming data = 84 [2011/12/13 17:45:46.361157, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.361192, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0064 (100) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x002c (44) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=76 [0000] 00 00 02 00 0C 00 00 00 00 00 00 00 0C 00 00 00 ........ ........ [0010] 5C 00 5C 00 31 00 32 00 37 00 2E 00 30 00 2E 00 \.\.1.2. 7...0... [0020] 30 00 2E 00 31 00 00 00 18 00 00 00 00 00 00 00 0...1... ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 00 ........ ........ [0040] 0C 00 00 00 02 00 01 00 00 00 00 02 ........ .... [2011/12/13 17:45:46.361743, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.361777, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.361809, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.361845, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2011/12/13 17:45:46.361881, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[44].fn == 0xb7140d00 [2011/12/13 17:45:46.361920, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\127.0.0.1' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2011/12/13 17:45:46.362393, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2011/12/13 17:45:46.362435, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2011/12/13 17:45:46.362474, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.362551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-3a81a97b0000 result : NT_STATUS_OK [2011/12/13 17:45:46.362680, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.362718, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 84 [2011/12/13 17:45:46.362768, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.362819, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:46.362862, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:46.363251, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2011/12/13 17:45:46.363295, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:46.363331, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:46.363364, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.363384, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:46.363664, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 00 00 00 ......N: ..{..... [0030] 00 . [2011/12/13 17:45:46.363969, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 242 [2011/12/13 17:45:46.364024, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xf2 [2011/12/13 17:45:46.364059, 3] smbd/process.c:1662(process_smb) Transaction 16 of length 246 (0 toread) [2011/12/13 17:45:46.364092, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.364111, 5] lib/util.c:342(show_msg) size=242 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 158 (0x9E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 158 (0x9E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=175 [2011/12/13 17:45:46.364473, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 9E 00 00 00 0A 00 00 ........ ........ [0020] 00 86 00 00 00 00 00 25 00 00 00 00 00 0F 00 00 .......% ........ [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 05 00 00 ......N: ..{..... [0040] 00 01 05 00 00 00 00 00 05 15 00 00 00 42 2F 60 ........ .....B/` [0050] 33 A3 D6 6B 61 A8 69 E6 EC 96 13 00 00 01 00 00 3..ka.i. ........ [0060] 00 00 00 02 00 01 00 00 00 32 00 34 00 04 00 02 ........ .2.4.... [0070] 00 1A 00 00 00 00 00 00 00 19 00 00 00 53 00 65 ........ .....S.e [0080] 00 4D 00 61 00 63 00 68 00 69 00 6E 00 65 00 41 .M.a.c.h .i.n.e.A [0090] 00 63 00 63 00 6F 00 75 00 6E 00 74 00 50 00 72 .c.c.o.u .n.t.P.r [00A0] 00 69 00 76 00 69 00 6C 00 65 00 67 00 65 00 .i.v.i.l .e.g.e. [2011/12/13 17:45:46.364868, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.364909, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.364945, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.365299, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.365448, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.365489, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=158 params=0 setup=2 [2011/12/13 17:45:46.365525, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.365556, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.365587, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.365618, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.365651, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.365684, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 158 [2011/12/13 17:45:46.365717, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 158 [2011/12/13 17:45:46.365749, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 158 [2011/12/13 17:45:46.365781, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 158, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.365814, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.365845, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 142 [2011/12/13 17:45:46.365876, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 142 [2011/12/13 17:45:46.365909, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.365948, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 142 [2011/12/13 17:45:46.365981, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 142, incoming data = 142 [2011/12/13 17:45:46.366014, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.366050, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x009e (158) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000086 (134) context_id : 0x0000 (0) opnum : 0x0025 (37) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=134 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 05 00 00 00 01 05 00 00 00 00 00 05 .{...... ........ [0020] 15 00 00 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC ....B/`3 ..ka.i.. [0030] 96 13 00 00 01 00 00 00 00 00 02 00 01 00 00 00 ........ ........ [0040] 32 00 34 00 04 00 02 00 1A 00 00 00 00 00 00 00 2.4..... ........ [0050] 19 00 00 00 53 00 65 00 4D 00 61 00 63 00 68 00 ....S.e. M.a.c.h. [0060] 69 00 6E 00 65 00 41 00 63 00 63 00 6F 00 75 00 i.n.e.A. c.c.o.u. [0070] 6E 00 74 00 50 00 72 00 69 00 76 00 69 00 6C 00 n.t.P.r. i.v.i.l. [0080] 65 00 67 00 65 00 e.g.e. [2011/12/13 17:45:46.366743, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.366776, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.366822, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.366859, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x25 - api_rpcTNP: rpc command: LSA_ADDACCOUNTRIGHTS [2011/12/13 17:45:46.366895, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[37].fn == 0xb7142030 [2011/12/13 17:45:46.366939, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_AddAccountRights: struct lsa_AddAccountRights in: struct lsa_AddAccountRights handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-3a81a97b0000 sid : * sid : S-1-5-21-861941570-1634457251-3974523304-5014 rights : * rights: struct lsa_RightSet count : 0x00000001 (1) names : * names: ARRAY(1) names: struct lsa_StringLarge length : 0x0032 (50) size : 0x0034 (52) string : * string : 'SeMachineAccountPrivilege' [2011/12/13 17:45:46.367251, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.367345, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_AddAccountRights: access GRANTED (requested: 0x0000000b, granted: 0x0000000b) [2011/12/13 17:45:46.367397, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-5014] [2011/12/13 17:45:46.367435, 10] lib/privileges.c:338(grant_privilege_bitmap) grant_privilege: S-1-5-21-861941570-1634457251-3974523304-5014 original privilege mask: 0x10 new privilege mask: 0x10 [2011/12/13 17:45:46.367508, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 505249565F532D312D35 [2011/12/13 17:45:46.367547, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9778280 [2011/12/13 17:45:46.367601, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 505249565F532D312D35 [2011/12/13 17:45:46.367652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_AddAccountRights: struct lsa_AddAccountRights out: struct lsa_AddAccountRights result : NT_STATUS_OK [2011/12/13 17:45:46.367720, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.367757, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 142 [2011/12/13 17:45:46.367801, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.367837, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. [2011/12/13 17:45:46.367878, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... [2011/12/13 17:45:46.368224, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2011/12/13 17:45:46.368267, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 28 bytes. There is no more data outstanding [2011/12/13 17:45:46.368303, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2011/12/13 17:45:46.368337, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.368356, 5] lib/util.c:342(show_msg) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/12/13 17:45:46.368638, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0A 00 00 ........ ........ [0010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2011/12/13 17:45:46.369145, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2011/12/13 17:45:46.369202, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2011/12/13 17:45:46.369237, 3] smbd/process.c:1662(process_smb) Transaction 17 of length 132 (0 toread) [2011/12/13 17:45:46.369271, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.369290, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27108 (0x69E4) smb_bcc=61 [2011/12/13 17:45:46.369647, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 ......N: ..{.. [2011/12/13 17:45:46.369789, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.369826, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.369861, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.370214, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.370364, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.370405, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2011/12/13 17:45:46.370441, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:46.370472, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:46.370503, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:46.370535, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 69e4) [2011/12/13 17:45:46.370568, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 [2011/12/13 17:45:46.370601, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2011/12/13 17:45:46.370634, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:46.370666, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:46.370707, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:46.370742, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:46.370772, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:46.370817, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2011/12/13 17:45:46.370852, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:46.370883, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:46.370914, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2011/12/13 17:45:46.370947, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:46.370983, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.371398, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:46.371431, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:46.371463, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:46.371498, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2011/12/13 17:45:46.371533, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[0].fn == 0xb71489f0 [2011/12/13 17:45:46.371567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-3a81a97b0000 [2011/12/13 17:45:46.371680, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.371757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. [0010] A9 7B 00 00 .{.. [2011/12/13 17:45:46.371831, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:46.371864, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2011/12/13 17:45:46.372003, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:46.372040, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2011/12/13 17:45:46.372085, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:46.372122, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:46.372162, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2011/12/13 17:45:46.372546, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:46.372588, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:46.372624, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:46.372657, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.372676, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:46.373347, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2011/12/13 17:45:46.373634, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2011/12/13 17:45:46.373688, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2011/12/13 17:45:46.373723, 3] smbd/process.c:1662(process_smb) Transaction 18 of length 45 (0 toread) [2011/12/13 17:45:46.373755, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.373775, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=19 smt_wct=3 smb_vwv[ 0]=27108 (0x69E4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/12/13 17:45:46.373982, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:46.374004, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.374042, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.374077, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 SID[ 7]: S-1-5-11 SID[ 8]: S-1-1-0 SID[ 9]: S-1-5-2 SID[ 10]: S-1-5-11 SID[ 11]: S-1-22-1-2002 SID[ 12]: S-1-22-2-5000 SID[ 13]: S-1-22-2-5001 SID[ 14]: S-1-22-2-5005 SID[ 15]: S-1-22-2-1005 SID[ 16]: S-1-22-2-5006 SID[ 17]: S-1-22-2-5007 SID[ 18]: S-1-22-2-5020 SID[ 19]: S-1-22-2-5022 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2011/12/13 17:45:46.374429, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 5000 and contains 8 supplementary groups Group[ 0]: 5000 Group[ 1]: 5001 Group[ 2]: 5005 Group[ 3]: 1005 Group[ 4]: 5006 Group[ 5]: 5007 Group[ 6]: 5020 Group[ 7]: 5022 [2011/12/13 17:45:46.374577, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,5000) [2011/12/13 17:45:46.374614, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=27108 (numopen=1) [2011/12/13 17:45:46.374648, 6] smbd/close.c:532(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2011/12/13 17:45:46.374859, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2011/12/13 17:45:46.374900, 5] smbd/files.c:482(file_free) freed files structure 27108 (0 used) [2011/12/13 17:45:46.374937, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.374957, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=19 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:46.375117, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:46.375254, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2011/12/13 17:45:46.375307, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2011/12/13 17:45:46.375341, 3] smbd/process.c:1662(process_smb) Transaction 19 of length 39 (0 toread) [2011/12/13 17:45:46.375374, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.375393, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=20 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:46.375553, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:46.375574, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 31657) conn 0xb9787de8 [2011/12/13 17:45:46.375608, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.375641, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.375672, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.375724, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:46.375760, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.375793, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.375835, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.375884, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:46.375918, 3] smbd/service.c:1378(close_cnum) master (127.0.0.1) closed connection to service IPC$ [2011/12/13 17:45:46.375957, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2011/12/13 17:45:46.376048, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A97B0000FFFFFFFFA765 [2011/12/13 17:45:46.376088, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9777a00 [2011/12/13 17:45:46.376129, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A97B0000FFFFFFFFA765 [2011/12/13 17:45:46.376224, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/12/13 17:45:46.376262, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.376294, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.376325, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.376374, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:46.376416, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:46.376438, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31656 smb_uid=100 smb_mid=20 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:46.376598, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:46.377200, 5] lib/util_sock.c:319(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/12/13 17:45:46.377255, 5] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/12/13 17:45:46.377296, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:46.377332, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:46.377364, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:46.377415, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:46.377457, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F33313635372F31 [2011/12/13 17:45:46.377500, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9788af0 [2011/12/13 17:45:46.377535, 4] auth/pampass.c:483(smb_pam_start) smb_pam_start: PAM: Init user: Administrator [2011/12/13 17:45:46.380827, 4] auth/pampass.c:492(smb_pam_start) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2011/12/13 17:45:46.578983, 4] auth/pampass.c:501(smb_pam_start) smb_pam_start: PAM: setting tty [2011/12/13 17:45:46.579031, 4] auth/pampass.c:509(smb_pam_start) smb_pam_start: PAM: Init passed for user: Administrator [2011/12/13 17:45:46.579065, 4] auth/pampass.c:646(smb_internal_pam_session) smb_internal_pam_session: PAM: tty set to: smb/31657/100 [2011/12/13 17:45:46.579607, 4] auth/pampass.c:465(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2011/12/13 17:45:46.579675, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F33313635372F31 [2011/12/13 17:45:46.579800, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2011/12/13 17:45:46.581778, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A97B0000FFFFFFFF [2011/12/13 17:45:46.581862, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9773e78 [2011/12/13 17:45:46.581914, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A97B0000FFFFFFFF [2011/12/13 17:45:57.355429, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F87B0000FFFFFFFF [2011/12/13 17:45:57.355547, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9785058 [2011/12/13 17:45:57.355606, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F87B0000FFFFFFFF [2011/12/13 17:45:57.355672, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 50700 SO_RCVBUF = 87520 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:57.355928, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 50700 SO_RCVBUF = 87520 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:57.356236, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.356491, 3] lib/access.c:338(allow_access) Allowed connection from 10.200.8.180 (10.200.8.180) [2011/12/13 17:45:57.356526, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:10.200.8.180:59693 to ipv4:10.200.8.180:445 [2011/12/13 17:45:57.356587, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2011/12/13 17:45:57.356681, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2011/12/13 17:45:57.356759, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2011/12/13 17:45:57.356808, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0xb9785a88 [2011/12/13 17:45:57.356847, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0xb9774830 [2011/12/13 17:45:57.356885, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0xb97541f0 [2011/12/13 17:45:57.356960, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2011/12/13 17:45:57.357008, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2011/12/13 17:45:57.357043, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2011/12/13 17:45:57.357076, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.357097, 5] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=31735 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2011/12/13 17:45:57.357258, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2011/12/13 17:45:57.357589, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 31736) conn 0x0 [2011/12/13 17:45:57.357629, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.357665, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.357701, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.357762, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.358082, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2011/12/13 17:45:57.358140, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2011/12/13 17:45:57.358176, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2011/12/13 17:45:57.358211, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2011/12/13 17:45:57.358246, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2011/12/13 17:45:57.358279, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2011/12/13 17:45:57.358313, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2011/12/13 17:45:57.358349, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2011/12/13 17:45:57.358384, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2011/12/13 17:45:57.358418, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2011/12/13 17:45:57.358457, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2011/12/13 17:45:57.358500, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.358737, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F87B0000FFFFFFFF [2011/12/13 17:45:57.358775, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb97921e0 [2011/12/13 17:45:57.358832, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F87B0000FFFFFFFF [2011/12/13 17:45:57.358889, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.359161, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2011/12/13 17:45:57.359197, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2011/12/13 17:45:57.359229, 5] smbd/negprot.c:711(reply_negprot) negprot index=8 [2011/12/13 17:45:57.359261, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.359281, 5] lib/util.c:342(show_msg) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31735 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]=65280 (0xFF00) smb_vwv[ 4]= 255 (0xFF) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=63488 (0xF800) smb_vwv[ 8]= 123 (0x7B) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=61824 (0xF180) smb_vwv[12]=60508 (0xEC5C) smb_vwv[13]=46767 (0xB6AF) smb_vwv[14]=52409 (0xCCB9) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2011/12/13 17:45:57.359649, 10] ../lib/util/util.c:415(dump_data) [0000] 6D 61 73 74 65 72 00 00 00 00 00 00 00 00 00 00 master.. ........ [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2011/12/13 17:45:57.359965, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 88 [2011/12/13 17:45:57.360019, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2011/12/13 17:45:57.360054, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 92 (0 toread) [2011/12/13 17:45:57.360086, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.360105, 5] lib/util.c:342(show_msg) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31735 smb_uid=0 smb_mid=2 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]=31735 (0x7BF7) smb_vwv[ 5]=31736 (0x7BF8) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=49244 (0xC05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2011/12/13 17:45:57.360421, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [0010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2011/12/13 17:45:57.360501, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 31736) conn 0x0 [2011/12/13 17:45:57.360535, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.360568, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.360599, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.360649, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.360687, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=13 flg2=0xc801 [2011/12/13 17:45:57.360766, 3] smbd/sesssetup.c:1536(reply_sesssetup_and_X) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null] [2011/12/13 17:45:57.360803, 3] smbd/sesssetup.c:1552(reply_sesssetup_and_X) sesssetupX:name=[]\[]@[10.200.8.180] [2011/12/13 17:45:57.360849, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.361078, 3] smbd/sesssetup.c:151(check_guest_password) Got anonymous request [2011/12/13 17:45:57.361115, 5] auth/auth.c:528(make_auth_context_subsystem) Using specified auth order [2011/12/13 17:45:57.361151, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2011/12/13 17:45:57.361193, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2011/12/13 17:45:57.361225, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2011/12/13 17:45:57.361257, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2011/12/13 17:45:57.361289, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2011/12/13 17:45:57.361322, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2011/12/13 17:45:57.361353, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2011/12/13 17:45:57.361384, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2011/12/13 17:45:57.361415, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2011/12/13 17:45:57.361447, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2011/12/13 17:45:57.361479, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend smbserver [2011/12/13 17:45:57.361511, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'smbserver' [2011/12/13 17:45:57.361544, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2011/12/13 17:45:57.361576, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2011/12/13 17:45:57.361607, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2011/12/13 17:45:57.361639, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2011/12/13 17:45:57.361671, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2011/12/13 17:45:57.361703, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2011/12/13 17:45:57.361734, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2011/12/13 17:45:57.361767, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2011/12/13 17:45:57.361799, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2011/12/13 17:45:57.361831, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2011/12/13 17:45:57.361863, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind [2011/12/13 17:45:57.361895, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method winbind has a valid init [2011/12/13 17:45:57.361931, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2011/12/13 17:45:57.361966, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2011/12/13 17:45:57.361998, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2011/12/13 17:45:57.362029, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2011/12/13 17:45:57.362062, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2011/12/13 17:45:57.362094, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: []\[]@[] [2011/12/13 17:45:57.362126, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by fixed [2011/12/13 17:45:57.362157, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2011/12/13 17:45:57.362189, 5] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 ........ [2011/12/13 17:45:57.362239, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2011/12/13 17:45:57.362283, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2011/12/13 17:45:57.362316, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2011/12/13 17:45:57.362372, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2011/12/13 17:45:57.362409, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody nobody X86ERR300S3 guest=1 [2011/12/13 17:45:57.362443, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2011/12/13 17:45:57.362474, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2011/12/13 17:45:57.362522, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.362921, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2011/12/13 17:45:57.362974, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2011/12/13 17:45:57.363009, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 80 (0 toread) [2011/12/13 17:45:57.363042, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.363061, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31735 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2011/12/13 17:45:57.363269, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 4D 00 41 00 53 00 54 00 45 00 52 .\.