smbd version 4.1.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 doing parameter debug pid = true doing parameter load printers = No doing parameter printcap name = /dev/null doing parameter disable spoolss = Yes doing parameter show add printer wizard = No doing parameter domain master = Yes doing parameter dns proxy = No doing parameter wins support = Yes doing parameter idmap config * : backend = tdb doing parameter hosts allow = 192.168.88., 192.168.254., 127. doing parameter use sendfile = Yes pm_process() returned Yes lp_servicenumber: couldn't find homes get_current_groups: user is in 9 groups: 0, 1, 2, 3, 4, 6, 10, 19, 33 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = NEOSONIC-LAN doing parameter server string = Samba Server doing parameter interfaces = br0 doing parameter bind interfaces only = Yes doing parameter map to guest = Bad User doing parameter username map = /etc/samba/usermap doing parameter max log size = 0 doing parameter debug level = 10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 doing parameter debug pid = true doing parameter load printers = No doing parameter printcap name = /dev/null doing parameter disable spoolss = Yes doing parameter show add printer wizard = No doing parameter domain master = Yes doing parameter dns proxy = No doing parameter wins support = Yes doing parameter idmap config * : backend = tdb doing parameter hosts allow = 192.168.88., 192.168.254., 127. doing parameter use sendfile = Yes Processing section "[homes]" add_a_service: Creating snum = 0 for homes hash_a_service: creating servicehash hash_a_service: hashing index 0 for service name homes doing parameter comment = Home Directories doing parameter read only = No doing parameter browseable = No Processing section "[downloads]" add_a_service: Creating snum = 1 for downloads hash_a_service: hashing index 1 for service name downloads doing parameter comment = Transmission downloads doing parameter path = /home/transmission/downloads doing parameter guest ok = Yes Processing section "[Music]" add_a_service: Creating snum = 2 for Music hash_a_service: hashing index 2 for service name Music doing parameter comment = Music collection doing parameter path = /home/neosonic/music doing parameter force user = neosonic doing parameter read only = No doing parameter force create mode = 0775 doing parameter directory mask = 0775 doing parameter force directory mode = 0775 doing parameter guest ok = Yes Processing section "[http]" add_a_service: Creating snum = 3 for http hash_a_service: hashing index 3 for service name http doing parameter comment = Web root doing parameter path = /home/http/ doing parameter valid users = +http doing parameter admin users = neosonic, http doing parameter force user = http doing parameter read only = No doing parameter force create mode = 0775 doing parameter directory mask = 0775 doing parameter force directory mode = 0775 Processing section "[projects]" add_a_service: Creating snum = 4 for projects hash_a_service: hashing index 4 for service name projects doing parameter comment = Projects doing parameter path = /home/neosonic/projects doing parameter admin users = neosonic doing parameter force user = neosonic doing parameter force group = neosonic doing parameter force create mode = 0775 doing parameter directory mask = 0775 doing parameter force directory mode = 0775 pm_process() returned Yes add_a_service: Creating snum = 5 for IPC$ hash_a_service: hashing index 5 for service name IPC$ adding IPC service lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Feb 8 14:26:17 2014 added interface br0 ip=192.168.88.2 bcast=192.168.88.255 netmask=255.255.255.0 loaded services Netbios name list:- my_netbios_names[0]="SERVER" Process with PID=9130 does not exist. Deleting /var/run/smbd.pid, since 9130 is not a Samba process. fcntl_lock 9 6 0 1 1 fcntl_lock: Lock call successful Attempting to register passdb backend samba_dsdb Successfully added passdb backend 'samba_dsdb' Attempting to register passdb backend samba4 Successfully added passdb backend 'samba4' Attempting to find a passdb backend to match tdbsam (tdbsam) No builtin backend found, trying to load plugin Probing module 'tdbsam' Probing module 'tdbsam': Trying to load from /usr/lib/samba/pdb/tdbsam.so Module 'tdbsam' loaded Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Found pdb backend tdbsam pdb backend tdbsam has a valid init check lock order 1 for /var/cache/samba/smbXsrv_version_global.tdb lock order: 1:/var/cache/samba/smbXsrv_version_global.tdb 2: 3: Locking key 736D62587372765F7665 Allocated locked data 0x0x7f8024fe5710 Unlocking key 736D62587372765F7665 release lock order 1 for /var/cache/samba/smbXsrv_version_global.tdb lock order: 1: 2: 3: smbXsrv_version_global_init &global_blob: struct smbXsrv_version_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_version_globalU(case 0) info0 : * info0: struct smbXsrv_version_global0 db_rec : NULL num_nodes : 0x00000001 (1) nodes: ARRAY(1) nodes: struct smbXsrv_version_node0 server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) min_version : SMBXSRV_VERSION_0 (0) max_version : SMBXSRV_VERSION_0 (0) current_version : SMBXSRV_VERSION_0 (0) Registering messaging pointer for type 784 - private_data=0x7f8024fe6420 Registering messaging pointer for type 788 - private_data=0x7f8024fe7900 Registering messaging pointer for type 789 - private_data=0x7f8024fe8400 regdb_init: registry db openend. refcount reset (1) reghook_cache_init: new tree