\.M.A .S.T.E.R [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC [0020] 00 . [2011/12/13 17:45:57.363374, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 31736) conn 0x0 [2011/12/13 17:45:57.363417, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.363452, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.363483, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.363534, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.363577, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [IPC] for share [IPC$] [2011/12/13 17:45:57.363624, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2011/12/13 17:45:57.363664, 3] lib/access.c:338(allow_access) Allowed connection from 10.200.8.180 (10.200.8.180) [2011/12/13 17:45:57.363711, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2011/12/13 17:45:57.363751, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2011/12/13 17:45:57.363786, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2011/12/13 17:45:57.363827, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:57.363863, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2011/12/13 17:45:57.363918, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2011/12/13 17:45:57.363961, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2011/12/13 17:45:57.364014, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2011/12/13 17:45:57.364052, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2011/12/13 17:45:57.364086, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2011/12/13 17:45:57.364120, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2011/12/13 17:45:57.364153, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2011/12/13 17:45:57.364184, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2011/12/13 17:45:57.364218, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2011/12/13 17:45:57.364268, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2011/12/13 17:45:57.364360, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F87B0000FFFFFFFF0567 [2011/12/13 17:45:57.364401, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9792190 [2011/12/13 17:45:57.364468, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F87B0000FFFFFFFF0567 [2011/12/13 17:45:57.364595, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:57.364640, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2011/12/13 17:45:57.364677, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2011/12/13 17:45:57.364757, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2011/12/13 17:45:57.364799, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID administrator is not in a valid format [2011/12/13 17:45:57.364842, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: X86ERR300S3\administrator => domain=[X86ERR300S3], name=[administrator] [2011/12/13 17:45:57.364878, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:57.364917, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.364951, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.364984, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.365016, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.365048, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.365137, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:57.365605, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2011/12/13 17:45:57.365658, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 [2011/12/13 17:45:57.370647, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2011/12/13 17:45:57.370708, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2011/12/13 17:45:57.370743, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" [2011/12/13 17:45:57.371849, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2011/12/13 17:45:57.371932, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2011/12/13 17:45:57.372554, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Administrator [2011/12/13 17:45:57.372611, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:57.372651, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:57.372686, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:57.372767, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:57.372806, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:57.372857, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:57.372899, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:57.372938, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:57.372977, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:57.373016, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:57.373057, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:57.373099, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:57.373132, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:57.373174, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:57.373215, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:57.373257, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:57.373293, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:57.373334, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:57.373373, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:57.373415, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:57.373455, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:57.373494, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:57.373546, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.373583, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.373616, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.373648, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.373680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.373769, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.373822, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:57.373874, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:57.373916, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:57.373997, 5] passdb/login_cache.c:47(login_cache_init) Opening cache file at /var/cache/samba/login_cache.tdb [2011/12/13 17:45:57.374058, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user Administrator [2011/12/13 17:45:57.374097, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:57.374130, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:57.374174, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.374209, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.374241, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.374273, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.374305, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.374370, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.374415, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:57.374450, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:57.374590, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:57.374658, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5000 -> sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:57.374704, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.374740, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.374773, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.374817, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.374853, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.374919, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.374970, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:57.375007, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:57.375040, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:57.375074, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:57.375114, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:57.375150, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:57.375368, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:57.375415, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:57.375451, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:57.375488, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.375522, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.375566, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.375599, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.375631, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.375696, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.375737, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:57.375776, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 [2011/12/13 17:45:57.375830, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:57.375873, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.375919, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID join-backup is not in a valid format [2011/12/13 17:45:57.375958, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: X86ERR300S3\join-backup => domain=[X86ERR300S3], name=[join-backup] [2011/12/13 17:45:57.375991, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:57.376025, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.376059, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.376091, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.376124, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.376155, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.376227, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=join-backup)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:57.376838, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: join-backup [2011/12/13 17:45:57.376891, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username join-backup, was [2011/12/13 17:45:57.376928, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:57.376962, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username join-backup, was [2011/12/13 17:45:57.377004, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 [2011/12/13 17:45:57.377040, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 [2011/12/13 17:45:57.377091, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:57.377133, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:57.377173, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:57.377213, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:57.377252, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:57.377291, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Joinuser, was [2011/12/13 17:45:57.377333, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:57.377376, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:57.377418, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:57.377458, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\join-backup, was [2011/12/13 17:45:57.377501, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:57.377536, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:57.377577, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:57.377616, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was [2011/12/13 17:45:57.377658, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:57.377698, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:57.377738, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:57.377786, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.377823, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.377856, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.377889, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.377921, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.377988, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.378038, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:57.378081, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:57.378121, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:57.378171, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user join-backup [2011/12/13 17:45:57.378208, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:57.378242, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:57.378280, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.378315, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.378347, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.378380, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.378412, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.378476, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.378515, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user join-backup [2011/12/13 17:45:57.378549, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is join-backup [2011/12/13 17:45:57.378669, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [join-backup]! [2011/12/13 17:45:57.378732, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5008 -> sid S-1-5-21-861941570-1634457251-3974523304-11017 [2011/12/13 17:45:57.378776, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11017) for group of user join-backup [2011/12/13 17:45:57.378838, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11017' [2011/12/13 17:45:57.378885, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 [2011/12/13 17:45:57.378923, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' [2011/12/13 17:45:57.378962, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.378996, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.379028, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.379062, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.379094, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.379146, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 11017. [2011/12/13 17:45:57.379185, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:57.379219, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:57.379251, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:57.379283, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.379314, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.379386, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017)(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:57.379826, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11017] count=0 [2011/12/13 17:45:57.379897, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017))], scope => [2] [2011/12/13 17:45:57.380356, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) init_group_from_ldap: Entry found for group: 5008 [2011/12/13 17:45:57.380420, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute displayName does not exist [2011/12/13 17:45:57.380475, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.380514, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Backup Join:2 [2011/12/13 17:45:57.380551, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.380587, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-861941570-1634457251-3974523304-11017 -> X86ERR300S3\Backup Join(2) [2011/12/13 17:45:57.380628, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.380664, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.380728, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.380769, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.380802, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.380869, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.380913, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username join-backup, was [2011/12/13 17:45:57.380959, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:57.380993, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username join-backup, was [2011/12/13 17:45:57.381026, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Joinuser, was [2011/12/13 17:45:57.381066, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\join-backup, was [2011/12/13 17:45:57.381101, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:57.381136, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:57.381175, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was [2011/12/13 17:45:57.381210, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:57.381246, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.381280, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.381313, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.381345, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.381377, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.381441, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.381480, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 [2011/12/13 17:45:57.381517, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 from rid 5006 [2011/12/13 17:45:57.381570, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11017 [2011/12/13 17:45:57.381613, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.381667, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.381706, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (10): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-501 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-5001 SID[ 8]: S-1-22-2-5022 SID[ 9]: S-1-22-2-5012 Privileges (0x 0): Rights (0x 0): [2011/12/13 17:45:57.381913, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 3 supplementary groups Group[ 0]: 5001 Group[ 1]: 5022 Group[ 2]: 5012 [2011/12/13 17:45:57.382004, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2011/12/13 17:45:57.382044, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.382077, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.382109, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.382161, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.382201, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:57.382258, 3] smbd/service.c:1114(make_connection_snum) 10.200.8.180 (10.200.8.180) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 31736) [2011/12/13 17:45:57.382305, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2011/12/13 17:45:57.382595, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2011/12/13 17:45:57.382650, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2011/12/13 17:45:57.382686, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 106 (0 toread) [2011/12/13 17:45:57.382719, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.382739, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=4 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=19 [2011/12/13 17:45:57.383213, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 00 00 ... [2011/12/13 17:45:57.383291, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.383329, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.383365, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (10): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-501 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-5001 SID[ 8]: S-1-22-2-5022 SID[ 9]: S-1-22-2-5012 Privileges (0x 0): Rights (0x 0): [2011/12/13 17:45:57.383568, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 3 supplementary groups Group[ 0]: 5001 Group[ 1]: 5022 Group[ 2]: 5012 [2011/12/13 17:45:57.383660, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2011/12/13 17:45:57.383700, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2011/12/13 17:45:57.383752, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2011/12/13 17:45:57.383798, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2011/12/13 17:45:57.383845, 5] smbd/files.c:140(file_new) allocated file structure 23053, fnum = 27149 (1 used) [2011/12/13 17:45:57.383885, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/lsarpc hash 0xa9e2e929 [2011/12/13 17:45:57.383933, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2011/12/13 17:45:57.383986, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2011/12/13 17:45:57.384021, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2011/12/13 17:45:57.384062, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2011/12/13 17:45:57.384109, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2011/12/13 17:45:57.384339, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2011/12/13 17:45:57.384394, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2011/12/13 17:45:57.384430, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 160 (0 toread) [2011/12/13 17:45:57.384463, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.384483, 5] lib/util.c:342(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27149 (0x6A0D) smb_bcc=89 [2011/12/13 17:45:57.384878, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:57.385079, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.385115, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.385157, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2011/12/13 17:45:57.385197, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:57.385229, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:57.385264, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:57.385299, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) [2011/12/13 17:45:57.385334, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9785568 max_trans_reply: 4280 [2011/12/13 17:45:57.385368, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 72 [2011/12/13 17:45:57.385404, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:57.385437, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:57.385470, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:57.385504, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:57.385536, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:57.385568, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 [2011/12/13 17:45:57.385604, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:57.385636, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:57.385668, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 [2011/12/13 17:45:57.385704, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:57.385763, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:57.386273, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2011/12/13 17:45:57.386313, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:57.386349, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2011/12/13 17:45:57.386382, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2011/12/13 17:45:57.386419, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:57.386471, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:57.387483, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 56 [2011/12/13 17:45:57.387549, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:57.387588, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2011/12/13 17:45:57.387625, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:57.387676, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2011/12/13 17:45:57.387713, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2011/12/13 17:45:57.387748, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.387768, 5] lib/util.c:342(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2011/12/13 17:45:57.388049, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2011/12/13 17:45:57.388431, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 144 [2011/12/13 17:45:57.388487, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2011/12/13 17:45:57.388523, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 148 (0 toread) [2011/12/13 17:45:57.388557, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.388578, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27149 (0x6A0D) smb_bcc=77 [2011/12/13 17:45:57.388971, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .$...... .....\.. [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ ..... [2011/12/13 17:45:57.389145, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.389182, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.389219, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2011/12/13 17:45:57.389256, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:57.389288, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:57.389320, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:57.389353, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) [2011/12/13 17:45:57.389388, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9785568 max_trans_reply: 4280 [2011/12/13 17:45:57.389422, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2011/12/13 17:45:57.389540, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2011/12/13 17:45:57.389576, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 [2011/12/13 17:45:57.389610, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:57.389644, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:57.389675, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:57.389707, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:57.389741, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:57.389772, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:57.389804, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 [2011/12/13 17:45:57.389837, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:57.389874, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=36 [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 02 .... [2011/12/13 17:45:57.390337, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:57.390372, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:57.390408, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:57.390444, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2011/12/13 17:45:57.390483, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[6].fn == 0xb7147920 [2011/12/13 17:45:57.390526, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2011/12/13 17:45:57.390964, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xa0000000 to 0x00020807 [2011/12/13 17:45:57.391011, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x00020807, granted: 0x00020807) [2011/12/13 17:45:57.391057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 .{.. [2011/12/13 17:45:57.391136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-4581f87b0000 result : NT_STATUS_OK [2011/12/13 17:45:57.391274, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:57.391313, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 44 [2011/12/13 17:45:57.391357, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:57.391394, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:57.391437, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:57.391830, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2011/12/13 17:45:57.391875, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:57.391912, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:57.391947, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.391967, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:57.392254, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 45 81 F8 7B 00 00 00 00 00 ......NE ..{..... [0030] 00 . [2011/12/13 17:45:57.392557, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 130 [2011/12/13 17:45:57.392611, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x82 [2011/12/13 17:45:57.392648, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 134 (0 toread) [2011/12/13 17:45:57.392681, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.392729, 5] lib/util.c:342(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27149 (0x6A0D) smb_bcc=63 [2011/12/13 17:45:57.393095, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 45 81 F8 7B 00 00 05 00 ......NE ..{.... [2011/12/13 17:45:57.393238, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.393274, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.393312, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2011/12/13 17:45:57.393348, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:57.393380, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:57.393412, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:57.393444, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) [2011/12/13 17:45:57.393479, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9785568 max_trans_reply: 4280 [2011/12/13 17:45:57.393513, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 46 [2011/12/13 17:45:57.393546, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 46 [2011/12/13 17:45:57.393579, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 46 [2011/12/13 17:45:57.393612, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:57.393646, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:57.393678, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 30 [2011/12/13 17:45:57.393711, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 30 [2011/12/13 17:45:57.393745, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:57.393786, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 30 [2011/12/13 17:45:57.393820, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 30, incoming data = 30 [2011/12/13 17:45:57.393854, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:57.393890, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002e (46) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=22 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 05 00 .{.... [2011/12/13 17:45:57.394306, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:57.394340, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:57.394373, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:57.394409, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2011/12/13 17:45:57.394444, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[7].fn == 0xb7147620 [2011/12/13 17:45:57.394483, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-4581f87b0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2011/12/13 17:45:57.394624, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 .{.. [2011/12/13 17:45:57.394704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'X86ERR300S3' sid : * sid : S-1-5-21-861941570-1634457251-3974523304 result : NT_STATUS_OK [2011/12/13 17:45:57.394968, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:57.395016, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 30 [2011/12/13 17:45:57.395063, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:57.395101, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 88. [2011/12/13 17:45:57.395142, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0070 (112) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000058 (88) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=88 [0000] 00 00 02 00 05 00 00 00 16 00 18 00 04 00 02 00 ........ ........ [0010] 08 00 02 00 0C 00 00 00 00 00 00 00 0B 00 00 00 ........ ........ [0020] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. [0030] 30 00 53 00 33 00 00 00 04 00 00 00 01 04 00 00 0.S.3... ........ [0040] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka [0050] A8 69 E6 EC 00 00 00 00 .i...... [2011/12/13 17:45:57.395684, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 68 [2011/12/13 17:45:57.395727, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 112 bytes. There is no more data outstanding [2011/12/13 17:45:57.395763, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..112] (align 0) [2011/12/13 17:45:57.395798, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.395818, 5] lib/util.c:342(show_msg) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2011/12/13 17:45:57.396100, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 70 00 00 00 03 00 00 ........ .p...... [0010] 00 58 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .X...... ........ [0020] 00 16 00 18 00 04 00 02 00 08 00 02 00 0C 00 00 ........ ........ [0030] 00 00 00 00 00 0B 00 00 00 58 00 38 00 36 00 45 ........ .X.8.6.E [0040] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 00 .R.R.3.0 .0.S.3.. [0050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0060] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC 00 00 00 .B/`3..k a.i..... [0070] 00 . [2011/12/13 17:45:57.396529, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2011/12/13 17:45:57.396584, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2011/12/13 17:45:57.396620, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 132 (0 toread) [2011/12/13 17:45:57.396654, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.396674, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27149 (0x6A0D) smb_bcc=61 [2011/12/13 17:45:57.397071, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 45 81 F8 7B 00 00 ......NE ..{.. [2011/12/13 17:45:57.397216, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.397252, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.397289, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2011/12/13 17:45:57.397327, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:57.397358, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:57.397391, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:57.397423, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) [2011/12/13 17:45:57.397458, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9785568 max_trans_reply: 4280 [2011/12/13 17:45:57.397492, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2011/12/13 17:45:57.397525, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:57.397558, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:57.397591, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:57.397625, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:57.397656, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:57.397688, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2011/12/13 17:45:57.397722, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:57.397754, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:57.397786, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2011/12/13 17:45:57.397820, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:57.397856, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 .{.. [2011/12/13 17:45:57.398281, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:57.398316, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:57.398349, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:57.398384, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2011/12/13 17:45:57.398420, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[0].fn == 0xb71489f0 [2011/12/13 17:45:57.398459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-4581f87b0000 [2011/12/13 17:45:57.398577, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 .{.. [2011/12/13 17:45:57.398654, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. [0010] F8 7B 00 00 .{.. [2011/12/13 17:45:57.398728, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:57.398761, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2011/12/13 17:45:57.398906, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:57.398946, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2011/12/13 17:45:57.398991, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:57.399029, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:57.399070, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2011/12/13 17:45:57.399466, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:57.399510, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:57.399546, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:57.399581, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.399601, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:57.399881, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2011/12/13 17:45:57.400168, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2011/12/13 17:45:57.400222, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2011/12/13 17:45:57.400258, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 45 (0 toread) [2011/12/13 17:45:57.400292, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.400312, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=9 smt_wct=3 smb_vwv[ 0]=27149 (0x6A0D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/12/13 17:45:57.400510, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:57.400532, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.400567, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.400605, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=27149 (numopen=1) [2011/12/13 17:45:57.400643, 6] smbd/close.c:532(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2011/12/13 17:45:57.400727, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2011/12/13 17:45:57.400773, 5] smbd/files.c:482(file_free) freed files structure 27149 (0 used) [2011/12/13 17:45:57.400810, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.400831, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=9 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:57.401070, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:57.401228, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 106 [2011/12/13 17:45:57.401281, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x6a [2011/12/13 17:45:57.401317, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 110 (0 toread) [2011/12/13 17:45:57.401351, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.401371, 5] lib/util.c:342(show_msg) size=106 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=10 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 5120 (0x1400) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=23 [2011/12/13 17:45:57.401830, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 6E 00 65 00 74 00 6C 00 6F 00 67 00 6F .