with default ops 0x7f801f65e680 for key [] regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] regdb_unpack_values: value[0]: name[DisplayName] len[20] regdb_unpack_values: value[1]: name[ErrorControl] len[4] regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] regdb_unpack_values: value[0]: name[DisplayName] len[20] regdb_unpack_values: value[1]: name[ErrorControl] len[4] reghook_cache_add: Adding ops 0x7f802294b420 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f801f65e680 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f801f65e680 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b480 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f8021676560 for key [\HKLM\SOFTWARE\Samba\smbconf] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b4e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b540 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b5a0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b600 for key [\HKPT] pathtree_add: Enter pathtree_add: Successfully added node [HKPT] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b660 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7f802294b6c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] pathtree_add: Enter pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree pathtree_add: Exit regdb_close: decrementing refcount (1->0) Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! Scanning username map /etc/samba/usermap user_in_list: checking user SERVER\nobody in list user_in_list: checking user |SERVER\nobody| against |porshkevich_a@rambler.ru| The user 'SERVER\nobody' has no mapping. Skip it next time. Finding user SERVER\nobody Trying _Get_Pwnam(), username as lowercase is server\nobody Trying _Get_Pwnam(), username as given is SERVER\nobody Trying _Get_Pwnam(), username as uppercase is SERVER\NOBODY Checking combinations of 0 uppercase letters in server\nobody Get_Pwnam_internals didn't find user [SERVER\nobody]! Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! Create local NT token for nobody Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/cache/samba/gencache_notrans.tdb winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-544 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for NEOSONIC-LAN pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-545 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for NEOSONIC-LAN pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-2645804954-394631454-4195090362-501] get_privileges: No privileges assigned to SID [S-1-5-21-2645804954-394631454-4195090362-514] get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 501. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! pdb_set_username: setting username nobody, was pdb_set_full_name: setting full name nobody, was pdb_set_domain: setting domain SERVER, was pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 501. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! pdb_set_username: setting username nobody, was pdb_set_full_name: setting full name nobody, was pdb_set_domain: setting domain SERVER, was pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 514. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Can't find a unix id for an unmapped group SID S-1-5-21-2645804954-394631454-4195090362-514 is or domain, but is unmapped pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-21-2645804954-394631454-4195090362-514 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 514. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Can't find a unix id for an unmapped group SID S-1-5-21-2645804954-394631454-4195090362-514 is or domain, but is unmapped pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-21-2645804954-394631454-4195090362-514 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-546 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-546 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-21-2645804954-394631454-4195090362-514 to gid, ignoring it Could not convert SID S-1-1-0 to gid, ignoring it Could not convert SID S-1-5-2 to gid, ignoring it Could not convert SID S-1-5-32-546 to gid, ignoring it Security token SIDs (6): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-501 SID[ 1]: S-1-5-21-2645804954-394631454-4195090362-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-99 Privileges (0x 0): Rights (0x 0): UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups Initialise the svcctl registry keys if needed. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM] Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 result : WERR_OK winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_unpack_values: value[0]: name[Start] len[4] regdb_unpack_values: value[1]: name[Type] len[4] regdb_unpack_values: value[2]: name[ErrorControl] len[4] regdb_unpack_values: value[3]: name[ObjectName] len[24] regdb_unpack_values: value[4]: name[DisplayName] len[28] regdb_unpack_values: value[5]: name[ImagePath] len[54] regdb_unpack_values: value[6]: name[Description] len[106] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x73 (115) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_unpack_values: value[0]: name[Start] len[4] regdb_unpack_values: value[1]: name[Type] len[4] regdb_unpack_values: value[2]: name[ErrorControl] len[4] regdb_unpack_values: value[3]: name[ObjectName] len[24] regdb_unpack_values: value[4]: name[DisplayName] len[20] regdb_unpack_values: value[5]: name[ImagePath] len[54] regdb_unpack_values: value[6]: name[Description] len[164] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x73 (115) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_unpack_values: value[0]: name[Start] len[4] regdb_unpack_values: value[1]: name[Type] len[4] regdb_unpack_values: value[2]: name[ErrorControl] len[4] regdb_unpack_values: value[3]: name[ObjectName] len[24] regdb_unpack_values: value[4]: name[DisplayName] len[48] regdb_unpack_values: value[5]: name[ImagePath] len[54] regdb_unpack_values: value[6]: name[Description] len[126] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x73 (115) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_unpack_values: value[0]: name[Start] len[4] regdb_unpack_values: value[1]: name[Type] len[4] regdb_unpack_values: value[2]: name[ErrorControl] len[4] regdb_unpack_values: value[3]: name[ObjectName] len[24] regdb_unpack_values: value[4]: name[DisplayName] len[74] regdb_unpack_values: value[5]: name[ImagePath] len[54] regdb_unpack_values: value[6]: name[Description] len[178] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(54) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6d (109) [23] : 0x00 (0) [24] : 0x62 (98) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x2f (47) [29] : 0x00 (0) [30] : 0x73 (115) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x63 (99) [37] : 0x00 (0) [38] : 0x74 (116) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x2f (47) [43] : 0x00 (0) [44] : 0x6e (110) [45] : 0x00 (0) [46] : 0x6d (109) [47] : 0x00 (0) [48] : 0x62 (98) [49] : 0x00 (0) [50] : 0x64 (100) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) size : 0x00000036 (54) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-f652-220ae4230000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-f652-220ae4230000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (3->2) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK regdb_close: decrementing refcount (2->1) regdb_close: decrementing refcount (1->0) Deleted handle list for RPC connection \winreg Initialise the eventlog registry keys if needed. Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM] Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-f652-220ae4230000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-f652-220ae4230000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet] regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regkey_open_onelevel: name = [Eventlog] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] pathtree_find: Exit reghook_cache_find: found ops 0x7f801f65e680 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) regdb_close: decrementing refcount (3->2) Opened policy hnd[2] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-f652-220ae4230000 result : WERR_OK winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-f652-220ae4230000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7f801f65e680) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] regdb_unpack_values: value[0]: name[DisplayName] len[20] regdb_unpack_values: value[1]: name[ErrorControl] len[4] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-f652-220ae4230000 Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 F6 52 22 0A ........ .....R". [0010] E4 23 00 00 .#.. Closed policy regdb_close: decrementing refcount (2->1) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK regdb_close: decrementing refcount (1->0) Deleted handle list for RPC connection \winreg bind succeeded on port 445 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 bind succeeded on port 139 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 check lock order 2 for /var/cache/samba/serverid.tdb lock order: 1: 2:/var/cache/samba/serverid.tdb 3: Locking key E423000000000000FFFF Allocated locked data 0x0x7f8024fec9d0 Unlocking key E423000000000000FFFF release lock order 2 for /var/cache/samba/serverid.tdb lock order: 1: 2: 3: Registering messaging pointer for type 13 - private_data=(nil) Registering messaging pointer for type 33 - private_data=0x7f8024fdde70 Registering messaging pointer for type 783 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) Overriding messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 519 - private_data=0x7f8024fdde70 Registering messaging pointer for type 785 - private_data=(nil) Registering messaging pointer for type 770 - private_data=(nil) Registering messaging pointer for type 15 - private_data=(nil) Registering messaging pointer for type 16 - private_data=(nil) avahi_client_callback: AVAHI_CLIENT_CONNECTING waiting for connections Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 23400 SO_RCVBUF = 93600 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 23400 SO_RCVBUF = 93600 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Feb 8 14:26:17 2014 Allowed connection from 192.168.88.5 (192.168.88.5) Connection allowed from ipv4:192.168.88.5:62775 to ipv4:192.168.88.2:445 init_oplocks: initializing messages. Registering messaging pointer for type 774 - private_data=0x7f8024ff47e0 Registering messaging pointer for type 776 - private_data=0x7f8024ff47e0 Registering messaging pointer for type 778 - private_data=0x7f8024ff47e0 Registering messaging pointer for type 770 - private_data=0x7f8024ff47e0 Registering messaging pointer for type 787 - private_data=0x7f8024ff47e0 Registering messaging pointer for type 779 - private_data=0x7f8024ff47e0 Registering messaging pointer for type 15 - private_data=(nil) Overriding messaging pointer for type 15 - private_data=(nil) Deregistering messaging pointer for type 16 - private_data=(nil) Registering messaging pointer for type 16 - private_data=0x7f8024ff47e0 Deregistering messaging pointer for type 33 - private_data=0x7f8024fdde70 Registering messaging pointer for type 33 - private_data=0x7f8024ff47e0 Deregistering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) event_add_idle: idle_evt(keepalive) 0x7f8024ff53d0 event_add_idle: idle_evt(deadtime) 0x7f8024ff5620 event_add_idle: idle_evt(housekeeping) 0x7f8024ff5870 got smb length of 108 got message type 0x0 of len 0x6c Transaction 0 of length 112 (0 toread) smbd_smb2_first_negprot: packet length 112 smb2_validate_sequence_number: clearing id 0 (position 0) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_NEGPROT] mid = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) set_remote_arch: Client arch is 'Vista' lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Feb 8 14:26:17 2014 Selected protocol SMB3_00 Making default auth method list for server role = 'standalone server', encrypt passwords = yes Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp Registering messaging pointer for type 1536 - private_data=0x7f8024ffeaf0 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[64] dyn[yes:74] at ../source3/smbd/smb2_negprot.c:387 smb2_set_operation_credit: requested 31, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/1/1 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 1 (position 1) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_SESSSETUP] mid = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb lock order: 1:/var/cache/samba/smbXsrv_session_global.tdb 2: 3: Locking key E988A745 Allocated locked data 0x0x7f8025001cf0 smbXsrv_session_global_store: key 'E988A745' stored &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0xe988a745 (3918047045) session_wire_id : 0x00000000e988a745 (3918047045) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK expiration_time : Thu Jan 1 03:00:00 AM 1970 MSK auth_session_info_seqnum : 0x00000000 (0) auth_session_info : NULL connection_dialect : 0x0300 (768) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) local_address : 'ipv4:192.168.88.2:445' remote_address : 'ipv4:192.168.88.5:62775' remote_name : '192.168.88.5' auth_session_info_seqnum : 0x00000000 (0) Unlocking key E988A745 release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb lock order: 1: 2: 3: smbXsrv_session_create: global_id (0xe988a745) stored &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0xe988a745 (3918047045) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0xe988a745 (3918047045) session_wire_id : 0x00000000e988a745 (3918047045) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK expiration_time : Thu Jan 1 03:00:00 AM 1970 MSK auth_session_info_seqnum : 0x00000000 (0) auth_session_info : NULL connection_dialect : 0x0300 (768) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) local_address : 'ipv4:192.168.88.2:445' remote_address : 'ipv4:192.168.88.5:62775' remote_name : '192.168.88.5' auth_session_info_seqnum : 0x00000000 (0) status : NT_STATUS_MORE_PROCESSING_REQUIRED idle_time : Sat Feb 8 02:42:49 PM 2014 MSK nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) gensec : NULL compat : NULL tcon_table : * Making default auth method list for server role = 'standalone server', encrypt passwords = yes load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init Starting GENSEC mechanism spnego push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 24 req->in.vector[4].iov_len = 74 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 Starting GENSEC submechanism ntlmssp Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0xe2088297 (3792208535) 1: NTLMSSP_NEGOTIATE_UNICODE 1: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : NULL WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : NULL Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : UNKNOWN_ENUM_VALUE (3) ProductBuild : 0x2580 (9600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000c (12) TargetNameMaxLen : 0x000c (12) TargetName : * TargetName : 'SERVER' NegotiateFlags : 0xe28a8215 (3800728085) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 1: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 ServerChallenge : d66dfd4ffa0f1fff Reserved : 0000000000000000 TargetInfoLen : 0x0038 (56) TargetNameInfoMaxLen : 0x0038 (56) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'SERVER' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'SERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'server' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x0000 (0) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_MORE_PROCESSING_REQUIRED] body[8] dyn[yes:153] at ../source3/smbd/smb2_sesssetup.c:167 smb2_set_operation_credit: requested 31, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/2/1 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 2 (position 2) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_SESSSETUP] mid = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 24 req->in.vector[4].iov_len = 448 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 000000000000000000000000000000000000000000000000 NtChallengeResponseLen : 0x00ca (202) NtChallengeResponseMaxLen: 0x00ca (202) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 202) v2: struct NTLMv2_RESPONSE Response : 2a9cc5b9d0b47399f27379302c499d21 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Sat Feb 8 02:45:08 PM 2014 MSK ChallengeFromClient : af54471fab4a270f Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000008 (8) pair: ARRAY(8) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'SERVER' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'SERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'server' pair: struct AV_PAIR AvId : MsAvRestrictions (0x8) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x8) AvRestrictions: struct Restriction_Encoding Size : 0x00000030 (48) Z4 : 0x00000000 (0) IntegrityLevel : 0x00000001 (1) SubjectIntegrityLevel : 0x00002000 (8192) MachineId : beef90c8a78f13758f6fa0f9e94fd92b36ac7f50425e24dee72a47f22d474d8b pair: struct AV_PAIR AvId : MsvChannelBindings (0xA) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0xA) ChannelBindings : 00000000000000000000000000000000 pair: struct AV_PAIR AvId : MsvAvTargetName (0x9) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x9) AvTargetName : 'cifs/server' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0020 (32) DomainNameMaxLen : 0x0020 (32) DomainName : * DomainName : 'MicrosoftAccount' UserNameLen : 0x0030 (48) UserNameMaxLen : 0x0030 (48) UserName : * UserName : 'porshkevich_a@rambler.ru' WorkstationLen : 0x0016 (22) WorkstationMaxLen : 0x0016 (22) Workstation : * Workstation : 'NEOSONIC-PC' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 0E 24 AB 4A 2E 35 03 8C 7E 04 7C 04 E6 C0 4C FF .$.J.5.. ~.|...L. NegotiateFlags : 0xe2888215 (3800597013) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : UNKNOWN_ENUM_VALUE (3) ProductBuild : 0x2580 (9600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) Got user=[porshkevich_a@rambler.ru] domain=[MicrosoftAccount] workstation=[NEOSONIC-PC] len1=24 len2=202 lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = NEOSONIC-LAN doing parameter server string = Samba Server doing parameter interfaces = br0 doing parameter bind interfaces only = Yes doing parameter map to guest = Bad User doing parameter username map = /etc/samba/usermap doing parameter max log size = 0 doing parameter debug level = 10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 doing parameter debug pid = true doing parameter load printers = No doing parameter printcap name = /dev/null doing parameter disable spoolss = Yes doing parameter show add printer wizard = No doing parameter domain master = Yes doing parameter dns proxy = No doing parameter wins support = Yes doing parameter idmap config * : backend = tdb doing parameter hosts allow = 192.168.88., 192.168.254., 127. doing parameter use sendfile = Yes Processing section "[homes]" doing parameter comment = Home Directories doing parameter read only = No doing parameter browseable = No Processing section "[downloads]" doing parameter comment = Transmission downloads doing parameter path = /home/transmission/downloads doing parameter guest ok = Yes Processing section "[Music]" doing parameter comment = Music collection doing parameter path = /home/neosonic/music doing parameter force user = neosonic doing parameter read only = No doing parameter force create mode = 0775 doing parameter directory mask = 0775 doing parameter force directory mode = 0775 doing parameter guest ok = Yes Processing section "[http]" doing parameter comment = Web root doing parameter path = /home/http/ doing parameter valid users = +http doing parameter admin users = neosonic, http doing parameter force user = http doing parameter read only = No doing parameter force create mode = 0775 doing parameter directory mask = 0775 doing parameter force directory mode = 0775 Processing section "[projects]" doing parameter comment = Projects doing parameter path = /home/neosonic/projects doing parameter admin users = neosonic doing parameter force user = neosonic doing parameter force group = neosonic doing parameter force create mode = 0775 doing parameter directory mask = 0775 doing parameter force directory mode = 0775 pm_process() returned Yes adding IPC service Scanning username map /etc/samba/usermap user_in_list: checking user porshkevich_a@rambler.ru in list user_in_list: checking user |porshkevich_a@rambler.ru| against |porshkevich_a@rambler.ru| Mapped user porshkevich_a@rambler.ru to neosonic Mapping user [MicrosoftAccount]\[porshkevich_a@rambler.ru] from workstation [NEOSONIC-PC] Mapped domain from [MicrosoftAccount] to [SERVER] for user [porshkevich_a@rambler.ru] from workstation [NEOSONIC-PC] attempting to make a user_info for neosonic (porshkevich_a@rambler.ru) making strings for neosonic's user_info struct making blobs for neosonic's user_info struct made a user_info for neosonic (porshkevich_a@rambler.ru) check_ntlm_password: Checking password for unmapped user [MicrosoftAccount]\[porshkevich_a@rambler.ru]@[NEOSONIC-PC] with the new password interface check_ntlm_password: mapped user is: [SERVER]\[neosonic]@[NEOSONIC-PC] check_ntlm_password: auth_context challenge created by random challenge is: [0000] D6 6D FD 4F FA 0F 1F FF .m.O.... Check auth for: [neosonic] check_ntlm_password: guest had nothing to say Check auth for: [neosonic] is_myname("SERVER") returns 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! gid_to_sid: winbind failed to find a sid for gid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 1000 -> sid S-1-22-2-1000 Forcing Primary Group to 'Domain Users' for neosonic push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-2645804954-394631454-4195090362-513 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 ntlm_password_check: Checking NTLMv2 password with domain [MicrosoftAccount] sam_account_ok: Checking SMB password