\.n.e.t .l.o.g.o [0010] 00 6E 00 00 00 00 00 .n..... [2011/12/13 17:45:57.401907, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.401942, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.401978, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = netlogon [2011/12/13 17:45:57.402016, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \netlogon. [2011/12/13 17:45:57.402052, 5] smbd/files.c:140(file_new) allocated file structure 23054, fnum = 27150 (1 used) [2011/12/13 17:45:57.402090, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/netlogon hash 0x502cbad6 [2011/12/13 17:45:57.402129, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2011/12/13 17:45:57.402169, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2011/12/13 17:45:57.402203, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2011/12/13 17:45:57.402243, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2011/12/13 17:45:57.402280, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \netlogon [2011/12/13 17:45:57.402458, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2011/12/13 17:45:57.402512, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2011/12/13 17:45:57.402548, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 160 (0 toread) [2011/12/13 17:45:57.402581, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.402601, 5] lib/util.c:342(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27150 (0x6A0E) smb_bcc=89 [2011/12/13 17:45:57.402975, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0040] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:57.403176, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.403212, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.403249, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2011/12/13 17:45:57.403286, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:57.403326, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:57.403359, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:57.403391, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "netlogon" (pnum 6a0e) [2011/12/13 17:45:57.403425, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9785568 max_trans_reply: 4280 [2011/12/13 17:45:57.403458, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 72 [2011/12/13 17:45:57.403491, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:57.403523, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:57.403555, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:57.403588, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:57.403620, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:57.403651, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 [2011/12/13 17:45:57.403685, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:57.403716, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:57.403747, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 [2011/12/13 17:45:57.403780, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:57.403817, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:57.404299, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2011/12/13 17:45:57.404334, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2011/12/13 17:45:57.404367, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2011/12/13 17:45:57.404399, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2011/12/13 17:45:57.404442, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2011/12/13 17:45:57.404486, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:57.404984, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 56 [2011/12/13 17:45:57.405032, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 4280 [2011/12/13 17:45:57.405070, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2011/12/13 17:45:57.405107, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 26 [2011/12/13 17:45:57.405147, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2011/12/13 17:45:57.405183, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2011/12/13 17:45:57.405218, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.405238, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2011/12/13 17:45:57.405524, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... [0010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [0030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:57.413571, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2011/12/13 17:45:57.413646, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2011/12/13 17:45:57.413684, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 45 (0 toread) [2011/12/13 17:45:57.413718, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.413739, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=12 smt_wct=3 smb_vwv[ 0]=27150 (0x6A0E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/12/13 17:45:57.413957, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:57.413981, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.414017, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:57.414052, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=27150 (numopen=1) [2011/12/13 17:45:57.414086, 6] smbd/close.c:532(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2011/12/13 17:45:57.414129, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \netlogon [2011/12/13 17:45:57.414170, 5] smbd/files.c:482(file_free) freed files structure 27150 (0 used) [2011/12/13 17:45:57.414206, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.414226, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=12 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:57.414385, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:57.414523, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2011/12/13 17:45:57.414576, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2011/12/13 17:45:57.414612, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 39 (0 toread) [2011/12/13 17:45:57.414645, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.414665, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=13 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:57.414840, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:57.414863, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 31736) conn 0xb9784ee0 [2011/12/13 17:45:57.414899, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.414933, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.414965, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.415021, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.415059, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.415092, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.415125, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.415174, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.415209, 3] smbd/service.c:1378(close_cnum) 10.200.8.180 (10.200.8.180) closed connection to service IPC$ [2011/12/13 17:45:57.415250, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2011/12/13 17:45:57.415343, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F87B0000FFFFFFFF0567 [2011/12/13 17:45:57.415388, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9774b48 [2011/12/13 17:45:57.415430, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F87B0000FFFFFFFF0567 [2011/12/13 17:45:57.415526, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/12/13 17:45:57.415565, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.415599, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.415631, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.415692, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.415735, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.415756, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=13 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:57.415917, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:57.416734, 5] lib/util_sock.c:319(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/12/13 17:45:57.416789, 5] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 10.200.8.180 read error = NT_STATUS_END_OF_FILE. [2011/12/13 17:45:57.416828, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.416862, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.416894, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.416945, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.417044, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2011/12/13 17:45:57.418085, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F97B0000FFFFFFFF [2011/12/13 17:45:57.433841, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9785058 [2011/12/13 17:45:57.434122, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F97B0000FFFFFFFF [2011/12/13 17:45:57.434419, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 50700 SO_RCVBUF = 87520 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:57.436321, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 50700 SO_RCVBUF = 87520 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2011/12/13 17:45:57.437519, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 [2011/12/13 17:45:57.439866, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F87B0000FFFFFFFF [2011/12/13 17:45:57.439943, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9773bb0 [2011/12/13 17:45:57.439995, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F87B0000FFFFFFFF file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.440415, 3] lib/access.c:338(allow_access) Allowed connection from 10.200.8.180 (10.200.8.180) [2011/12/13 17:45:57.440451, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:10.200.8.180:59695 to ipv4:10.200.8.180:445 [2011/12/13 17:45:57.440514, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2011/12/13 17:45:57.440614, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2011/12/13 17:45:57.440681, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2011/12/13 17:45:57.440795, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0xb9773a60 [2011/12/13 17:45:57.440836, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0xb9754448 [2011/12/13 17:45:57.440875, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0xb97541f0 [2011/12/13 17:45:57.440951, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2011/12/13 17:45:57.441000, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2011/12/13 17:45:57.441036, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2011/12/13 17:45:57.441069, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.441091, 5] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=31735 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2011/12/13 17:45:57.441253, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2011/12/13 17:45:57.441578, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 31737) conn 0x0 [2011/12/13 17:45:57.441617, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.441654, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.441691, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.441751, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.442076, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2011/12/13 17:45:57.442134, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2011/12/13 17:45:57.442170, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2011/12/13 17:45:57.442205, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2011/12/13 17:45:57.442240, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2011/12/13 17:45:57.442274, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2011/12/13 17:45:57.442308, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2011/12/13 17:45:57.442344, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2011/12/13 17:45:57.442379, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2011/12/13 17:45:57.442413, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2011/12/13 17:45:57.442452, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2011/12/13 17:45:57.442496, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.442744, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F97B0000FFFFFFFF [2011/12/13 17:45:57.442784, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb97921e0 [2011/12/13 17:45:57.442844, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F97B0000FFFFFFFF [2011/12/13 17:45:57.442900, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.443171, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2011/12/13 17:45:57.443207, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2011/12/13 17:45:57.443239, 5] smbd/negprot.c:711(reply_negprot) negprot index=8 [2011/12/13 17:45:57.443272, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.443291, 5] lib/util.c:342(show_msg) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31735 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]=65280 (0xFF00) smb_vwv[ 4]= 255 (0xFF) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=63744 (0xF900) smb_vwv[ 8]= 123 (0x7B) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=39552 (0x9A80) smb_vwv[12]=63790 (0xF92E) smb_vwv[13]=46767 (0xB6AF) smb_vwv[14]=52409 (0xCCB9) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2011/12/13 17:45:57.443662, 10] ../lib/util/util.c:415(dump_data) [0000] 6D 61 73 74 65 72 00 00 00 00 00 00 00 00 00 00 master.. ........ [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2011/12/13 17:45:57.444103, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 164 [2011/12/13 17:45:57.444157, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2011/12/13 17:45:57.444193, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 168 (0 toread) [2011/12/13 17:45:57.444226, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.444246, 5] lib/util.c:342(show_msg) size=164 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31735 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49244 (0xC05C) smb_vwv[11]=32768 (0x8000) smb_bcc=105 [2011/12/13 17:45:57.444556, 10] ../lib/util/util.c:415(dump_data) [0000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... ...G0E.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7....3 [0020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .1NTLMSS P....... [0030] 08 60 0B 00 0B 00 20 00 00 00 06 00 06 00 2B 00 .`.... . ......+. [0040] 00 00 58 38 36 45 52 52 33 30 30 53 33 4D 41 53 ..X86ERR 300S3MAS [0050] 54 45 52 55 00 6E 00 69 00 78 00 00 00 53 00 61 TERU.n.i .x...S.a [0060] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . [2011/12/13 17:45:57.444839, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 31737) conn 0x0 [2011/12/13 17:45:57.444877, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.444910, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.444942, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.444992, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.445030, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2011/12/13 17:45:57.445067, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/12/13 17:45:57.445105, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2011/12/13 17:45:57.445141, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2011/12/13 17:45:57.445207, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2011/12/13 17:45:57.445244, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 49 [2011/12/13 17:45:57.445481, 5] auth/auth.c:528(make_auth_context_subsystem) Using specified auth order [2011/12/13 17:45:57.445533, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2011/12/13 17:45:57.445567, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2011/12/13 17:45:57.445599, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2011/12/13 17:45:57.445632, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2011/12/13 17:45:57.445665, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2011/12/13 17:45:57.445698, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2011/12/13 17:45:57.445730, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2011/12/13 17:45:57.445762, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2011/12/13 17:45:57.445794, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2011/12/13 17:45:57.445827, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2011/12/13 17:45:57.445859, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend smbserver [2011/12/13 17:45:57.445893, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'smbserver' [2011/12/13 17:45:57.445926, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2011/12/13 17:45:57.445959, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2011/12/13 17:45:57.445990, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2011/12/13 17:45:57.446022, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2011/12/13 17:45:57.446055, 5] auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2011/12/13 17:45:57.446088, 5] auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2011/12/13 17:45:57.446119, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2011/12/13 17:45:57.446152, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2011/12/13 17:45:57.446185, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2011/12/13 17:45:57.446225, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2011/12/13 17:45:57.446259, 5] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind [2011/12/13 17:45:57.446292, 5] auth/auth.c:410(load_auth_module) load_auth_module: auth method winbind has a valid init [2011/12/13 17:45:57.446339, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2011/12/13 17:45:57.446489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x000b (11) DomainNameMaxLen : 0x000b (11) DomainName : * DomainName : 'X86ERR300S3' WorkstationLen : 0x0006 (6) WorkstationMaxLen : 0x0006 (6) Workstation : * Workstation : 'MASTER' [2011/12/13 17:45:57.447085, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2011/12/13 17:45:57.447120, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2011/12/13 17:45:57.447152, 5] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2011/12/13 17:45:57.447191, 5] auth/auth.c:134(get_ntlm_challenge) auth_context challenge created by random [2011/12/13 17:45:57.447225, 5] auth/auth.c:135(get_ntlm_challenge) challenge is: [2011/12/13 17:45:57.447257, 5] ../lib/util/util.c:415(dump_data) [0000] 57 77 8F 85 E7 49 BA 9B Ww...I.. [2011/12/13 17:45:57.447326, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0016 (22) TargetNameMaxLen : 0x0016 (22) TargetName : * TargetName : 'X86ERR300S3' NegotiateFlags : 0x60898215 (1619624469) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : 57778f85e749ba9b Reserved : 0000000000000000 TargetInfoLen : 0x007c (124) TargetNameInfoMaxLen : 0x007c (124) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'X86ERR300S3' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'MASTER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x002a (42) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'master.x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) [2011/12/13 17:45:57.448349, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.448373, 5] lib/util.c:342(show_msg) size=326 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=31735 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 225 (0xE1) smb_bcc=283 [2011/12/13 17:45:57.448586, 10] ../lib/util/util.c:415(dump_data) [0000] A1 81 DE 30 81 DB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 C5 04 81 C2 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 00 30 TLMSSP.. .......0 [0030] 00 00 00 15 82 89 60 57 77 8F 85 E7 49 BA 9B 00 ......`W w...I... [0040] 00 00 00 00 00 00 00 7C 00 7C 00 46 00 00 00 58 .......| .|.F...X [0050] 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 30 .8.6.E.R .R.3.0.0 [0060] 00 53 00 33 00 02 00 16 00 58 00 38 00 36 00 45 .S.3.... .X.8.6.E [0070] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 .R.R.3.0 .0.S.3.. [0080] 00 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 ...M.A.S .T.E.R.. [0090] 00 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 ...x.8.6 .e.r.r.3 [00A0] 00 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 .0.0.s.3 ...q.a.. [00B0] 00 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E .*.m.a.s .t.e.r.. [00C0] 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 .x.8.6.e .r.r.3.0 [00D0] 00 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 .0.s.3.. .q.a.... [00E0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [00F0] 00 62 00 61 00 20 00 33 00 2E 00 36 00 2E 00 36 .b.a. .3 ...6...6 [0100] 00 00 00 58 00 38 00 36 00 45 00 52 00 52 00 33 ...X.8.6 .E.R.R.3 [0110] 00 30 00 30 00 53 00 33 00 00 00 .0.0.S.3 ... [2011/12/13 17:45:57.449402, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 414 [2011/12/13 17:45:57.449455, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x19e [2011/12/13 17:45:57.449490, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 418 (0 toread) [2011/12/13 17:45:57.449523, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:57.449542, 5] lib/util.c:342(show_msg) size=414 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31735 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 332 (0x14C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49244 (0xC05C) smb_vwv[11]=32768 (0x8000) smb_bcc=355 [2011/12/13 17:45:57.449846, 10] ../lib/util/util.c:415(dump_data) [0000] A1 82 01 48 30 82 01 44 A2 82 01 40 04 82 01 3C ...H0..D ...@...< [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [0020] 40 00 00 00 A8 00 A8 00 58 00 00 00 16 00 16 00 @....... X....... [0030] 00 01 00 00 0A 00 0A 00 16 01 00 00 0C 00 0C 00 ........ ........ [0040] 20 01 00 00 10 00 10 00 2C 01 00 00 15 82 08 60 ....... ,......` [0050] 3F BA AB 45 3A DF E5 58 7A 0E 7B 83 58 59 97 D8 ?..E:..X z.{.XY.. [0060] 87 1C 29 30 12 31 FE CF 6B 7D 1B 3F 6C 2D DB 9B ..)0.1.. k}.?l-.. [0070] 09 03 3A 57 53 AC 0E 84 01 01 00 00 00 00 00 00 ..:WS... ........ [0080] 80 90 B5 AF B6 B9 CC 01 55 8D 6E 72 66 52 48 FE ........ U.nrfRH. [0090] 00 00 00 00 02 00 16 00 58 00 38 00 36 00 45 00 ........ X.8.6.E. [00A0] 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 00 R.R.3.0. 0.S.3... [00B0] 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 00 ..M.A.S. T.E.R... [00C0] 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 ..x.8.6. e.r.r.3. [00D0] 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 00 0.0.s.3. ..q.a... [00E0] 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E 00 *.m.a.s. t.e.r... [00F0] 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 00 x.8.6.e. r.r.3.0. [0100] 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 00 0.s.3... q.a..... [0110] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. [0120] 30 00 53 00 33 00 75 00 73 00 65 00 72 00 31 00 0.S.3.u. s.e.r.1. [0130] 4D 00 41 00 53 00 54 00 45 00 52 00 32 98 B8 A1 M.A.S.T. E.R.2... [0140] A5 9C 6A 9E 20 96 EB 8A 23 65 73 F6 00 55 00 6E ..j. ... #es..U.n [0150] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0160] 00 00 00 ... [2011/12/13 17:45:57.450543, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 31737) conn 0x0 [2011/12/13 17:45:57.450578, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.450611, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.450642, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.450702, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:57.450738, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc801 [2011/12/13 17:45:57.450770, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/12/13 17:45:57.450804, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2011/12/13 17:45:57.450914, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 3fbaab453adfe5587a0e7b83585997d8871c29301231fecf NtChallengeResponseLen : 0x00a8 (168) NtChallengeResponseMaxLen: 0x00a8 (168) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 168) v2: struct NTLMv2_RESPONSE Response : 6b7d1b3f6c2ddb9b09033a5753ac0e84 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Di Dez 13 17:45:57 2011 CET ChallengeFromClient : 558d6e72665248fe Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'X86ERR300S3' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'MASTER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x002a (42) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'master.x86err300s3.qa' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0016 (22) DomainNameMaxLen : 0x0016 (22) DomainName : * DomainName : 'X86ERR300S3' UserNameLen : 0x000a (10) UserNameMaxLen : 0x000a (10) UserName : * UserName : 'user1' WorkstationLen : 0x000c (12) WorkstationMaxLen : 0x000c (12) Workstation : * Workstation : 'MASTER' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 32 98 B8 A1 A5 9C 6A 9E 20 96 EB 8A 23 65 73 F6 2.....j. ...#es. NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 [2011/12/13 17:45:57.452501, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) Got user=[user1] domain=[X86ERR300S3] workstation=[MASTER] len1=24 len2=168 [2011/12/13 17:45:57.452557, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:57.452836, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [X86ERR300S3]\[user1] from workstation [MASTER] [2011/12/13 17:45:57.452877, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for user1 (user1) [2011/12/13 17:45:57.452913, 5] auth/user_info.c:70(make_user_info) making strings for user1's user_info struct [2011/12/13 17:45:57.452946, 5] auth/user_info.c:87(make_user_info) making blobs for user1's user_info struct [2011/12/13 17:45:57.452979, 10] auth/user_info.c:123(make_user_info) made a user_info for user1 (user1) [2011/12/13 17:45:57.453011, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [X86ERR300S3]\[user1]@[MASTER] with the new password interface [2011/12/13 17:45:57.453045, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [X86ERR300S3]\[user1]@[MASTER] [2011/12/13 17:45:57.453077, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2011/12/13 17:45:57.453109, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2011/12/13 17:45:57.453149, 5] ../lib/util/util.c:415(dump_data) [0000] 57 77 8F 85 E7 49 BA 9B Ww...I.. [2011/12/13 17:45:57.453200, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [user1] [2011/12/13 17:45:57.453232, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2011/12/13 17:45:57.453267, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [user1] [2011/12/13 17:45:57.453298, 8] lib/util.c:1521(is_myname) is_myname("X86ERR300S3") returns 0 [2011/12/13 17:45:57.453336, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.453372, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.453405, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.453437, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.453468, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.453559, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=user1)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:57.454030, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2011/12/13 17:45:57.454080, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 [2011/12/13 17:45:57.459599, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2011/12/13 17:45:57.459656, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2011/12/13 17:45:57.459691, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" [2011/12/13 17:45:57.460804, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2011/12/13 17:45:57.460875, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2011/12/13 17:45:57.461509, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: user1 [2011/12/13 17:45:57.461566, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username user1, was [2011/12/13 17:45:57.461606, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:57.461640, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username user1, was [2011/12/13 17:45:57.461684, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 [2011/12/13 17:45:57.461723, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 [2011/12/13 17:45:57.461775, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:57.461817, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:57.461856, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:57.461896, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:57.461935, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:57.461975, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name univention, was [2011/12/13 17:45:57.462017, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:57.462061, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:57.462103, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:57.462143, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\user1, was [2011/12/13 17:45:57.462186, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:57.462220, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:57.462261, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:57.462300, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was [2011/12/13 17:45:57.462342, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:57.462381, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:57.462442, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.462479, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.462511, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.462543, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.462575, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.462663, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.462714, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:57.462756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:57.462795, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:57.462895, 5] passdb/login_cache.c:47(login_cache_init) Opening cache file at /var/cache/samba/login_cache.tdb [2011/12/13 17:45:57.462956, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user user1 [2011/12/13 17:45:57.462996, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:57.463029, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:57.463073, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.463108, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.463141, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.463173, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.463205, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.463272, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.463319, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user user1 [2011/12/13 17:45:57.463352, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is user1 [2011/12/13 17:45:57.463495, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [user1]! [2011/12/13 17:45:57.463562, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5001 -> sid S-1-5-21-861941570-1634457251-3974523304-513 [2011/12/13 17:45:57.463612, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.463656, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.463691, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.463724, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.463755, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.463819, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.463869, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username user1, was [2011/12/13 17:45:57.463904, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:57.463938, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username user1, was [2011/12/13 17:45:57.463971, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name univention, was [2011/12/13 17:45:57.464011, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\user1, was [2011/12/13 17:45:57.464046, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:57.464081, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:57.464121, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was [2011/12/13 17:45:57.464157, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:57.464193, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.464227, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.464260, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.464293, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.464325, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.464389, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.464429, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 [2011/12/13 17:45:57.464467, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 from rid 5014 [2011/12/13 17:45:57.464521, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-513 [2011/12/13 17:45:57.464564, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.464602, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) ntlm_password_check: Checking NTLMv2 password with domain [X86ERR300S3] [2011/12/13 17:45:57.464660, 4] auth/check_samsec.c:183(sam_account_ok) sam_account_ok: Checking SMB password for user user1 [2011/12/13 17:45:57.464732, 5] auth/check_samsec.c:165(logon_hours_ok) logon_hours_ok: user user1 allowed to logon at this time (Tue Dec 13 16:45:57 2011 ) [2011/12/13 17:45:57.464785, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.464820, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.464853, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.464885, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.464917, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.464992, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.465031, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.465065, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.465097, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.465130, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.465162, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.465213, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user user1 [2011/12/13 17:45:57.465248, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is user1 [2011/12/13 17:45:57.465283, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [user1]! [2011/12/13 