for user neosonic logon_hours_ok: user neosonic allowed to logon at this time (Sat Feb 8 10:42:48 2014 ) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: minimum password age, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! sys_getgrouplist: user [neosonic] gid_to_sid: winbind failed to find a sid for gid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 1000 -> sid S-1-22-2-1000 gid_to_sid: winbind failed to find a sid for gid 4 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 4 -> sid S-1-22-2-4 gid_to_sid: winbind failed to find a sid for gid 5 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 5 -> sid S-1-22-2-5 gid_to_sid: winbind failed to find a sid for gid 10 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 10 -> sid S-1-22-2-10 gid_to_sid: winbind failed to find a sid for gid 33 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 33 -> sid S-1-22-2-33 gid_to_sid: winbind failed to find a sid for gid 150 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 150 -> sid S-1-22-2-150 make_server_info_sam: made server info for user neosonic -> neosonic pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: sam authentication for user [porshkevich_a@rambler.ru] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [neosonic] succeeded check_ntlm_password: authentication for user [porshkevich_a@rambler.ru] -> [neosonic] -> [neosonic] succeeded Got NT session key of length 16 Got LM session key of length 8 ntlmssp_server_auth: Using unmodified nt session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 lookup_name: SERVER\neosonic => domain=[SERVER], name=[neosonic] lookup_name: flags = 0x073 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! gid_to_sid: winbind failed to find a sid for gid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 1000 -> sid S-1-22-2-1000 Forcing Primary Group to 'Domain Users' for neosonic push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-2645804954-394631454-4195090362-513 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-2645804954-394631454-4195090362-513 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! sys_getgrouplist: user [neosonic] gid_to_sid: winbind failed to find a sid for gid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 1000 -> sid S-1-22-2-1000 gid_to_sid: winbind failed to find a sid for gid 4 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 4 -> sid S-1-22-2-4 gid_to_sid: winbind failed to find a sid for gid 5 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 5 -> sid S-1-22-2-5 gid_to_sid: winbind failed to find a sid for gid 10 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 10 -> sid S-1-22-2-10 gid_to_sid: winbind failed to find a sid for gid 33 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 33 -> sid S-1-22-2-33 gid_to_sid: winbind failed to find a sid for gid 150 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 150 -> sid S-1-22-2-150 idmap range not specified for domain '*' Create local NT token for S-1-5-21-2645804954-394631454-4195090362-1000 winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-544 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for NEOSONIC-LAN pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-545 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for NEOSONIC-LAN pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-2645804954-394631454-4195090362-1000] get_privileges: No privileges assigned to SID [S-1-22-2-1000] get_privileges: No privileges assigned to SID [S-1-22-2-4] get_privileges: No privileges assigned to SID [S-1-22-2-5] get_privileges: No privileges assigned to SID [S-1-22-2-10] get_privileges: No privileges assigned to SID [S-1-22-2-33] get_privileges: No privileges assigned to SID [S-1-22-2-150] get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 1000. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-2645804954-394631454-4195090362-513 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 1000. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_username: setting username neosonic, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: server pdb_set_homedir: setting home dir \\server\neosonic, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: server pdb_set_profile_path: setting profile path \\server\neosonic\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_user_sid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2645804954-394631454-4195090362-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-2645804954-394631454-4195090362-513 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-11 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-11 Could not convert SID S-1-1-0 to gid, ignoring it Could not convert SID S-1-5-2 to gid, ignoring it Could not convert SID S-1-5-11 to gid, ignoring it Security token SIDs (11): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-1000 SID[ 1]: S-1-22-2-1000 SID[ 2]: S-1-22-2-4 SID[ 3]: S-1-22-2-5 SID[ 4]: S-1-22-2-10 SID[ 5]: S-1-22-2-33 SID[ 6]: S-1-22-2-150 SID[ 7]: S-1-1-0 SID[ 8]: S-1-5-2 SID[ 9]: S-1-5-11 SID[ 10]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 4 Group[ 2]: 5 Group[ 3]: 10 Group[ 4]: 33 Group[ 5]: 150 check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb lock order: 1:/var/cache/samba/smbXsrv_session_global.tdb 2: 3: Locking key 0AE661A2 Allocated locked data 0x0x7f8025000020 Unlocking key 0AE661A2 release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb lock order: 1: 2: 3: lp_servicenumber: couldn't find neosonic Finding user neosonic Trying _Get_Pwnam(), username as lowercase is neosonic Get_Pwnam_internals did find user [neosonic]! Adding homes service for user 'neosonic' using home directory: '/home/neosonic' add_a_service: Creating snum = 6 for neosonic hash_a_service: hashing index 6 for service name neosonic adding home's share [neosonic] for user 'neosonic' at '/home/neosonic' lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Feb 8 14:26:17 2014 check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb lock order: 1:/var/cache/samba/smbXsrv_session_global.tdb 2: 3: Locking key E988A745 Allocated locked data 0x0x7f8025035dd0 smbXsrv_session_global_store: key 'E988A745' stored &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0xe988a745 (3918047045) session_wire_id : 0x00000000e988a745 (3918047045) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK expiration_time : Thu Jan 1 03:00:00 AM 1970 MSK auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x0000000b (11) sids: ARRAY(11) sids : S-1-5-21-2645804954-394631454-4195090362-1000 sids : S-1-22-2-1000 sids : S-1-22-2-4 sids : S-1-22-2-5 sids : S-1-22-2-10 sids : S-1-22-2-33 sids : S-1-22-2-150 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-11 sids : S-1-22-1-1000 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x00000000000003e8 (1000) gid : 0x00000000000003e8 (1000) ngroups : 0x00000006 (6) groups: ARRAY(6) groups : 0x00000000000003e8 (1000) groups : 0x0000000000000004 (4) groups : 0x0000000000000005 (5) groups : 0x000000000000000a (10) groups : 0x0000000000000021 (33) groups : 0x0000000000000096 (150) info : * info: struct auth_user_info account_name : * account_name : 'neosonic' domain_name : * domain_name : 'SERVER' full_name : * full_name : '' logon_script : * logon_script : '' profile_path : * profile_path : '\\server\neosonic\profile' home_directory : * home_directory : '\\server\neosonic' home_drive : * home_drive : '' logon_server : * logon_server : 'SERVER' last_logon : NTTIME(0) last_logoff : Thu Sep 14 06:48:05 AM 30828 MSK acct_expiry : Thu Sep 14 06:48:05 AM 30828 MSK last_password_change : Mon Apr 15 02:46:20 PM 2013 MSK allow_password_change : Mon Apr 15 02:46:20 PM 2013 MSK force_password_change : Thu Sep 14 06:48:05 AM 30828 MSK logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000010 (16) authenticated : 0x01 (1) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'neosonic' sanitized_username : * sanitized_username : 'porshkevich_a_rambler.ru' torture : NULL credentials : NULL connection_dialect : 0x0300 (768) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) local_address : 'ipv4:192.168.88.2:445' remote_address : 'ipv4:192.168.88.5:62775' remote_name : '192.168.88.5' auth_session_info_seqnum : 0x00000001 (1) Unlocking key E988A745 release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb lock order: 1: 2: 3: smbXsrv_session_update: global_id (0xe988a745) stored &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0xe988a745 (3918047045) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0xe988a745 (3918047045) session_wire_id : 0x00000000e988a745 (3918047045) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK expiration_time : Thu Jan 1 03:00:00 AM 1970 MSK auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x0000000b (11) sids: ARRAY(11) sids : S-1-5-21-2645804954-394631454-4195090362-1000 sids : S-1-22-2-1000 sids : S-1-22-2-4 sids : S-1-22-2-5 sids : S-1-22-2-10 sids : S-1-22-2-33 sids : S-1-22-2-150 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-11 sids : S-1-22-1-1000 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x00000000000003e8 (1000) gid : 0x00000000000003e8 (1000) ngroups : 0x00000006 (6) groups: ARRAY(6) groups : 0x00000000000003e8 (1000) groups : 0x0000000000000004 (4) groups : 0x0000000000000005 (5) groups : 0x000000000000000a (10) groups : 0x0000000000000021 (33) groups : 0x0000000000000096 (150) info : * info: struct auth_user_info account_name : * account_name : 'neosonic' domain_name : * domain_name : 'SERVER' full_name : * full_name : '' logon_script : * logon_script : '' profile_path : * profile_path : '\\server\neosonic\profile' home_directory : * home_directory : '\\server\neosonic' home_drive : * home_drive : '' logon_server : * logon_server : 'SERVER' last_logon : NTTIME(0) last_logoff : Thu Sep 14 06:48:05 AM 30828 MSK acct_expiry : Thu Sep 14 06:48:05 AM 30828 MSK last_password_change : Mon Apr 15 02:46:20 PM 2013 MSK allow_password_change : Mon Apr 15 02:46:20 PM 2013 MSK force_password_change : Thu Sep 14 06:48:05 AM 30828 MSK logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000010 (16) authenticated : 0x01 (1) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'neosonic' sanitized_username : * sanitized_username : 'porshkevich_a_rambler.ru' torture : NULL credentials : NULL connection_dialect : 0x0300 (768) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) local_address : 'ipv4:192.168.88.2:445' remote_address : 'ipv4:192.168.88.5:62775' remote_name : '192.168.88.5' auth_session_info_seqnum : 0x00000001 (1) status : NT_STATUS_OK idle_time : Sat Feb 8 02:42:49 PM 2014 MSK nonce_high : 0x147ea320e47d6e6b (1476797089491807851) nonce_low : 0x0000000000000001 (1) gensec : * compat : * tcon_table : * smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[8] dyn[yes:9] at ../source3/smbd/smb2_sesssetup.c:167 smb2_set_operation_credit: requested 31, charge 1, granted 31, current possible/max 512/512, total granted/max/low/range 