17:45:57.465321, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.465356, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.465388, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.465421, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.465452, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.465516, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.465554, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.465587, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:57.465620, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:57.465652, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.465684, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.465746, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.465786, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user user1 [2011/12/13 17:45:57.465819, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is user1 [2011/12/13 17:45:57.465853, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [user1]! [2011/12/13 17:45:57.465908, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [user1] [2011/12/13 17:45:57.470780, 5] auth/server_info_sam.c:120(make_server_info_sam) make_server_info_sam: made server info for user user1 -> user1 [2011/12/13 17:45:57.470851, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.470896, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: sam authentication for user [user1] succeeded [2011/12/13 17:45:57.470933, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.470967, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.471000, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.471032, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.471063, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.471117, 4] auth/pampass.c:483(smb_pam_start) smb_pam_start: PAM: Init user: user1 [2011/12/13 17:45:57.473789, 4] auth/pampass.c:492(smb_pam_start) smb_pam_start: PAM: setting rhost to: 10.200.8.180 [2011/12/13 17:45:57.473838, 4] auth/pampass.c:501(smb_pam_start) smb_pam_start: PAM: setting tty [2011/12/13 17:45:57.473874, 4] auth/pampass.c:509(smb_pam_start) smb_pam_start: PAM: Init passed for user: user1 [2011/12/13 17:45:57.473906, 4] auth/pampass.c:567(smb_pam_account) smb_pam_account: PAM: Account Management for User: user1 [2011/12/13 17:45:57.512969, 4] auth/pampass.c:586(smb_pam_account) smb_pam_account: PAM: Account OK for User: user1 [2011/12/13 17:45:57.513209, 4] auth/pampass.c:465(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2011/12/13 17:45:57.513264, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.513301, 5] auth/auth.c:296(check_ntlm_password) check_ntlm_password: PAM Account for user [user1] succeeded [2011/12/13 17:45:57.513335, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [user1] -> [user1] -> [user1] succeeded [2011/12/13 17:45:57.513375, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for user1 [2011/12/13 17:45:57.513443, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-21-861941570-1634457251-3974523304-5014 Privilege set: 0x10 [2011/12/13 17:45:57.513502, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-513] [2011/12/13 17:45:57.513546, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2011/12/13 17:45:57.513598, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2011/12/13 17:45:57.513640, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2011/12/13 17:45:57.517125, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.517184, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:57.517220, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:57.517254, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:57.517286, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:57.517359, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2011/12/13 17:45:57.517744, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2011/12/13 17:45:57.517806, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:57.517843, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:57.517879, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2011/12/13 17:45:57.517916, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2011/12/13 17:45:57.517956, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (9): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-5014 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-2007 SID[ 6]: S-1-22-2-5001 SID[ 7]: S-1-22-2-5022 SID[ 8]: S-1-22-2-5020 Privileges (0x 10): Privilege[ 0]: SeMachineAccountPrivilege Rights (0x 0): [2011/12/13 17:45:57.518163, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 2007 Primary group is 5001 and contains 3 supplementary groups Group[ 0]: 5001 Group[ 1]: 5022 Group[ 2]: 5020 [2011/12/13 17:45:57.518270, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2011/12/13 17:45:57.518307, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 8 [2011/12/13 17:45:57.518340, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2011/12/13 17:45:57.518380, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2011/12/13 17:45:57.518414, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2011/12/13 17:45:57.518568, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (2007,5001) user1 user1 X86ERR300S3 guest=0 [2011/12/13 17:45:57.518606, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: user1 Real name: univention [2011/12/13 17:45:57.518639, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 2007 is UNIX user user1, and will be vuid 100 [2011/12/13 17:45:57.518686, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F33313733372F31 [2011/12/13 17:45:57.518732, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9772338 [2011/12/13 17:45:57.518770, 4] auth/pampass.c:483(smb_pam_start) smb_pam_start: PAM: Init user: user1 [2011/12/13 17:45:57.521189, 4] auth/pampass.c:492(smb_pam_start) smb_pam_start: PAM: setting rhost to: 10.200.8.180 [2011/12/13 17:45:57.521235, 4] auth/pampass.c:501(smb_pam_start) smb_pam_start: PAM: setting tty [2011/12/13 17:45:57.521269, 4] auth/pampass.c:509(smb_pam_start) smb_pam_start: PAM: Init passed for user: user1 [2011/12/13 17:45:57.521304, 4] auth/pampass.c:646(smb_internal_pam_session) smb_internal_pam_session: PAM: tty set to: smb/31737/100 [2011/12/13 17:45:58.991310, 4] auth/pampass.c:465(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2011/12/13 17:45:58.991455, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F33313733372F31 [2011/12/13 17:45:58.991570, 7] param/loadparm.c:9857(lp_servicenumber) lp_servicenumber: couldn't find user1 [2011/12/13 17:45:58.991610, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user user1 [2011/12/13 17:45:58.991644, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is user1 [2011/12/13 17:45:58.991681, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [user1]! [2011/12/13 17:45:58.991714, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'user1' using home directory: '/home/user1' [2011/12/13 17:45:58.991794, 8] param/loadparm.c:6503(add_a_service) add_a_service: Creating snum = 5 for user1 [2011/12/13 17:45:58.991832, 10] param/loadparm.c:6550(hash_a_service) hash_a_service: hashing index 5 for service name user1 [2011/12/13 17:45:58.991872, 3] param/loadparm.c:6605(lp_add_home) adding home's share [user1] for user 'user1' at '/home/user1' [2011/12/13 17:45:58.991934, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:58.992226, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:58.992250, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=31735 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2011/12/13 17:45:58.992466, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 58 00 38 00 36 ...6...6 ...X.8.6 [0030] 00 45 00 52 00 52 00 33 00 30 00 30 00 53 00 33 .E.R.R.3 .0.0.S.3 [0040] 00 00 00 ... [2011/12/13 17:45:58.992938, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2011/12/13 17:45:58.992993, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2011/12/13 17:45:58.993030, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2011/12/13 17:45:58.993064, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:58.993084, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=31735 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2011/12/13 17:45:58.993299, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 4D 00 41 00 53 00 54 00 45 00 52 .\.\.M.A .S.T.E.R [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC [0020] 00 . [2011/12/13 17:45:58.993406, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 31737) conn 0x0 [2011/12/13 17:45:58.993442, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:58.993476, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.993509, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.993568, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:58.993616, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [IPC] for share [IPC$] [2011/12/13 17:45:58.993670, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2011/12/13 17:45:58.993713, 3] lib/access.c:338(allow_access) Allowed connection from 10.200.8.180 (10.200.8.180) [2011/12/13 17:45:58.993755, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user user1 [2011/12/13 17:45:58.993802, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user user1 [2011/12/13 17:45:58.993836, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is user1 [2011/12/13 17:45:58.993871, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [user1]! [2011/12/13 17:45:58.993911, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:58.993948, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2011/12/13 17:45:58.994006, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2011/12/13 17:45:58.994049, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2011/12/13 17:45:58.994089, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2011/12/13 17:45:58.994127, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2011/12/13 17:45:58.994170, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2011/12/13 17:45:58.994207, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2011/12/13 17:45:58.994241, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2011/12/13 17:45:58.994272, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2011/12/13 17:45:58.994306, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2011/12/13 17:45:58.994358, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2011/12/13 17:45:58.994452, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F97B0000FFFFFFFF12FF [2011/12/13 17:45:58.994494, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9792210 [2011/12/13 17:45:58.994562, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F97B0000FFFFFFFF12FF [2011/12/13 17:45:58.994691, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:58.994736, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user user1 [2011/12/13 17:45:58.994772, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user user1 [2011/12/13 17:45:58.994832, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2011/12/13 17:45:58.994874, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID administrator is not in a valid format [2011/12/13 17:45:58.994914, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: X86ERR300S3\administrator => domain=[X86ERR300S3], name=[administrator] [2011/12/13 17:45:58.994947, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:58.994984, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.995019, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:58.995051, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.995084, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.995116, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.995195, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:58.996007, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Administrator [2011/12/13 17:45:58.996062, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:58.996099, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:58.996134, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:58.996176, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:58.996213, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:58.996265, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:58.996307, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:58.996346, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:58.996397, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:58.996437, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:58.996476, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:58.996518, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:58.996551, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:58.996592, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:58.996633, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:58.996675, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:58.996760, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:58.996805, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:58.996847, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:58.996889, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:58.996929, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:58.996968, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:58.997018, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.997055, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:58.997089, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.997121, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.997153, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.997226, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.997276, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:58.997318, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:58.997358, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:58.997412, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user Administrator [2011/12/13 17:45:58.997450, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:58.997484, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:58.997523, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.997557, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:58.997590, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.997622, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.997654, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.997717, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.997766, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user Administrator [2011/12/13 17:45:58.997801, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2011/12/13 17:45:58.997933, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [Administrator]! [2011/12/13 17:45:58.997997, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5000 -> sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:58.998043, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.998079, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:58.998113, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.998146, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.998178, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.998242, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.998288, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username Administrator, was [2011/12/13 17:45:58.998325, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:58.998358, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username Administrator, was [2011/12/13 17:45:58.998391, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Administrator, was [2011/12/13 17:45:58.998432, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\administrator, was [2011/12/13 17:45:58.998467, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:58.998502, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:58.998541, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was [2011/12/13 17:45:58.998577, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:58.998613, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.998647, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:58.998680, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:58.998713, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.998744, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.998821, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.998864, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 [2011/12/13 17:45:58.998902, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 [2011/12/13 17:45:58.998956, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 [2011/12/13 17:45:58.999000, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:58.999045, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID join-backup is not in a valid format [2011/12/13 17:45:58.999090, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: X86ERR300S3\join-backup => domain=[X86ERR300S3], name=[join-backup] [2011/12/13 17:45:58.999131, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2011/12/13 17:45:58.999167, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.999200, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:58.999233, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:58.999265, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:58.999296, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:58.999365, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=join-backup)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:58.999931, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: join-backup [2011/12/13 17:45:58.999984, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username join-backup, was [2011/12/13 17:45:59.000020, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.000054, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username join-backup, was [2011/12/13 17:45:59.000097, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 [2011/12/13 17:45:59.000133, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 [2011/12/13 17:45:59.000183, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:59.000224, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:59.000264, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:59.000303, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:59.000343, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:59.000382, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Joinuser, was [2011/12/13 17:45:59.000423, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:59.000456, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.000497, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:59.000536, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\join-backup, was [2011/12/13 17:45:59.000578, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:59.000613, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.000654, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:59.000722, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was [2011/12/13 17:45:59.000775, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:59.000816, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:59.000857, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:59.000906, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.000953, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.000986, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.001019, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.001051, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.001118, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.001169, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:59.001211, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:59.001251, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:59.001301, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user join-backup [2011/12/13 17:45:59.001339, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:59.001372, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:59.001410, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.001444, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.001477, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.001510, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.001542, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.001605, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.001644, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user join-backup [2011/12/13 17:45:59.001678, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is join-backup [2011/12/13 17:45:59.001789, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [join-backup]! [2011/12/13 17:45:59.001852, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5008 -> sid S-1-5-21-861941570-1634457251-3974523304-11017 [2011/12/13 17:45:59.001896, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11017) for group of user join-backup [2011/12/13 17:45:59.001934, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11017' [2011/12/13 17:45:59.001975, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 [2011/12/13 17:45:59.002014, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' [2011/12/13 17:45:59.002052, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.002086, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.002119, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.002152, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.002184, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.002235, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 11017. [2011/12/13 17:45:59.002275, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.002318, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.002352, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.002385, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.002417, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.002489, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017)(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:59.002936, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11017] count=0 [2011/12/13 17:45:59.003014, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017))], scope => [2] [2011/12/13 17:45:59.003485, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) init_group_from_ldap: Entry found for group: 5008 [2011/12/13 17:45:59.003549, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute displayName does not exist [2011/12/13 17:45:59.003604, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.003643, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Backup Join:2 [2011/12/13 17:45:59.003680, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.003716, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-861941570-1634457251-3974523304-11017 -> X86ERR300S3\Backup Join(2) [2011/12/13 17:45:59.003757, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.003792, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.003826, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.003858, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.003891, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.003958, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.004002, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username join-backup, was [2011/12/13 17:45:59.004038, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.004071, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username join-backup, was [2011/12/13 17:45:59.004105, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name Joinuser, was [2011/12/13 17:45:59.004145, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\join-backup, was [2011/12/13 17:45:59.004180, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.004215, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.004254, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was [2011/12/13 17:45:59.004290, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:59.004326, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.004360, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.004486, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.004533, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.004565, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.004637, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.004678, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 [2011/12/13 17:45:59.004754, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 from rid 5006 [2011/12/13 17:45:59.004810, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11017 [2011/12/13 17:45:59.004855, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.004909, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (2007, 5001) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.004949, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (9): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-5014 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-2007 SID[ 6]: S-1-22-2-5001 SID[ 7]: S-1-22-2-5022 SID[ 8]: S-1-22-2-5020 Privileges (0x 10): Privilege[ 0]: SeMachineAccountPrivilege Rights (0x 0): [2011/12/13 17:45:59.005149, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 2007 Primary group is 5001 and contains 3 supplementary groups Group[ 0]: 5001 Group[ 1]: 5022 Group[ 2]: 5020 [2011/12/13 17:45:59.005241, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,2007), gid=(0,5001) [2011/12/13 17:45:59.005281, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.005314, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.005346, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.005396, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:59.005436, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2011/12/13 17:45:59.005483, 3] smbd/service.c:1114(make_connection_snum) master (10.200.8.180) connect to service IPC$ initially as user user1 (uid=2007, gid=5001) (pid 31737) [2011/12/13 17:45:59.005529, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2011/12/13 17:45:59.005769, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2011/12/13 17:45:59.005822, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2011/12/13 17:45:59.005857, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 106 (0 toread) [2011/12/13 17:45:59.005891, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.005910, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=19 [2011/12/13 17:45:59.006376, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 00 00 ... [2011/12/13 17:45:59.006451, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.006495, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (2007, 5001) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.006533, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (9): SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-5014 SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-2007 SID[ 6]: S-1-22-2-5001 SID[ 7]: S-1-22-2-5022 SID[ 8]: S-1-22-2-5020 Privileges (0x 10): Privilege[ 0]: SeMachineAccountPrivilege Rights (0x 0): [2011/12/13 17:45:59.006734, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 2007 Primary group is 5001 and contains 3 supplementary groups Group[ 0]: 5001 Group[ 1]: 5022 Group[ 2]: 5020 [2011/12/13 17:45:59.006839, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,2007), gid=(0,5001) [2011/12/13 17:45:59.006881, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2011/12/13 17:45:59.006936, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2011/12/13 17:45:59.006982, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2011/12/13 17:45:59.007027, 5] smbd/files.c:140(file_new) allocated file structure 23054, fnum = 27150 (1 used) [2011/12/13 17:45:59.007068, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/lsarpc hash 0xa9e2e929 [2011/12/13 17:45:59.007117, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2011/12/13 17:45:59.007169, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2011/12/13 17:45:59.007204, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2011/12/13 17:45:59.007245, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2011/12/13 17:45:59.007283, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2011/12/13 17:45:59.007479, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2011/12/13 17:45:59.007533, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2011/12/13 17:45:59.007569, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 160 (0 toread) [2011/12/13 17:45:59.007603, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.007623, 5] lib/util.c:342(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27150 (0x6A0E) smb_bcc=89 [2011/12/13 17:45:59.007987, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:59.008197, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.008234, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.008276, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2011/12/13 17:45:59.008321, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.008355, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.008391, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.008426, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) [2011/12/13 17:45:59.008462, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.008497, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 72 [2011/12/13 17:45:59.008532, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:59.008565, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:59.008599, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.008633, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.008665, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:59.008728, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 [2011/12/13 17:45:59.008772, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.008806, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:59.008838, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 [2011/12/13 17:45:59.008875, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.008921, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:59.009434, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2011/12/13 17:45:59.009475, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:59.009512, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2011/12/13 17:45:59.009544, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2011/12/13 17:45:59.009581, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2011/12/13 17:45:59.009632, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:59.010100, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 56 [2011/12/13 17:45:59.010154, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:59.010193, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2011/12/13 17:45:59.010230, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:59.010285, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2011/12/13 17:45:59.010325, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2011/12/13 17:45:59.010362, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.010383, 5] lib/util.c:342(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2011/12/13 17:45:59.010665, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2011/12/13 17:45:59.011044, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 152 [2011/12/13 17:45:59.011100, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x98 [2011/12/13 17:45:59.011136, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 156 (0 toread) [2011/12/13 17:45:59.011169, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.011190, 5] lib/util.c:342(show_msg) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27150 (0x6A0E) smb_bcc=85 [2011/12/13 17:45:59.011550, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 44 00 00 00 07 00 00 ........ .D...... [0020] 00 2C 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .,...... .....\.. [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ [0050] 00 00 00 00 02 ..... [2011/12/13 17:45:59.011749, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.011785, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.011823, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=68 params=0 setup=2 [2011/12/13 17:45:59.011860, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.011892, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.011924, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.011957, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) [2011/12/13 17:45:59.011991, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.012025, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 68 [2011/12/13 17:45:59.012059, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 68 [2011/12/13 17:45:59.012091, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 68 [2011/12/13 17:45:59.012124, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.012158, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.012190, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 52 [2011/12/13 17:45:59.012223, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 52 [2011/12/13 17:45:59.012257, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.012289, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 52 [2011/12/13 17:45:59.012321, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 52, incoming data = 52 [2011/12/13 17:45:59.012356, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.012392, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=44 [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 00 ........ ........ [0020] 0C 00 00 00 02 00 01 00 00 00 00 02 ........ .... [2011/12/13 17:45:59.012908, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.012945, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.012981, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:59.013018, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2011/12/13 17:45:59.013057, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[6].fn == 0xb7147920 [2011/12/13 17:45:59.013100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2011/12/13 17:45:59.013606, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xa0000000 to 0x00020807 [2011/12/13 17:45:59.013649, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x00020807, granted: 0x00020807) [2011/12/13 17:45:59.013695, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.013783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-4781f97b0000 result : NT_STATUS_OK [2011/12/13 17:45:59.013922, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:59.013960, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 52 [2011/12/13 17:45:59.014004, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:59.014041, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:59.014085, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:59.014474, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2011/12/13 17:45:59.014518, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:59.014555, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:59.014589, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.014609, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:59.014907, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... [0030] 00 . [2011/12/13 17:45:59.015211, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 130 [2011/12/13 17:45:59.015266, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x82 [2011/12/13 17:45:59.015302, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 134 (0 toread) [2011/12/13 17:45:59.015335, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.015364, 5] lib/util.c:342(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27150 (0x6A0E) smb_bcc=63 [2011/12/13 17:45:59.015724, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 08 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 05 00 ......NG ..{.... [2011/12/13 17:45:59.015867, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.015903, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.015940, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2011/12/13 17:45:59.015977, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.016008, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.016039, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.016071, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) [2011/12/13 17:45:59.016105, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.016138, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 46 [2011/12/13 17:45:59.016172, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 46 [2011/12/13 17:45:59.016204, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 46 [2011/12/13 17:45:59.016237, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.016270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.016301, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 30 [2011/12/13 17:45:59.016333, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 30 [2011/12/13 17:45:59.016367, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.016399, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 30 [2011/12/13 17:45:59.016430, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 30, incoming data = 30 [2011/12/13 17:45:59.016464, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.016500, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002e (46) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=22 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 05 00 .{.... [2011/12/13 17:45:59.016961, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.016997, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.017031, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:59.017067, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2011/12/13 17:45:59.017103, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[7].fn == 0xb7147620 [2011/12/13 17:45:59.017143, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-4781f97b0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2011/12/13 17:45:59.017282, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.017363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'X86ERR300S3' sid : * sid : S-1-5-21-861941570-1634457251-3974523304 result : NT_STATUS_OK [2011/12/13 17:45:59.017615, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:59.017654, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 30 [2011/12/13 17:45:59.017699, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:59.017737, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 88. [2011/12/13 17:45:59.017778, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0070 (112) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000058 (88) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=88 [0000] 00 00 02 00 05 00 00 00 16 00 18 00 04 00 02 00 ........ ........ [0010] 08 00 02 00 0C 00 00 00 00 00 00 00 0B 00 00 00 ........ ........ [0020] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. [0030] 30 00 53 00 33 00 00 00 04 00 00 00 01 04 00 00 0.S.3... ........ [0040] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka [0050] A8 69 E6 EC 00 00 00 00 .i...... [2011/12/13 17:45:59.018333, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 68 [2011/12/13 17:45:59.018377, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 112 bytes. There is no more data outstanding [2011/12/13 17:45:59.018414, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..112] (align 0) [2011/12/13 17:45:59.018448, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.018468, 5] lib/util.c:342(show_msg) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2011/12/13 17:45:59.018751, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 70 00 00 00 08 00 00 ........ .p...... [0010] 00 58 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .X...... ........ [0020] 00 16 00 18 00 04 00 02 00 08 00 02 00 0C 00 00 ........ ........ [0030] 00 00 00 00 00 0B 00 00 00 58 00 38 00 36 00 45 ........ .X.8.6.E [0040] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 00 .R.R.3.0 .0.S.3.. [0050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0060] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC 00 00 00 .B/`3..k a.i..... [0070] 00 . [2011/12/13 17:45:59.019189, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2011/12/13 17:45:59.019244, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2011/12/13 17:45:59.019280, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 132 (0 toread) [2011/12/13 17:45:59.019313, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.019333, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27150 (0x6A0E) smb_bcc=61 [2011/12/13 17:45:59.019697, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 ......NG ..{.. [2011/12/13 17:45:59.019840, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.019876, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.019923, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2011/12/13 17:45:59.019961, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.019992, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.020024, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.020056, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) [2011/12/13 17:45:59.020090, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.020124, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2011/12/13 17:45:59.020157, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:59.020190, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:59.020223, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.020256, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.020288, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:59.020319, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2011/12/13 17:45:59.020353, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.020385, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2011/12/13 17:45:59.020418, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2011/12/13 17:45:59.020452, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.020489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.020937, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.020973, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.021006, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2011/12/13 17:45:59.021041, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2011/12/13 17:45:59.021077, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[0].fn == 0xb71489f0 [2011/12/13 17:45:59.021116, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-e74e-4781f97b0000 [2011/12/13 17:45:59.021245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.021323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.021398, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2011/12/13 17:45:59.021432, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2011/12/13 17:45:59.021564, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2011/12/13 17:45:59.021603, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2011/12/13 17:45:59.021648, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 4280 [2011/12/13 17:45:59.021686, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:59.021727, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2011/12/13 17:45:59.022117, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2011/12/13 17:45:59.022160, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:59.022197, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:59.022231, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.022251, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:59.022530, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2011/12/13 17:45:59.022825, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2011/12/13 17:45:59.022880, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2011/12/13 17:45:59.022916, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 45 (0 toread) [2011/12/13 17:45:59.022950, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.022970, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=10 smt_wct=3 smb_vwv[ 0]=27150 (0x6A0E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/12/13 17:45:59.023169, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:59.023192, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.023227, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.023265, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=27150 (numopen=1) [2011/12/13 17:45:59.023304, 6] smbd/close.c:532(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2011/12/13 17:45:59.023354, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2011/12/13 17:45:59.023394, 5] smbd/files.c:482(file_free) freed files structure 27150 (0 used) [2011/12/13 17:45:59.023430, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.023451, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=10 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:59.023612, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:59.023764, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 98 [2011/12/13 17:45:59.023817, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x62 [2011/12/13 17:45:59.023853, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 102 (0 toread) [2011/12/13 17:45:59.023886, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.023906, 5] lib/util.c:342(show_msg) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=11 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [2011/12/13 17:45:59.024367, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 00 00 .\.s.a.m .r..... [2011/12/13 17:45:59.024421, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.024457, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.024493, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = samr [2011/12/13 17:45:59.024532, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \samr. [2011/12/13 17:45:59.024577, 5] smbd/files.c:140(file_new) allocated file structure 23055, fnum = 27151 (1 used) [2011/12/13 17:45:59.024617, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/samr hash 0x6499a7ce [2011/12/13 17:45:59.024657, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2011/12/13 17:45:59.024725, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2011/12/13 17:45:59.024767, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2011/12/13 17:45:59.024809, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2011/12/13 17:45:59.024847, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \samr [2011/12/13 17:45:59.025028, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 156 [2011/12/13 17:45:59.025082, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9c [2011/12/13 17:45:59.025117, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 160 (0 toread) [2011/12/13 17:45:59.025151, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.025171, 5] lib/util.c:342(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=89 [2011/12/13 17:45:59.025536, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 0A 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2011/12/13 17:45:59.025737, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.025773, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.025811, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2011/12/13 17:45:59.025848, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.025880, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.025912, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.025944, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.025978, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.026012, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 72 [2011/12/13 17:45:59.026046, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:59.026079, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:59.026112, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.026146, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.026178, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:59.026210, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 [2011/12/13 17:45:59.026254, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.026287, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2011/12/13 17:45:59.026319, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 [2011/12/13 17:45:59.026352, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.026389, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ac if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:59.026891, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2011/12/13 17:45:59.026927, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2011/12/13 17:45:59.026961, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2011/12/13 17:45:59.026993, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \samr [2011/12/13 17:45:59.027027, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\samr -> \PIPE\samr [2011/12/13 17:45:59.027070, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000b (11) secondary_address : '\PIPE\samr' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2011/12/13 17:45:59.027541, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 56 [2011/12/13 17:45:59.027587, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.027625, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2011/12/13 17:45:59.027662, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2011/12/13 17:45:59.027702, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2011/12/13 17:45:59.027738, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2011/12/13 17:45:59.027772, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.027792, 5] lib/util.c:342(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2011/12/13 17:45:59.028075, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0A 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2011/12/13 17:45:59.028431, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 144 [2011/12/13 17:45:59.028485, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2011/12/13 17:45:59.028522, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 148 (0 toread) [2011/12/13 17:45:59.028555, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.028575, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=77 [2011/12/13 17:45:59.028969, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 0B 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 39 00 00 00 02 00 07 00 00 .$.....9 ........ [0030] 00 00 00 00 00 07 00 00 00 4D 00 41 00 53 00 54 ........ .M.A.S.T [0040] 00 45 00 52 00 00 00 00 00 30 00 00 00 .E.R.... .0... [2011/12/13 17:45:59.029144, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.029180, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.029227, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2011/12/13 17:45:59.029265, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.029297, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.029329, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.029361, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.029395, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.029429, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2011/12/13 17:45:59.029462, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2011/12/13 17:45:59.029494, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 [2011/12/13 17:45:59.029527, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.029561, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.029593, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:59.029625, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 [2011/12/13 17:45:59.029659, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.029691, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2011/12/13 17:45:59.029722, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 [2011/12/13 17:45:59.029756, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.029791, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) opnum : 0x0039 (57) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=36 [0000] 00 00 02 00 07 00 00 00 00 00 00 00 07 00 00 00 ........ ........ [0010] 4D 00 41 00 53 00 54 00 45 00 52 00 00 00 00 00 M.A.S.T. E.R..... [0020] 30 00 00 00 0... [2011/12/13 17:45:59.030408, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.030445, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.030479, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\samr [2011/12/13 17:45:59.030515, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT2 [2011/12/13 17:45:59.030555, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[57].fn == 0xb71dc070 [2011/12/13 17:45:59.030598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'MASTER' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2011/12/13 17:45:59.030808, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2011/12/13 17:45:59.030857, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000030, granted: 0x00000030) [2011/12/13 17:45:59.030895, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.030972, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2011/12/13 17:45:59.031005, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-e74e-4781f97b0000 result : NT_STATUS_OK [2011/12/13 17:45:59.031145, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2011/12/13 17:45:59.031185, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 44 [2011/12/13 17:45:59.031231, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.031269, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:59.031310, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:59.031701, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1006 [2011/12/13 17:45:59.031745, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:59.031782, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:59.031816, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.031836, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:59.032128, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... [0030] 00 . [2011/12/13 17:45:59.032432, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 160 [2011/12/13 17:45:59.032487, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa0 [2011/12/13 17:45:59.032522, 3] smbd/process.c:1662(process_smb) Transaction 13 of length 164 (0 toread) [2011/12/13 17:45:59.032555, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.032575, 5] lib/util.c:342(show_msg) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=93 [2011/12/13 17:45:59.032964, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 0C 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 0E 00 00 .4...... ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 11 02 00 ......NG ..{..... [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0050] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC .B/`3..k a.i.. [2011/12/13 17:45:59.033168, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.033204, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.033241, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=76 params=0 setup=2 [2011/12/13 17:45:59.033278, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.033309, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.033341, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.033373, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.033407, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.033440, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 76 [2011/12/13 17:45:59.033473, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 76 [2011/12/13 17:45:59.033506, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 76 [2011/12/13 17:45:59.033539, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.033572, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.033604, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2011/12/13 17:45:59.033636, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 60 [2011/12/13 17:45:59.033670, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.033712, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 60 [2011/12/13 17:45:59.033745, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 60, incoming data = 60 [2011/12/13 17:45:59.033778, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.033814, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x004c (76) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=52 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 11 02 00 00 04 00 00 00 01 04 00 00 .{...... ........ [0020] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka [0030] A8 69 E6 EC .i.. [2011/12/13 17:45:59.034313, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.034347, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.034380, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\samr [2011/12/13 17:45:59.034416, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2011/12/13 17:45:59.034452, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[7].fn == 0xb71e5360 [2011/12/13 17:45:59.034492, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-e74e-4781f97b0000 access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-861941570-1634457251-3974523304 [2011/12/13 17:45:59.034833, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.034918, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2011/12/13 17:45:59.034968, 4] rpc_server/srv_access_check.c:68(access_check_object) access_check_object: user rights access mask [0x10] [2011/12/13 17:45:59.035004, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000201, granted: 0x00000211) [2011/12/13 17:45:59.035040, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.035122, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2011/12/13 17:45:59.035158, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-4781f97b0000 result : NT_STATUS_OK [2011/12/13 17:45:59.035289, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2011/12/13 17:45:59.035332, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 60 [2011/12/13 17:45:59.035377, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.035414, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:59.035455, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:59.035845, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1006 [2011/12/13 17:45:59.035888, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:59.035925, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:59.035960, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.035979, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:59.036265, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... [0030] 00 . [2011/12/13 17:45:59.036905, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 172 [2011/12/13 17:45:59.036960, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xac [2011/12/13 17:45:59.036996, 3] smbd/process.c:1662(process_smb) Transaction 14 of length 176 (0 toread) [2011/12/13 17:45:59.037029, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.037049, 5] lib/util.c:342(show_msg) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=105 [2011/12/13 17:45:59.037407, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 0D 00 00 ........ .X...... [0020] 00 40 00 00 00 00 00 32 00 00 00 00 00 0F 00 00 .@.....2 ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 0E 00 0E ......NG ..{..... [0040] 00 00 00 02 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0050] 00 6D 00 61 00 73 00 74 00 65 00 72 00 24 00 00 .m.a.s.t .e.r.$.. [0060] 00 00 01 00 00 B0 00 05 E0 ........ . [2011/12/13 17:45:59.037636, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.037672, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.037709, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=88 params=0 setup=2 [2011/12/13 17:45:59.037747, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.037778, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.037811, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.037843, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.037877, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.037911, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 88 [2011/12/13 17:45:59.037945, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 88 [2011/12/13 17:45:59.037977, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 [2011/12/13 17:45:59.038010, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.038044, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.038076, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:59.038108, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 [2011/12/13 17:45:59.038142, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.038174, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 72 [2011/12/13 17:45:59.038206, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 [2011/12/13 17:45:59.038240, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.038285, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0058 (88) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000040 (64) context_id : 0x0000 (0) opnum : 0x0032 (50) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=64 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 0E 00 0E 00 00 00 02 00 07 00 00 00 .{...... ........ [0020] 00 00 00 00 07 00 00 00 6D 00 61 00 73 00 74 00 ........ m.a.s.t. [0030] 65 00 72 00 24 00 00 00 00 01 00 00 B0 00 05 E0 e.r.$... ........ [2011/12/13 17:45:59.038804, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.038842, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.038876, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\samr [2011/12/13 17:45:59.038911, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATEUSER2 [2011/12/13 17:45:59.038948, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[50].fn == 0xb71dd480 [2011/12/13 17:45:59.038992, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-4781f97b0000 account_name : * account_name: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'master$' acct_flags : 0x00000100 (256) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 1: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP [2011/12/13 17:45:59.039724, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.039803, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2011/12/13 17:45:59.039836, 10] rpc_server/samr/srv_samr_nt.c:3668(can_create) Checking whether [master$] can be created [2011/12/13 17:45:59.039870, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(2007, 5001) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.039907, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:59.039941, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.039974, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.040006, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.040060, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: master$ => domain=[], name=[master$] [2011/12/13 17:45:59.040096, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x071 [2011/12/13 17:45:59.040129, 10] lib/util_wellknown.c:152(lookup_wellknown_name) map_name_to_wellknown_sid: looking up master$ [2011/12/13 17:45:59.040170, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.040203, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.040236, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.040268, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.040299, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.040440, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=master$)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:59.041068, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: master$ [2011/12/13 17:45:59.041122, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username master$, was [2011/12/13 17:45:59.041158, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.041192, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username master$, was [2011/12/13 17:45:59.041233, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.041269, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.041320, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:59.041362, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:59.041401, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:59.041449, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:59.041489, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:59.041528, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name master, was [2011/12/13 17:45:59.041569, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:59.041602, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.041641, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:59.041681, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\master_, was [2011/12/13 17:45:59.041723, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:59.041758, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.041798, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:59.041837, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was [2011/12/13 17:45:59.041879, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:59.041919, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:59.041958, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:59.042009, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.042046, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.042079, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.042112, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.042143, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.042211, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.042260, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:59.042302, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:59.042342, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:59.042390, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user master$ [2011/12/13 17:45:59.042428, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:59.042462, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:59.042500, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.042534, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.042567, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.042600, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.042631, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.042695, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.042734, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user master$ [2011/12/13 17:45:59.042777, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is master$ [2011/12/13 17:45:59.042924, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [master$]! [2011/12/13 17:45:59.042987, 10] passdb/lookup_sid.c:1392(gid_to_sid) gid 5005 -> sid S-1-5-21-861941570-1634457251-3974523304-11012 [2011/12/13 17:45:59.043030, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11012) for group of user master$ [2011/12/13 17:45:59.043068, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11012' [2011/12/13 17:45:59.043108, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 [2011/12/13 17:45:59.043146, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' [2011/12/13 17:45:59.043184, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.043218, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.043251, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.043283, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.043315, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.043366, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 11012. [2011/12/13 17:45:59.043403, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2011/12/13 17:45:59.043437, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2011/12/13 17:45:59.043469, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2011/12/13 17:45:59.043501, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.043532, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.043602, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012)(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:59.044016, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11012] count=0 [2011/12/13 17:45:59.044086, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012))], scope => [2] [2011/12/13 17:45:59.044550, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) init_group_from_ldap: Entry found for group: 5005 [2011/12/13 17:45:59.044614, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute displayName does not exist [2011/12/13 17:45:59.044656, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:59.044729, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.044773, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: DC Backup Hosts:2 [2011/12/13 17:45:59.044810, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.044846, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-861941570-1634457251-3974523304-11012 -> X86ERR300S3\DC Backup Hosts(2) [2011/12/13 17:45:59.044887, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.044921, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.044962, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.044997, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.045028, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.045094, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.045139, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username master$, was [2011/12/13 17:45:59.045175, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.045208, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username master$, was [2011/12/13 17:45:59.045241, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name master, was [2011/12/13 17:45:59.045281, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\master_, was [2011/12/13 17:45:59.045316, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.045350, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.045390, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was [2011/12/13 17:45:59.045426, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:59.045462, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.045495, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.045528, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.045560, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.045593, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.045656, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.045694, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.045732, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 from rid 5002 [2011/12/13 17:45:59.045785, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11012 [2011/12/13 17:45:59.045829, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.045876, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (2007, 5001) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.045914, 5] rpc_server/samr/srv_samr_nt.c:3683(can_create) trying to create master$, exists as User [2011/12/13 17:45:59.045948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000000 (0) result : NT_STATUS_USER_EXISTS [2011/12/13 17:45:59.046143, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2011/12/13 17:45:59.046193, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 72 [2011/12/13 17:45:59.046245, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.046284, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 32. [2011/12/13 17:45:59.046325, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 C0 ........ ....c... [2011/12/13 17:45:59.046719, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2011/12/13 17:45:59.046763, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 56 bytes. There is no more data outstanding [2011/12/13 17:45:59.046813, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..56] (align 0) [2011/12/13 17:45:59.046849, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.046869, 5] lib/util.c:342(show_msg) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2011/12/13 17:45:59.047160, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 38 00 00 00 0D 00 00 ........ .8...... [0010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 63 00 00 C0 .....c.. . [2011/12/13 17:45:59.047477, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 178 [2011/12/13 17:45:59.047532, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb2 [2011/12/13 17:45:59.047567, 3] smbd/process.c:1662(process_smb) Transaction 15 of length 182 (0 toread) [2011/12/13 17:45:59.047600, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.047620, 5] lib/util.c:342(show_msg) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=111 [2011/12/13 17:45:59.047976, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 5E 00 00 00 0E 00 00 ........ .^...... [0020] 00 46 00 00 00 00 00 11 00 00 00 00 00 0F 00 00 .F...... ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 01 00 00 ......NG ..{..... [0040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E ........ ........ [0050] 00 00 00 02 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0060] 00 6D 00 61 00 73 00 74 00 65 00 72 00 24 00 .m.a.s.t .e.r.$. [2011/12/13 17:45:59.048211, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.048249, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.048287, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=94 params=0 setup=2 [2011/12/13 17:45:59.048323, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.048354, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.048386, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.048418, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.048452, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.048485, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 94 [2011/12/13 17:45:59.048519, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 94 [2011/12/13 17:45:59.048552, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 94 [2011/12/13 17:45:59.048585, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.048619, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.048650, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 78 [2011/12/13 17:45:59.048682, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 78 [2011/12/13 17:45:59.048752, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.048786, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 78 [2011/12/13 17:45:59.048818, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 78, incoming data = 78 [2011/12/13 17:45:59.048853, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.048889, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005e (94) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000046 (70) context_id : 0x0000 (0) opnum : 0x0011 (17) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=70 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 01 00 00 00 E8 03 00 00 00 00 00 00 .{...... ........ [0020] 01 00 00 00 0E 00 0E 00 00 00 02 00 07 00 00 00 ........ ........ [0030] 00 00 00 00 07 00 00 00 6D 00 61 00 73 00 74 00 ........ m.a.s.t. [0040] 65 00 72 00 24 00 e.r.$. [2011/12/13 17:45:59.049436, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.049471, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.049504, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\samr [2011/12/13 17:45:59.049540, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES [2011/12/13 17:45:59.049576, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[17].fn == 0xb71e3400 [2011/12/13 17:45:59.049622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-4781f97b0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'master$' [2011/12/13 17:45:59.049849, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2011/12/13 17:45:59.049886, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.049963, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2011/12/13 17:45:59.049996, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-861941570-1634457251-3974523304 [2011/12/13 17:45:59.050034, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(2007, 5001) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.050072, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:59.050105, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.050138, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.050169, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.050241, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=master$)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:59.050806, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: master$ [2011/12/13 17:45:59.050860, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username master$, was [2011/12/13 17:45:59.050897, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.050930, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username master$, was [2011/12/13 17:45:59.050971, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.051006, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.051057, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2011/12/13 17:45:59.051108, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2011/12/13 17:45:59.051148, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2011/12/13 17:45:59.051186, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2011/12/13 17:45:59.051224, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2011/12/13 17:45:59.051262, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name master, was [2011/12/13 17:45:59.051303, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2011/12/13 17:45:59.051335, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.051375, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2011/12/13 17:45:59.051414, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\master_, was [2011/12/13 17:45:59.051456, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2011/12/13 17:45:59.051490, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.051530, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2011/12/13 17:45:59.051569, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was [2011/12/13 17:45:59.051611, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:59.051649, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2011/12/13 17:45:59.051688, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2011/12/13 17:45:59.051739, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.051776, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.051809, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.051842, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.051874, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.051942, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.051991, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2011/12/13 17:45:59.052033, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2011/12/13 17:45:59.052073, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2011/12/13 17:45:59.052122, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user master$ [2011/12/13 17:45:59.052160, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2011/12/13 17:45:59.052194, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2011/12/13 17:45:59.052231, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.052266, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.052299, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.052332, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.052372, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.052438, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.052477, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user master$ [2011/12/13 17:45:59.052510, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is master$ [2011/12/13 17:45:59.052545, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [master$]! [2011/12/13 17:45:59.052580, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11012) for group of user master$ [2011/12/13 17:45:59.052617, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11012' [2011/12/13 17:45:59.052657, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 [2011/12/13 17:45:59.052725, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' [2011/12/13 17:45:59.052772, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.052807, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.052841, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.052874, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.052905, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.052957, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 11012. [2011/12/13 17:45:59.052994, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.053028, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2011/12/13 17:45:59.053060, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2011/12/13 17:45:59.053093, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.053124, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.053195, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012)(objectclass=sambaSamAccount))], scope => [2] [2011/12/13 17:45:59.053602, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11012] count=0 [2011/12/13 17:45:59.053673, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012))], scope => [2] [2011/12/13 17:45:59.054124, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) init_group_from_ldap: Entry found for group: 5005 [2011/12/13 17:45:59.054187, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute displayName does not exist [2011/12/13 17:45:59.054230, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute description does not exist [2011/12/13 17:45:59.054275, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.054313, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: DC Backup Hosts:2 [2011/12/13 17:45:59.054350, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.054387, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-861941570-1634457251-3974523304-11012 -> X86ERR300S3\DC Backup Hosts(2) [2011/12/13 17:45:59.054436, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.054473, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.054574, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.054616, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.054648, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.054716, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.054761, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username master$, was [2011/12/13 17:45:59.054811, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.054846, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username master$, was [2011/12/13 17:45:59.054880, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name master, was [2011/12/13 17:45:59.054920, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\master_, was [2011/12/13 17:45:59.054956, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.054992, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.055032, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was [2011/12/13 17:45:59.055069, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:59.055105, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.055140, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.055173, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.055207, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.055239, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.055304, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.055342, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.055380, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 from rid 5002 [2011/12/13 17:45:59.055434, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11012 [2011/12/13 17:45:59.055483, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (2007, 5001) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.055526, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2011/12/13 17:45:59.055560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x0000138a (5002) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2011/12/13 17:45:59.055820, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2011/12/13 17:45:59.055863, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 78 [2011/12/13 17:45:59.055908, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.055945, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 36. [2011/12/13 17:45:59.055987, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=36 [0000] 01 00 00 00 04 00 02 00 01 00 00 00 8A 13 00 00 ........ ........ [0010] 01 00 00 00 08 00 02 00 01 00 00 00 01 00 00 00 ........ ........ [0020] 00 00 00 00 .... [2011/12/13 17:45:59.056414, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 34 [2011/12/13 17:45:59.056458, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 60 bytes. There is no more data outstanding [2011/12/13 17:45:59.056495, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..60] (align 0) [2011/12/13 17:45:59.056529, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.056549, 5] lib/util.c:342(show_msg) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2011/12/13 17:45:59.056868, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 0E 00 00 ........ .<...... [0010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 02 .$...... ........ [0020] 00 01 00 00 00 8A 13 00 00 01 00 00 00 08 00 02 ........ ........ [0030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2011/12/13 17:45:59.057187, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 136 [2011/12/13 17:45:59.057241, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x88 [2011/12/13 17:45:59.057277, 3] smbd/process.c:1662(process_smb) Transaction 16 of length 140 (0 toread) [2011/12/13 17:45:59.057310, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.057331, 5] lib/util.c:342(show_msg) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=69 [2011/12/13 17:45:59.057697, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 0F 00 00 ........ .4...... [0020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 0F 00 00 ......." ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... [0040] 02 8A 13 00 00 ..... [2011/12/13 17:45:59.057862, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.057898, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.057935, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=52 params=0 setup=2 [2011/12/13 17:45:59.057972, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.058003, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.058035, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.058067, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.058101, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.058134, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 52 [2011/12/13 17:45:59.058168, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 52 [2011/12/13 17:45:59.058201, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 52 [2011/12/13 17:45:59.058234, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.058268, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.058300, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 36 [2011/12/13 17:45:59.058332, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 36 [2011/12/13 17:45:59.058366, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.058399, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 36 [2011/12/13 17:45:59.058431, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 36, incoming data = 36 [2011/12/13 17:45:59.058465, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.058501, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0034 (52) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=28 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 00 00 00 02 8A 13 00 00 .{...... .... [2011/12/13 17:45:59.058950, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2011/12/13 17:45:59.058985, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2011/12/13 17:45:59.059019, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\samr [2011/12/13 17:45:59.059055, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER [2011/12/13 17:45:59.059091, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0xb71e0400 [2011/12/13 17:45:59.059129, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-e74e-4781f97b0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x0000138a (5002) [2011/12/13 17:45:59.059434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.059511, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2011/12/13 17:45:59.059551, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xa0000000 to 0x0002035b [2011/12/13 17:45:59.059587, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(2007, 5001) : sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.059624, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2011/12/13 17:45:59.059657, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.059690, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.059722, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.059778, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.059814, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.059847, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.059879, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.059911, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.059976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.060016, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.060050, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.060083, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.060124, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.060157, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.060220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.060264, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username master$, was [2011/12/13 17:45:59.060300, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain X86ERR300S3, was [2011/12/13 17:45:59.060334, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username master$, was [2011/12/13 17:45:59.060367, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name master, was [2011/12/13 17:45:59.060406, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\master\master_, was [2011/12/13 17:45:59.060442, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive I:, was NULL [2011/12/13 17:45:59.060477, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2011/12/13 17:45:59.060516, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was [2011/12/13 17:45:59.060552, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2011/12/13 17:45:59.060588, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.060622, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2011/12/13 17:45:59.060655, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2011/12/13 17:45:59.060688, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.060755, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.060824, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/12/13 17:45:59.060863, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 [2011/12/13 17:45:59.060901, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 from rid 5002 [2011/12/13 17:45:59.060955, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11012 [2011/12/13 17:45:59.060997, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (2007, 5001) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.061038, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenUser: access GRANTED (requested: 0x0002035b, granted: 0x0002035b) [2011/12/13 17:45:59.061075, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.061153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-e74e-4781f97b0000 result : NT_STATUS_OK [2011/12/13 17:45:59.061285, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2011/12/13 17:45:59.061323, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 36 [2011/12/13 17:45:59.061379, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.061417, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2011/12/13 17:45:59.061459, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 00 00 00 00 .{...... [2011/12/13 17:45:59.061848, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1238 [2011/12/13 17:45:59.061892, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2011/12/13 17:45:59.061929, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2011/12/13 17:45:59.061963, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.061983, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2011/12/13 17:45:59.062266, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0F 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ........ ........ [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... [0030] 00 . [2011/12/13 17:45:59.062646, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 649 [2011/12/13 17:45:59.062702, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x289 [2011/12/13 17:45:59.062739, 3] smbd/process.c:1662(process_smb) Transaction 17 of length 653 (0 toread) [2011/12/13 17:45:59.062772, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.062804, 5] lib/util.c:342(show_msg) size=649 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 565 (0x235) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 565 (0x235) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=27151 (0x6A0F) smb_bcc=582 [2011/12/13 17:45:59.063172, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 35 02 00 00 10 00 00 ........ .5...... [0020] 00 1D 02 00 00 00 00 3A 00 00 00 00 00 10 00 00 .......: ........ [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 18 00 18 ......NG ..{..... [0040] 00 A7 74 41 B8 96 0F 68 6D 8D DE 94 EC 46 BF F8 ..tA...h m....F.. [0050] D0 2A 7F 48 EF 22 75 58 58 34 56 6F 38 48 75 80 .*.H."uX X4Vo8Hu. [0060] CF 0B E1 D9 94 9A FD 13 D7 5F BD F2 4B 45 83 89 ........ ._..KE.. [0070] 14 BB A9 78 1D 32 BB 14 C6 AD A7 5A E3 88 2B D0 ...x.2.. ...Z..+. [0080] 04 8C 20 98 40 AD 69 DE 74 D9 E3 73 D6 28 53 06 .. .@.i. t..s.(S. [0090] E4 BB 29 1D 56 8A E0 1B FE 16 64 9F 97 EC 57 7F ..).V... ..d...W. [00A0] 09 CD 38 24 44 C5 91 D4 2E A4 46 79 97 E7 45 79 ..8$D... ..Fy..Ey [00B0] 58 0B 4A 6B B6 83 B7 92 50 AA D0 84 AC 54 A9 7D X.Jk.... P....T.} [00C0] 61 52 8B 03 64 7A BF F2 5E C9 1F 78 2E 1C F2 19 aR..dz.. ^..x.... [00D0] CD 75 13 96 90 01 2C 5B F8 F8 3D D9 0C FE 21 F4 .u....,[ ..=...!. [00E0] 3A 48 91 F9 9F 5A 6B 0B 67 1F 9C 02 2E BC C2 32 :H...Zk. g......2 [00F0] 9C 03 76 EC 23 E6 3C 44 BC 6B D0 5E E2 87 EB 8C ..v.#. data=565 params=0 setup=2 [2011/12/13 17:45:59.064242, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2011/12/13 17:45:59.064273, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2011/12/13 17:45:59.064304, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2011/12/13 17:45:59.064335, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 6a0f) [2011/12/13 17:45:59.064368, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0xb9780610 max_trans_reply: 4280 [2011/12/13 17:45:59.064401, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 565 [2011/12/13 17:45:59.064435, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 565 [2011/12/13 17:45:59.064466, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 565 [2011/12/13 17:45:59.064499, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 565, len_needed_to_complete_hdr = 16, receive_len = 0 [2011/12/13 17:45:59.064532, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2011/12/13 17:45:59.064564, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 549 [2011/12/13 17:45:59.064595, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 549 [2011/12/13 17:45:59.064638, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2011/12/13 17:45:59.064671, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 549 [2011/12/13 17:45:59.064734, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 549, incoming data = 549 [2011/12/13 17:45:59.064772, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2011/12/13 17:45:59.064809, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0235 (565) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000021d (541) context_id : 0x0000 (0) opnum : 0x003a (58) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=541 [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 18 00 18 00 A7 74 41 B8 96 0F 68 6D .{...... .tA...hm [0020] 8D DE 94 EC 46 BF F8 D0 2A 7F 48 EF 22 75 58 58 ....F... *.H."uXX [0030] 34 56 6F 38 48 75 80 CF 0B E1 D9 94 9A FD 13 D7 4Vo8Hu.. ........ [0040] 5F BD F2 4B 45 83 89 14 BB A9 78 1D 32 BB 14 C6 _..KE... ..x.2... [0050] AD A7 5A E3 88 2B D0 04 8C 20 98 40 AD 69 DE 74 ..Z..+.. . .@.i.t [0060] D9 E3 73 D6 28 53 06 E4 BB 29 1D 56 8A E0 1B FE ..s.(S.. .).V.... [0070] 16 64 9F 97 EC 57 7F 09 CD 38 24 44 C5 91 D4 2E .d...W.. .8$D.... [0080] A4 46 79 97 E7 45 79 58 0B 4A 6B B6 83 B7 92 50 .Fy..EyX .Jk....P [0090] AA D0 84 AC 54 A9 7D 61 52 8B 03 64 7A BF F2 5E ....T.}a R..dz..^ [00A0] C9 1F 78 2E 1C F2 19 CD 75 13 96 90 01 2C 5B F8 ..x..... u....,[. [00B0] F8 3D D9 0C FE 21 F4 3A 48 91 F9 9F 5A 6B 0B 67 .=...!.: H...Zk.g [00C0] 1F 9C 02 2E BC C2 32 9C 03 76 EC 23 E6 3C 44 BC ......2. .v.#. bd9d77befc9c121f3869d8962e76680715bea00581ccdf330daafd314b57cb password_expired : 0x00 (0) [2011/12/13 17:45:59.067059, 5] rpc_server/samr/srv_samr_nt.c:5008(_samr_SetUserInfo) _samr_SetUserInfo: 5008 [2011/12/13 17:45:59.067096, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. [0010] F9 7B 00 00 .{.. [2011/12/13 17:45:59.067170, 2] rpc_server/rpc_handles.c:404(_policy_handle_find) rpc_server/samr/srv_samr_nt.c:5063: ACCESS DENIED (granted: 0x0002035b; required: 0x00000080) [2011/12/13 17:45:59.067205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_ACCESS_DENIED [2011/12/13 17:45:59.067270, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2011/12/13 17:45:59.067308, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 549 [2011/12/13 17:45:59.067355, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \samr len: 4280 [2011/12/13 17:45:59.067393, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. [2011/12/13 17:45:59.067444, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4 [0000] 22 00 00 C0 "... [2011/12/13 17:45:59.067793, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2011/12/13 17:45:59.067836, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 28 bytes. There is no more data outstanding [2011/12/13 17:45:59.067873, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2011/12/13 17:45:59.067907, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.067927, 5] lib/util.c:342(show_msg) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2011/12/13 17:45:59.068209, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 10 00 00 ........ ........ [0010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."... [2011/12/13 17:45:59.068639, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2011/12/13 17:45:59.068724, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2011/12/13 17:45:59.069018, 3] smbd/process.c:1662(process_smb) Transaction 18 of length 45 (0 toread) [2011/12/13 17:45:59.069053, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.069073, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=19 smt_wct=3 smb_vwv[ 0]=27151 (0x6A0F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2011/12/13 17:45:59.069374, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:59.069402, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.069438, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2011/12/13 17:45:59.069473, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=27151 (numopen=1) [2011/12/13 17:45:59.069508, 6] smbd/close.c:532(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2011/12/13 17:45:59.069551, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \samr [2011/12/13 17:45:59.069592, 5] smbd/files.c:482(file_free) freed files structure 27151 (0 used) [2011/12/13 17:45:59.069629, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.069649, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=19 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:59.069818, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:59.069957, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2011/12/13 17:45:59.070010, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2011/12/13 17:45:59.070045, 3] smbd/process.c:1662(process_smb) Transaction 19 of length 39 (0 toread) [2011/12/13 17:45:59.070079, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.070098, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=20 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:59.070256, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:59.070279, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 31737) conn 0xb9787f50 [2011/12/13 17:45:59.070313, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.070346, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.070378, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.070430, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:59.070467, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.070501, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.070532, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.070581, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:59.070615, 3] smbd/service.c:1378(close_cnum) master (10.200.8.180) closed connection to service IPC$ [2011/12/13 17:45:59.070655, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2011/12/13 17:45:59.070746, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F97B0000FFFFFFFF12FF [2011/12/13 17:45:59.070788, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9777658 [2011/12/13 17:45:59.070845, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F97B0000FFFFFFFF12FF [2011/12/13 17:45:59.070941, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2011/12/13 17:45:59.070980, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.071013, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.071045, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.071094, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:59.071136, 5] lib/util.c:332(show_msg) [2011/12/13 17:45:59.071157, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=31735 smb_uid=100 smb_mid=20 smt_wct=0 smb_bcc=0 [2011/12/13 17:45:59.071318, 10] ../lib/util/util.c:415(dump_data) [2011/12/13 17:45:59.071724, 5] lib/util_sock.c:319(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/12/13 17:45:59.071777, 5] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 10.200.8.180 read error = NT_STATUS_END_OF_FILE. [2011/12/13 17:45:59.071818, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/12/13 17:45:59.071854, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/12/13 17:45:59.071886, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/12/13 17:45:59.071936, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/12/13 17:45:59.072210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F33313733372F31 [2011/12/13 17:45:59.072257, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb97c0578 [2011/12/13 17:45:59.078402, 4] auth/pampass.c:483(smb_pam_start) smb_pam_start: PAM: Init user: user1 [2011/12/13 17:45:59.081720, 4] auth/pampass.c:492(smb_pam_start) smb_pam_start: PAM: setting rhost to: 10.200.8.180 [2011/12/13 17:45:59.081769, 4] auth/pampass.c:501(smb_pam_start) smb_pam_start: PAM: setting tty [2011/12/13 17:45:59.081803, 4] auth/pampass.c:509(smb_pam_start) smb_pam_start: PAM: Init passed for user: user1 [2011/12/13 17:45:59.081836, 4] auth/pampass.c:646(smb_internal_pam_session) smb_internal_pam_session: PAM: tty set to: smb/31737/100 [2011/12/13 17:45:59.082795, 4] auth/pampass.c:465(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2011/12/13 17:45:59.082861, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F33313733372F31 [2011/12/13 17:45:59.082989, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2011/12/13 17:45:59.084487, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key F97B0000FFFFFFFF [2011/12/13 17:45:59.084559, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb9770548 [2011/12/13 17:45:59.084603, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key F97B0000FFFFFFFF ### /var/log/samba/log.nmbd Allocated locked data 0x0xb8a47610 [2011/12/13 17:45:15, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 99770000FFFFFFFF [2011/12/13 17:45:35, 0] nmbd/nmbd.c:861(main) nmbd version 3.6.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2011/12/13 17:45:35, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter syslog = 0 doing parameter max log size = 1000000 doing parameter max open files = 32808 doing parameter server string = %h univention corporate server doing parameter netbios name = master [2011/12/13 17:45:35, 4] param/loadparm.c:7584(handle_netbios_name) handle_netbios_name: set global_myname to: MASTER doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" doing parameter auth methods = guest sam winbind doing parameter ldap suffix = dc=x86err300s3,dc=qa doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" doing parameter ldap ssl = start tls doing parameter passdb expand explicit = no doing parameter ldap idmap suffix = cn=idmap,cn=univention doing parameter idmap config * : backend = ldap doing parameter idmap config * : range = 55000-64000 doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa doing parameter idmap config X86ERR300S3 : backend = nss doing parameter idmap config X86ERR300S3 : range = 1000-54999 doing parameter winbind max clients = 500 doing parameter winbind nested groups = no doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind separator = + doing parameter template shell = /bin/bash doing parameter template homedir = /home/%D-%U doing parameter pam password change = no doing parameter unix password sync = yes doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* doing parameter passwd chat timeout = 60 doing parameter client use spnego = yes doing parameter obey pam restrictions = yes doing parameter encrypt passwords = yes doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter security = user doing parameter domain logons = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter local master = yes doing parameter os level = 65 doing parameter wins support = yes doing parameter workgroup = X86ERR300S3 doing parameter oplocks = yes doing parameter kernel oplocks = yes doing parameter large readwrite = yes doing parameter deadtime = 15 doing parameter read raw = yes doing parameter write raw = yes doing parameter max xmit = 65535 doing parameter getwd cache = yes doing parameter wide links = no doing parameter store dos attributes = yes doing parameter logon home = \\master\%U doing parameter logon drive = I: doing parameter logon path = \\master\%U\windows-profiles\%a doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter time server = yes doing parameter host msdfs = no doing parameter msdfs root = no doing parameter guest account = nobody doing parameter map to guest = Bad User doing parameter admin users = administrator join-backup doing parameter set quota command = /usr/sbin/univention-setquota doing parameter check password script = /usr/share/univention-samba/password_check %u doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" doing parameter usershare max shares = 0 doing parameter include = /etc/samba/base.conf [2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" [2011/12/13 17:45:35, 4] param/loadparm.c:9631(lp_load_ex) pm_process() returned Yes [2011/12/13 17:45:35, 7] param/loadparm.c:9857(lp_servicenumber) lp_servicenumber: couldn't find homes [2011/12/13 17:45:35, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_PDC [2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2011/12/13 17:45:35, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2011/12/13 17:45:35, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2011/12/13 17:45:35, 3] param/loadparm.c:9595(lp_load_ex) lp_load_ex: refreshing parameters [2011/12/13 17:45:35, 3] param/loadparm.c:5212(init_globals) Initialising global parameters [2011/12/13 17:45:35, 2] param/loadparm.c:5005(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2011/12/13 17:45:35, 3] param/loadparm.c:8333(do_section) Processing section "[global]" doing parameter debug level = 10 [2011/12/13 17:45:35, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter syslog = 0 doing parameter max log size = 1000000 doing parameter max open files = 32808 doing parameter server string = %h univention corporate server doing parameter netbios name = master [2011/12/13 17:45:35, 4] param/loadparm.c:7584(handle_netbios_name) handle_netbios_name: set global_myname to: MASTER doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" doing parameter auth methods = guest sam winbind doing parameter ldap suffix = dc=x86err300s3,dc=qa doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" doing parameter ldap ssl = start tls doing parameter passdb expand explicit = no doing parameter ldap idmap suffix = cn=idmap,cn=univention doing parameter idmap config * : backend = ldap doing parameter idmap config * : range = 55000-64000 doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa doing parameter idmap config X86ERR300S3 : backend = nss doing parameter idmap config X86ERR300S3 : range = 1000-54999 doing parameter winbind max clients = 500 doing parameter winbind nested groups = no doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind separator = + doing parameter template shell = /bin/bash doing parameter template homedir = /home/%D-%U doing parameter pam password change = no doing parameter unix password sync = yes doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* doing parameter passwd chat timeout = 60 doing parameter client use spnego = yes doing parameter obey pam restrictions = yes doing parameter encrypt passwords = yes doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter security = user doing parameter domain logons = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter local master = yes doing parameter os level = 65 doing parameter wins support = yes doing parameter workgroup = X86ERR300S3 doing parameter oplocks = yes doing parameter kernel oplocks = yes doing parameter large readwrite = yes doing parameter deadtime = 15 doing parameter read raw = yes doing parameter write raw = yes doing parameter max xmit = 65535 doing parameter getwd cache = yes doing parameter wide links = no doing parameter store dos attributes = yes doing parameter logon home = \\master\%U doing parameter logon drive = I: doing parameter logon path = \\master\%U\windows-profiles\%a doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter time server = yes doing parameter host msdfs = no doing parameter msdfs root = no doing parameter guest account = nobody doing parameter map to guest = Bad User doing parameter admin users = administrator join-backup doing parameter set quota command = /usr/sbin/univention-setquota doing parameter check password script = /usr/share/univention-samba/password_check %u doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" doing parameter usershare max shares = 0 doing parameter include = /etc/samba/base.conf [2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" [2011/12/13 17:45:35, 4] param/loadparm.c:9631(lp_load_ex) pm_process() returned Yes [2011/12/13 17:45:35, 7] param/loadparm.c:9857(lp_servicenumber) lp_servicenumber: couldn't find homes [2011/12/13 17:45:35, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_PDC [2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2011/12/13 17:45:35, 3] nmbd/nmbd.c:383(reload_nmbd_services) services not loaded [2011/12/13 17:45:35, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:35, 5] lib/util.c:242(init_names) Netbios name list:- my_netbios_names[0]="MASTER" [2011/12/13 17:45:35, 6] param/loadparm.c:7513(lp_file_list_changed) lp_file_list_changed() file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 [2011/12/13 17:45:35, 2] nmbd/nmbd.c:894(main) Becoming a daemon. [2011/12/13 17:45:35, 0] nmbd/asyncdns.c:157(start_async_dns) started asyncdns process 31646 [2011/12/13 17:45:35, 8] ../lib/util/util.c:263(fcntl_lock) fcntl_lock 8 13 0 1 1 [2011/12/13 17:45:35, 8] ../lib/util/util.c:298(fcntl_lock) fcntl_lock: Lock call successful [2011/12/13 17:45:35, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 9C7B0000FFFFFFFF [2011/12/13 17:45:35, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7b9b5c0 [2011/12/13 17:45:35, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 9C7B0000FFFFFFFF [2011/12/13 17:45:35, 4] lib/time.c:384(TimeInit) TimeInit: Serverzone is -3600 [2011/12/13 17:45:35, 3] nmbd/nmbd.c:963(main) Opening sockets 137 [2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 137 [2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 138 [2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 112640 SO_RCVBUF = 112640 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. [2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 112640 SO_RCVBUF = 112640 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. [2011/12/13 17:45:35, 3] nmbd/nmbd.c:733(open_sockets) open_sockets: Broadcast sockets opened. [2011/12/13 17:45:35, 2] lib/interface.c:341(add_interface) added interface eth0 ip=2001:4dd0:ff00:8c42:ff08::180 bcast=2001:4dd0:ff00:8c42:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: [2011/12/13 17:45:35, 2] lib/interface.c:341(add_interface) added interface eth0 ip=fe80::5054:ff:febb:90c5%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2011/12/13 17:45:35, 2] lib/interface.c:341(add_interface) added interface eth0 ip=10.200.8.180 bcast=10.200.8.255 netmask=255.255.255.0 [2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 137 [2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 112640 SO_RCVBUF = 112640 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. [2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 137 [2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 112640 SO_RCVBUF = 112640 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. [2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 138 [2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 112640 SO_RCVBUF = 112640 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. [2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 138 [2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 1 SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 112640 SO_RCVBUF = 112640 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Could not test socket option TCP_QUICKACK. [2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:10.200.8.180 Broadcast address:10.200.8.255 Subnet mask:255.255.255.0 [2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:297(create_subnets) create_subnets: ignoring non IPv4 interface. [2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:297(create_subnets) create_subnets: ignoring non IPv4 interface. [2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:UNICAST_SUBNET Broadcast address:10.200.8.180 Subnet mask:10.200.8.180 [2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2011/12/13 17:45:35, 4] ../libcli/nbt/lmhosts.c:41(startlmhosts) startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was Datei oder Verzeichnis nicht gefunden [2011/12/13 17:45:35, 2] nmbd/nmbd_lmhosts.c:43(load_lmhosts_file) load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was Datei oder Verzeichnis nicht gefunden [2011/12/13 17:45:35, 3] nmbd/nmbd.c:985(main) Loaded hosts file /etc/samba/lmhosts [2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: X86ERR300S3#1e ttl = 258284 first IP 0.0.0.0 flags = e4 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1e> with first IP 0.0.0.0 ttl=258284 nb_flags=e4 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: X86ERR300S3#1c ttl = 258284 first IP 10.200.8.180 flags = e4 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1c> with first IP 10.200.8.180 ttl=258284 nb_flags=e4 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: MASTER#20 ttl = 258284 first IP 10.200.8.180 flags = 66 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<20> with first IP 10.200.8.180 ttl=258284 nb_flags=66 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: X86ERR300S3#00 ttl = 258284 first IP 0.0.0.0 flags = e4 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<00> with first IP 0.0.0.0 ttl=258284 nb_flags=e4 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: MASTER#03 ttl = 258284 first IP 10.200.8.180 flags = 66 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<03> with first IP 10.200.8.180 ttl=258284 nb_flags=66 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: X86ERR300S3#1b ttl = 258284 first IP 10.200.8.180 flags = 64 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1b> with first IP 10.200.8.180 ttl=258284 nb_flags=64 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) initialise_wins: add name: MASTER#00 ttl = 258284 first IP 10.200.8.180 flags = 66 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<00> with first IP 10.200.8.180 ttl=258284 nb_flags=66 to subnet WINS_SERVER_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:189(create_workgroup_on_subnet) create_workgroup_on_subnet: creating group X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name MASTER<20> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7980 to subnet 10.200.8.180. num_records:1 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name MASTER<03> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7981 to subnet 10.200.8.180. num_records:2 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name MASTER<00> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7982 to subnet 10.200.8.180. num_records:3 [2011/12/13 17:45:35, 3] nmbd/nmbd_workgroupdb.c:239(initiate_myworkgroup_startup) initiate_myworkgroup_startup: preferred master startup for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<00> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7983 to subnet 10.200.8.180. num_records:4 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<1e> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7984 to subnet 10.200.8.180. num_records:5 [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:35, 3] nmbd/nmbd_serverlistdb.c:132(create_server_on_workgroup) create_server_on_workgroup: Created server entry MASTER of type 40019a2b (master univention corporate server) on workgroup X86ERR300S3. [2011/12/13 17:45:35, 3] nmbd/nmbd_workgroupdb.c:259(initiate_myworkgroup_startup) initiate_myworkgroup_startup: Added server name entry MASTER on subnet 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:189(create_workgroup_on_subnet) create_workgroup_on_subnet: creating group X86ERR300S3 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<20> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name MASTER<20> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) initiate_multihomed_name_register_packet: sending registration for name MASTER<20> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7985 to subnet UNICAST_SUBNET. num_records:6 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<03> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name MASTER<03> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) initiate_multihomed_name_register_packet: sending registration for name MASTER<03> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7986 to subnet UNICAST_SUBNET. num_records:7 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<00> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name MASTER<00> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) initiate_multihomed_name_register_packet: sending registration for name MASTER<00> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7987 to subnet UNICAST_SUBNET. num_records:8 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<00> with first IP 10.200.8.180 ttl=259200 nb_flags=e4 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name X86ERR300S3<00> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<00> (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7988 to subnet UNICAST_SUBNET. num_records:9 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1e> with first IP 10.200.8.180 ttl=259200 nb_flags=e4 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name X86ERR300S3<1e> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<1e> (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7989 to subnet UNICAST_SUBNET. num_records:10 [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:35, 3] nmbd/nmbd_serverlistdb.c:132(create_server_on_workgroup) create_server_on_workgroup: Created server entry MASTER of type 40019a2b (master univention corporate server) on workgroup X86ERR300S3. [2011/12/13 17:45:35, 3] nmbd/nmbd_workgroupdb.c:259(initiate_myworkgroup_startup) initiate_myworkgroup_startup: Added server name entry MASTER on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<20> source=2 [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<03> source=2 [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<00> source=2 [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<00> source=2 [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:35, 3] nmbd/nmbd_sendannounce.c:209(send_host_announcement) send_host_announcement: type 19a2b for host MASTER on subnet 10.200.8.180 for workgroup X86ERR300S3 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1d> IP 10.200.8.255 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char ..`...MASTER.... hex 01 00 60 ea 00 00 4d 41 53 54 45 52 00 00 00 00 10 char ........+.....U. hex 00 00 00 00 00 00 04 09 2b 9a 01 00 0f 01 55 aa 20 char master univentio hex 6d 61 73 74 65 72 20 75 6e 69 76 65 6e 74 69 6f 30 char n corporate serv hex 6e 20 63 6f 72 70 6f 72 61 74 65 20 73 65 72 76 40 char er. hex 65 72 00 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 235 to (10.200.8.255) on port 138 [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40019a2b (master univention corporate server) [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40019a2b (master univention corporate server) [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1d> NOT FOUND [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1d> NOT FOUND [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) initiate_name_query_packet: sending query for name X86ERR300S3<1d> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7991 to subnet 10.200.8.180. num_records:11 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1c> NOT FOUND [2011/12/13 17:45:35, 0] nmbd/nmbd_logonnames.c:162(add_logon_names) add_domain_logon_names: Attempting to become logon server for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:35, 2] nmbd/nmbd_logonnames.c:135(become_logon_server) become_logon_server: Atempting to become logon server for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_logonnames.c:138(become_logon_server) become_logon_server: go to first stage: register X86ERR300S3<1c> name [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<1c> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7992 to subnet 10.200.8.180. num_records:12 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1c> NOT FOUND [2011/12/13 17:45:35, 0] nmbd/nmbd_logonnames.c:162(add_logon_names) add_domain_logon_names: Attempting to become logon server for workgroup X86ERR300S3 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 2] nmbd/nmbd_logonnames.c:135(become_logon_server) become_logon_server: Atempting to become logon server for workgroup X86ERR300S3 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 3] nmbd/nmbd_logonnames.c:138(become_logon_server) become_logon_server: go to first stage: register X86ERR300S3<1c> name [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1c> with first IP 10.200.8.180 ttl=259200 nb_flags=e4 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name X86ERR300S3<1c> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<1c> (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7993 to subnet UNICAST_SUBNET. num_records:13 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:35, 0] nmbd/nmbd_become_dmb.c:339(become_domain_master_browser_wins) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup X86ERR300S3, subnet UNICAST_SUBNET. [2011/12/13 17:45:35, 0] nmbd/nmbd_become_dmb.c:353(become_domain_master_browser_wins) become_domain_master_browser_wins: querying WINS server from IP 10.200.8.180 for domain master browser name X86ERR300S3<1b> on workgroup X86ERR300S3 [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) initiate_name_query_packet: sending query for name X86ERR300S3<1b> (bcast=No) to IP 10.200.8.180 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:173(send_netbios_packet) send_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7994 to subnet UNICAST_SUBNET. num_records:14 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 235 from (10.200.8.180) port 138 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 235 from (10.200.8.180) port 138 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7994 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=X86ERR300S3<1b> q_type=32 q_class=1 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:2033(wins_process_name_query_request) wins_process_name_query: name query for name X86ERR300S3<1b> from IP 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:2085(wins_process_name_query_request) wins_process_name_query: name query for name X86ERR300S3<1b> returning first IP 10.200.8.180. [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_query X86ERR300S3<1b> to ip 10.200.8.180 for id 7994 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7994 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=258284 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7994 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=258284 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7994 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 5] nmbd/nmbd_namequery.c:95(query_name_response) query_name_response: On subnet UNICAST_SUBNET - positive response from IP 10.200.8.180 for name X86ERR300S3<1b>. IP of that name is 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_become_dmb.c:226(become_domain_master_query_success) become_domain_master_query_success(): Our address (10.200.8.180) returned in query for name X86ERR300S3<1b> (domain master browser name) on subnet UNICAST_SUBNET. Continuing with domain master code. [2011/12/13 17:45:35, 2] nmbd/nmbd_become_dmb.c:181(become_domain_master_stage1) become_domain_master_stage1: Becoming domain master browser for workgroup X86ERR300S3 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 3] nmbd/nmbd_become_dmb.c:190(become_domain_master_stage1) become_domain_master_stage1: go to first stage: register <1b> name [2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1b> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET [2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) Registering name X86ERR300S3<1b> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) initiate_multihomed_name_register_packet: sending registration for name X86ERR300S3<1b> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (127.0.0.1) on port 137 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7995 to subnet UNICAST_SUBNET. num_records:15 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7985 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7985 opcode=Multi-homed Registration(15) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=MASTER<20> q_type=32 q_class=1 additional: nmb_name=MASTER<20> rr_type=32 rr_class=1 ttl=259200 additional 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) wins_process_multihomed_name_registration_request: name registration for name MASTER<20> IP 10.200.8.180 [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg MASTER<20> to ip 10.200.8.180 for id 7985 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7985 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MASTER<20> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7985 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MASTER<20> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7985 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 5] lib/gencache.c:68(gencache_init) Opening cache file at /var/run/samba/gencache.tdb [2011/12/13 17:45:35, 5] lib/gencache.c:111(gencache_init) Opening cache file at /var/run/samba/gencache_notrans.tdb [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180 and timeout = Thu Jan 1 01:00:00 1970 (-1323794735 seconds in the past) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name MASTER<20>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7986 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7986 opcode=Multi-homed Registration(15) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=MASTER<03> q_type=32 q_class=1 additional: nmb_name=MASTER<03> rr_type=32 rr_class=1 ttl=259200 additional 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) wins_process_multihomed_name_registration_request: name registration for name MASTER<03> IP 10.200.8.180 [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg MASTER<03> to ip 10.200.8.180 for id 7986 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7986 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MASTER<03> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7986 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MASTER<03> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7986 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name MASTER<03>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7987 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7987 opcode=Multi-homed Registration(15) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=MASTER<00> q_type=32 q_class=1 additional: nmb_name=MASTER<00> rr_type=32 rr_class=1 ttl=259200 additional 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) wins_process_multihomed_name_registration_request: name registration for name MASTER<00> IP 10.200.8.180 [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg MASTER<00> to ip 10.200.8.180 for id 7987 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7987 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MASTER<00> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7987 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MASTER<00> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7987 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name MASTER<00>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7988 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7988 opcode=Registration(5) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=X86ERR300S3<00> q_type=32 q_class=1 additional: nmb_name=X86ERR300S3<00> rr_type=32 rr_class=1 ttl=259200 additional 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1186(wins_process_name_registration_request) wins_process_name_registration_request: Group name registration for name X86ERR300S3<00> IP 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1270(wins_process_name_registration_request) wins_process_name_registration_request: Adding IP 0.0.0.0 to group name X86ERR300S3<00>. [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<00> to ip 10.200.8.180 for id 7988 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7988 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<00> rr_type=32 rr_class=1 ttl=259200 answers 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7988 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<00> rr_type=32 rr_class=1 ttl=259200 answers 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7988 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<00>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7989 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7989 opcode=Registration(5) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=X86ERR300S3<1e> q_type=32 q_class=1 additional: nmb_name=X86ERR300S3<1e> rr_type=32 rr_class=1 ttl=259200 additional 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1186(wins_process_name_registration_request) wins_process_name_registration_request: Group name registration for name X86ERR300S3<1e> IP 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1270(wins_process_name_registration_request) wins_process_name_registration_request: Adding IP 0.0.0.0 to group name X86ERR300S3<1e>. [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<1e> to ip 10.200.8.180 for id 7989 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7989 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1e> rr_type=32 rr_class=1 ttl=259200 answers 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7989 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1e> rr_type=32 rr_class=1 ttl=259200 answers 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7989 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<1e>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7993 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7993 opcode=Registration(5) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=X86ERR300S3<1c> q_type=32 q_class=1 additional: nmb_name=X86ERR300S3<1c> rr_type=32 rr_class=1 ttl=259200 additional 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1186(wins_process_name_registration_request) wins_process_name_registration_request: Group name registration for name X86ERR300S3<1c> IP 10.200.8.180 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1270(wins_process_name_registration_request) wins_process_name_registration_request: Adding IP 10.200.8.180 to group name X86ERR300S3<1c>. [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<1c> to ip 10.200.8.180 for id 7993 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7993 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1c> rr_type=32 rr_class=1 ttl=259200 answers 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7993 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1c> rr_type=32 rr_class=1 ttl=259200 answers 0 char ...... hex E0000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7993 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<1c>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7995 [2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7995 opcode=Multi-homed Registration(15) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 question: q_name=X86ERR300S3<1b> q_type=32 q_class=1 additional: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259200 additional 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) wins_process_multihomed_name_registration_request: name registration for name X86ERR300S3<1b> IP 10.200.8.180 [2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) is_myname("X86ERR300S3") returns 0 [2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<1b> to ip 10.200.8.180 for id 7995 [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7995 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7995 opcode=Registration(5) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259200 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7995 on subnet UNICAST_SUBNET [2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) [2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) wins_srv_alive: marking wins server 127.0.0.1 alive [2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<1b>. We sent to IP 10.200.8.180 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:36, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:36, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 [2011/12/13 17:45:36, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:36, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:36, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:36, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794736) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:38, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:38, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 [2011/12/13 17:45:38, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:38, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:38, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:38, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794738) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:39, 8] nmbd/nmbd_elections.c:361(check_elections) check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7980 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7980 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name MASTER<20> on subnet 10.200.8.180. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name MASTER<20> NOT FOUND [2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7981 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name MASTER<03> on subnet 10.200.8.180. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name MASTER<03> NOT FOUND [2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<03> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7982 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name MASTER<00> on subnet 10.200.8.180. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name MASTER<00> NOT FOUND [2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name MASTER<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7983 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name X86ERR300S3<00> on subnet 10.200.8.180. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<00> NOT FOUND [2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<00> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7984 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name X86ERR300S3<1e> on subnet 10.200.8.180. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND [2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1e> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7991 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_namequery.c:154(query_name_timeout_response) query_name_timeout_response: No response to query for name X86ERR300S3<1d> on subnet 10.200.8.180. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 2] nmbd/nmbd_elections.c:109(check_for_master_browser_fail) check_for_master_browser_fail: Forcing election on workgroup X86ERR300S3 subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7992 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name X86ERR300S3<1c> on subnet 10.200.8.180. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1c> NOT FOUND [2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1c> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1c> source=2 [2011/12/13 17:45:39, 0] nmbd/nmbd_logonnames.c:123(become_logon_server_success) become_logon_server_success: Samba is now a logon server for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:39, 3] nmbd/nmbd_elections.c:366(check_elections) check_elections: >>> Starting election for workgroup X86ERR300S3 on subnet 10.200.8.180 <<< [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7981 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7982 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7983 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7984 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7991 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7992 [2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:40, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:40, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 [2011/12/13 17:45:40, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:40, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:41, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794740) - last(1323794735) < 900 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40019b2b (master univention corporate server) [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40019a2b (master univention corporate server) [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:41, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:41, 3] nmbd/nmbd_serverlistdb.c:436(write_browse_list) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7985 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is alive [2011/12/13 17:45:41, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180 and timeout = Tue Dec 13 17:55:41 2011 (600 seconds ahead) [2011/12/13 17:45:41, 4] lib/wins_srv.c:145(wins_srv_died) Marking wins server 127.0.0.1 dead for 600 seconds from source 127.0.0.1 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<20> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7986 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<03> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7987 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<00> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7988 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<00> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7989 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7993 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1c> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1c> source=2 [2011/12/13 17:45:41, 0] nmbd/nmbd_logonnames.c:123(become_logon_server_success) become_logon_server_success: Samba is now a logon server for workgroup X86ERR300S3 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7994 to IP 10.200.8.180 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7995 to IP 127.0.0.1 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) wins_srv_is_dead: 127.0.0.1 is dead [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 0] nmbd/nmbd_become_dmb.c:112(become_domain_master_stage2) ***** Samba server MASTER is now a domain master browser for workgroup X86ERR300S3 on subnet UNICAST_SUBNET ***** [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:41, 0] nmbd/nmbd_become_dmb.c:294(become_domain_master_browser_bcast) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:41, 0] nmbd/nmbd_become_dmb.c:307(become_domain_master_browser_bcast) become_domain_master_browser_bcast: querying subnet 10.200.8.180 for domain master browser on workgroup X86ERR300S3 [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) initiate_name_query_packet: sending query for name X86ERR300S3<1b> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:41, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:41, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7996 to subnet 10.200.8.180. num_records:2 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:41, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:41, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:41, 2] nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char .....Ap.......MA hex 08 01 8a 0f 01 41 70 17 00 00 00 00 00 00 4d 41 10 char STER. hex 53 54 45 52 00 [2011/12/13 17:45:41, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 189 to (10.200.8.255) on port 138 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:41, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794741) - last(1323794735) < 900 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name *<1b> NOT FOUND [2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - name *<1b> NOT FOUND [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) initiate_name_query_packet: sending query for name *<1b> (bcast=No) to IP 10.200.8.180 [2011/12/13 17:45:41, 5] nmbd/nmbd_packets.c:173(send_netbios_packet) send_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:41, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:7998 to subnet UNICAST_SUBNET. num_records:2 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:41, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7998 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=*<1b> q_type=32 q_class=1 [2011/12/13 17:45:41, 3] nmbd/nmbd_winsserver.c:2033(wins_process_name_query_request) wins_process_name_query: name query for name *<1b> from IP 10.200.8.180 [2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_query *<1b> to ip 10.200.8.180 for id 7998 [2011/12/13 17:45:41, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7998 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=*<1b> rr_type=32 rr_class=1 ttl=21600 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:41, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) reply_netbios_packet: sending packet to ourselves. [2011/12/13 17:45:41, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(137) header: id=7998 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=*<1b> rr_type=32 rr_class=1 ttl=21600 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:41, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) find_response_record: found response record id = 7998 on subnet UNICAST_SUBNET [2011/12/13 17:45:41, 5] nmbd/nmbd_namequery.c:95(query_name_response) query_name_response: On subnet UNICAST_SUBNET - positive response from IP 10.200.8.180 for name *<1b>. IP of that name is 10.200.8.180 [2011/12/13 17:45:41, 5] nmbd/nmbd_browsesync.c:514(find_all_domain_master_names_query_success) find_all_domain_master_names_query_succes: Got answer from WINS server of 1 IP addresses for Domain Master Browsers. [2011/12/13 17:45:41, 5] nmbd/nmbd_browsesync.c:531(find_all_domain_master_names_query_success) find_all_domain_master_names_query_succes: Not sending node status to our own IP 10.200.8.180. [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:41, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794741) - last(1323794735) < 900 [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:42, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:42, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794741) - last(1323794735) < 900 [2011/12/13 17:45:42, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:42, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:43, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794742) - last(1323794735) < 900 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:43, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:43, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:43, 2] nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:43, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:43, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char .....A@.......MA hex 08 01 8a 0f 01 41 40 1f 00 00 00 00 00 00 4d 41 10 char STER. hex 53 54 45 52 00 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 189 to (10.200.8.255) on port 138 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:43, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794743) - last(1323794735) < 900 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:43, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:43, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794743) - last(1323794735) < 900 [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:44, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:44, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794743) - last(1323794735) < 900 [2011/12/13 17:45:44, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:44, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:45, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794744) - last(1323794735) < 900 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 50 to (10.200.8.255) on port 137 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 [2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 7996 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 137 [2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:45, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:45, 2] nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char .....A.'......MA hex 08 01 8a 0f 01 41 10 27 00 00 00 00 00 00 4d 41 10 char STER. hex 53 54 45 52 00 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 189 to (10.200.8.255) on port 138 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:45, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794745) - last(1323794735) < 900 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40019b2b (master univention corporate server) [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40099b2b (master univention corporate server) [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:45, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:45, 3] nmbd/nmbd_serverlistdb.c:436(write_browse_list) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7996 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:45, 5] nmbd/nmbd_namequery.c:154(query_name_timeout_response) query_name_timeout_response: No response to query for name X86ERR300S3<1b> on subnet 10.200.8.180. [2011/12/13 17:45:45, 2] nmbd/nmbd_become_dmb.c:181(become_domain_master_stage1) become_domain_master_stage1: Becoming domain master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:45, 3] nmbd/nmbd_become_dmb.c:190(become_domain_master_stage1) become_domain_master_stage1: go to first stage: register <1b> name [2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<1b> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:45, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:8001 to subnet 10.200.8.180. num_records:3 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:45, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794745) - last(1323794735) < 900 [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:46, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:46, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794745) - last(1323794735) < 900 [2011/12/13 17:45:46, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:46, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:47, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794746) - last(1323794735) < 900 [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:47, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:47, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 7998 to IP 10.200.8.180 on subnet UNICAST_SUBNET [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:47, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:47, 2] nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:47, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:47, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char .....A........MA hex 08 01 8a 0f 01 41 e0 2e 00 00 00 00 00 00 4d 41 10 char STER. hex 53 54 45 52 00 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 189 to (10.200.8.255) on port 138 [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:47, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794747) - last(1323794735) < 900 [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:47, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:47, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794747) - last(1323794735) < 900 [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:48, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:48, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794747) - last(1323794735) < 900 [2011/12/13 17:45:48, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:48, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:49, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794748) - last(1323794735) < 900 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:49, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8001 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:49, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 [2011/12/13 17:45:49, 2] nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char .....A.6......MA hex 08 01 8a 0f 01 41 b0 36 00 00 00 00 00 00 4d 41 10 char STER. hex 53 54 45 52 00 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 189 to (10.200.8.255) on port 138 [2011/12/13 17:45:49, 2] nmbd/nmbd_elections.c:202(run_elections) run_elections: >>> Won election for workgroup X86ERR300S3 on subnet 10.200.8.180 <<< [2011/12/13 17:45:49, 2] nmbd/nmbd_become_lmb.c:538(become_local_master_browser) become_local_master_browser: Starting to become a master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:49, 3] nmbd/nmbd_become_lmb.c:540(become_local_master_browser) become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE__^2^1 [2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name __MSBROWSE__<01> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:49, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:8004 to subnet 10.200.8.180. num_records:2 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:49, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794749) - last(1323794735) < 900 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 8001 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:49, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name X86ERR300S3<1b> on subnet 10.200.8.180. [2011/12/13 17:45:49, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:49, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1b> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:49, 0] nmbd/nmbd_become_dmb.c:112(become_domain_master_stage2) ***** Samba server MASTER is now a domain master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 ***** [2011/12/13 17:45:49, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 [2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 189 from (10.200.8.180) port 138 [2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:49, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794749) - last(1323794735) < 900 [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:50, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:50, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794749) - last(1323794735) < 900 [2011/12/13 17:45:50, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:50, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:51, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794750) - last(1323794735) < 900 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40099b2b (master univention corporate server) [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40099b2b (master univention corporate server) [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:51, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:51, 3] nmbd/nmbd_serverlistdb.c:436(write_browse_list) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:51, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794751) - last(1323794735) < 900 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:51, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794751) - last(1323794735) < 900 [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:52, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:52, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794751) - last(1323794735) < 900 [2011/12/13 17:45:52, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:52, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:53, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794752) - last(1323794735) < 900 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:53, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8004 [2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:53, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794753) - last(1323794735) < 900 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:53, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 8004 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:53, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name __MSBROWSE__<01> on subnet 10.200.8.180. [2011/12/13 17:45:53, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name __MSBROWSE__<01> NOT FOUND [2011/12/13 17:45:53, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:53, 3] nmbd/nmbd_become_lmb.c:453(become_local_master_stage1) become_local_master_stage1: go to stage 2: register the X86ERR300S3<1d> name. [2011/12/13 17:45:53, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - name __MSBROWSE__<01> NOT FOUND [2011/12/13 17:45:53, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet UNICAST_SUBNET [2011/12/13 17:45:53, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) initiate_name_register_packet: sending registration for name X86ERR300S3<1d> (bcast=Yes) to IP 10.200.8.255 [2011/12/13 17:45:53, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:53, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) add_response_record: adding response record id:8005 to subnet 10.200.8.180. num_records:2 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:53, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794753) - last(1323794735) < 900 [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:54, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:54, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794753) - last(1323794735) < 900 [2011/12/13 17:45:54, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:54, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:55, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794754) - last(1323794735) < 900 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:55, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:55, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794755) - last(1323794735) < 900 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40099b2b (master univention corporate server) [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: X86ERR300S3(1) current master browser = UNKNOWN MASTER 40099b2b (master univention corporate server) [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:55, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:55, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794755) - last(1323794735) < 900 [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:56, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:56, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794755) - last(1323794735) < 900 [2011/12/13 17:45:56, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:56, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 6] libsmb/unexpected.c:141(nb_packet_server_listener) accepted socket 23 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794756) - last(1323794735) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 68 to (10.200.8.255) on port 137 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 [2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8005 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 68 from (10.200.8.180) port 137 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) discarding own nmb bcast packet from 10.200.8.180:137 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794735) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) retransmit_or_expire_response_records: timeout for packet id 8005 to IP 10.200.8.255 on subnet 10.200.8.180 [2011/12/13 17:45:57, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) register_name_timeout_response: success in registering name X86ERR300S3<1d> on subnet 10.200.8.180. [2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1d> NOT FOUND [2011/12/13 17:45:57, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1d> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 3] nmbd/nmbd_become_lmb.c:354(become_local_master_stage2) become_local_master_stage2: registered as master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:57, 5] nmbd/nmbd_become_lmb.c:578(set_workgroup_local_master_browser_name) set_workgroup_local_master_browser_name: setting local master name to 'MASTER' for workgroup X86ERR300S3. [2011/12/13 17:45:57, 3] nmbd/nmbd_sendannounce.c:70(broadcast_announce_request) broadcast_announce_request: sending announce request for workgroup X86ERR300S3 to subnet 10.200.8.180 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char ...MASTER hex 02 01 00 4d 41 53 54 45 52 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 177 to (10.200.8.255) on port 138 [2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1d> NOT FOUND [2011/12/13 17:45:57, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) add_name_to_subnet: Added netbios name X86ERR300S3<1d> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET [2011/12/13 17:45:57, 0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) ***** Samba name server MASTER is now a local master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 ***** [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 177 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 177 from (10.200.8.180) port 138 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 177 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 177 from (10.200.8.180) port 138 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 8] lib/util.c:1521(is_myname) is_myname("MASTER") returns 1 [2011/12/13 17:45:57, 3] nmbd/nmbd_sendannounce.c:167(send_local_master_announcement) send_local_master_announcement: type c9b2b for name MASTER on subnet 10.200.8.180 for workgroup X86ERR300S3 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char ......MASTER.... hex 0f 03 c0 d4 01 00 4d 41 53 54 45 52 00 00 00 00 10 char ........+.....U. hex 00 00 00 00 00 00 04 09 2b 9b 0c 00 0f 01 55 aa 20 char master univentio hex 6d 61 73 74 65 72 20 75 6e 69 76 65 6e 74 69 6f 30 char n corporate serv hex 6e 20 63 6f 72 70 6f 72 61 74 65 20 73 65 72 76 40 char er. hex 65 72 00 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 235 to (10.200.8.255) on port 138 [2011/12/13 17:45:57, 3] nmbd/nmbd_sendannounce.c:186(send_workgroup_announcement) send_workgroup_announcement: on subnet 10.200.8.180 for workgroup X86ERR300S3 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:2114(send_mailslot) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to __MSBROWSE__<01> IP 10.200.8.255 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:116(debug_browse_data) debug_browse_data(): 0 char ......X86ERR300S hex 0c 03 c0 d4 01 00 58 38 36 45 52 52 33 30 30 53 10 char 3.............U. hex 33 00 00 00 00 00 04 09 00 10 00 80 0f 01 55 aa 20 char MASTER. hex 4d 41 53 54 45 52 00 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 207 to (10.200.8.255) on port 138 [2011/12/13 17:45:57, 4] nmbd/nmbd_sendannounce.c:396(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: I am a local master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 [2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1b> NOT FOUND [2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 2] nmbd/nmbd_browsesync.c:108(announce_local_master_browser_to_domain_master_browser) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup X86ERR300S3. Do not announce to ourselves. [2011/12/13 17:45:57, 2] nmbd/nmbd_browsesync.c:152(sync_with_dmb) sync_with_dmb: Initiating sync with domain master browser MASTER<20> at IP 10.200.8.180 for workgroup X86ERR300S3 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 235 from (10.200.8.180) port 138 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 235 from (10.200.8.180) port 138 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 207 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 207 from (10.200.8.180) port 138 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 207 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 207 from (10.200.8.180) port 138 [2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) discarding own dgram packet from 10.200.8.180:138 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 127.0.0.1 port 2527 read: 50 [2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 22091 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (127.0.0.1) port 57097 [2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 127.0.0.1(57097) header: id=22091 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=X86ERR300S3<1b> q_type=32 q_class=1 [2011/12/13 17:45:57, 3] nmbd/nmbd_winsserver.c:2033(wins_process_name_query_request) wins_process_name_query: name query for name X86ERR300S3<1b> from IP 127.0.0.1 [2011/12/13 17:45:57, 3] nmbd/nmbd_winsserver.c:2085(wins_process_name_query_request) wins_process_name_query: name query for name X86ERR300S3<1b> returning first IP 10.200.8.180. [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: wins_query X86ERR300S3<1b> to ip 127.0.0.1 for id 22091 [2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 127.0.0.1(57097) header: id=22091 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259178 answers 0 char `..... hex 60000AC808B4 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 62 to (127.0.0.1) on port 57097 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 6] libsmb/unexpected.c:141(nb_packet_server_listener) accepted socket 23 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) read_udp_v4_socket: ip 10.200.8.180 port 49561 read: 50 [2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) parse_nmb: packet id = 8689 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) Received a packet of len 50 from (10.200.8.180) port 39361 [2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(39361) header: id=8689 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=X86ERR300S3<1b> q_type=33 q_class=1 [2011/12/13 17:45:57, 3] nmbd/nmbd_incomingrequests.c:323(process_node_status_request) process_node_status_request: status request for name X86ERR300S3<1b> from IP 10.200.8.180 on subnet UNICAST_SUBNET. [2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 [2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) reply_netbios_packet: sending a reply of packet type: nmb_status X86ERR300S3<1b> to ip 10.200.8.180 for id 8689 [2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) nmb packet from 10.200.8.180(39361) header: id=8689 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=X86ERR300S3<1b> rr_type=33 rr_class=1 ttl=0 answers 0 char .MASTER hex 094D4153544552202020202020202020 answers 10 char .d.MASTER hex 0064004D415354455220202020202020 answers 20 char .d.MASTER hex 20200364004D41535445522020202020 answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F answers 40 char WSE__....X86ERR3 hex 5753455F5F0201E40058383645525233 answers 50 char 00S3 .d.X86ER hex 30305333202020201D64005838364552 answers 60 char R300S3 .d.X86 hex 523330305333202020201B6400583836 answers 70 char ERR300S3 ...X hex 4552523330305333202020201CE40058 answers 80 char 86ERR300S3 .. hex 38364552523330305333202020201EE4 answers 90 char .X86ERR300S3 hex 00583836455252333030533320202020 answers a0 char ................ hex 00E40000000000000000000000000000 answers b0 char ................ hex 00000000000000000000000000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char . hex 00 [2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) Sending a packet of len 265 to (10.200.8.180) on port 39361 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. [2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. [2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found.