31/8192/3/31 signed SMB2 message smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 3 (position 3) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_TCON] mid = 3 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) smbd_smb2_tree_connect: path[\\server\IPC$] share[IPC$] check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/cache/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key C5940E68 Allocated locked data 0x0x7f8024ff1170 smbXsrv_tcon_global_store: key 'C5940E68' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0xc5940e68 (3314814568) tcon_wire_id : 0xc5940e68 (3314814568) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) Unlocking key C5940E68 release lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_create: global_id (0xc5940e68) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0xc5940e68 (3314814568) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0xc5940e68 (3314814568) tcon_wire_id : 0xc5940e68 (3314814568) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) status : NT_STATUS_INTERNAL_ERROR idle_time : Sat Feb 8 02:42:49 PM 2014 MSK compat : NULL Allowed connection from 192.168.88.5 (192.168.88.5) user_ok_token: share IPC$ is ok for unix user neosonic set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] user_ok_token: share IPC$ is ok for unix user neosonic is_share_read_only_for_user: share IPC$ is read-only for unix user neosonic se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff Initialising default vfs hooks vfs_find_backend_entry called for posixacl Successfully added vfs backend 'posixacl' vfs_find_backend_entry called for /[Default VFS]/ Successfully added vfs backend '/[Default VFS]/' vfs_find_backend_entry called for dfs_samba4 Successfully added vfs backend 'dfs_samba4' vfs_dfs_samba4: Debug class number of 'fileid': 23 Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system set_conn_connectpath: service IPC$, connectpath = /tmp user_ok_token: share IPC$ is ok for unix user neosonic is_share_read_only_for_user: share IPC$ is read-only for unix user neosonic se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (11): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-1000 SID[ 1]: S-1-22-2-1000 SID[ 2]: S-1-22-2-4 SID[ 3]: S-1-22-2-5 SID[ 4]: S-1-22-2-10 SID[ 5]: S-1-22-2-33 SID[ 6]: S-1-22-2-150 SID[ 7]: S-1-1-0 SID[ 8]: S-1-5-2 SID[ 9]: S-1-5-11 SID[ 10]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 4 Group[ 2]: 5 Group[ 3]: 10 Group[ 4]: 33 Group[ 5]: 150 Impersonated user: uid=(1000,1000), gid=(0,1000) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) set_conn_connectpath: service IPC$, connectpath = /tmp vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp neosonic-pc (ipv4:192.168.88.5:62775) connect to service IPC$ initially as user neosonic (uid=1000, gid=1000) (pid 9188) check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/cache/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key C5940E68 Allocated locked data 0x0x7f8025034330 smbXsrv_tcon_global_store: key 'C5940E68' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0xc5940e68 (3314814568) tcon_wire_id : 0xc5940e68 (3314814568) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : 'IPC$' encryption_required : 0x00 (0) session_global_id : 0xe988a745 (3918047045) Unlocking key C5940E68 release lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_update: global_id (0xc5940e68) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0xc5940e68 (3314814568) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0xc5940e68 (3314814568) tcon_wire_id : 0xc5940e68 (3314814568) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : 'IPC$' encryption_required : 0x00 (0) session_global_id : 0xe988a745 (3918047045) status : NT_STATUS_OK idle_time : Sat Feb 8 02:42:49 PM 2014 MSK compat : * smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[no:0] at ../source3/smbd/smb2_tcon.c:162 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/4/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 4 (position 4) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 4 setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (11): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-1000 SID[ 1]: S-1-22-2-1000 SID[ 2]: S-1-22-2-4 SID[ 3]: S-1-22-2-5 SID[ 4]: S-1-22-2-10 SID[ 5]: S-1-22-2-33 SID[ 6]: S-1-22-2-150 SID[ 7]: S-1-1-0 SID[ 8]: S-1-5-2 SID[ 9]: S-1-5-11 SID[ 10]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 4 Group[ 2]: 5 Group[ 3]: 10 Group[ 4]: 33 Group[ 5]: 150 Impersonated user: uid=(1000,1000), gid=(0,1000) vfs_ChDir to /tmp vfs_ChDir got /tmp mid 4, CreditCharge: 1, NeededCharge: 1 smbd_smb2_ioctl: ctl_code[0x00140204] , fnum [fsp is NULL] smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 24 status NT_STATUS_OK smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:24] at ../source3/smbd/smb2_ioctl.c:358 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/5/31 signed SMB2 message smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 5 (position 5) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 5 Skipping user change - already user smbd_smb2_create: name[srvsvc] check lock order 1 for /var/cache/samba/smbXsrv_open_global.tdb lock order: 1:/var/cache/samba/smbXsrv_open_global.tdb 2: 3: Locking key BDC69976 Allocated locked data 0x0x7f8025033ca0 smbXsrv_open_global_store: key 'BDC69976' stored &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) open_global_id : 0xbdc69976 (3183909238) open_persistent_id : 0x00000000bdc69976 (3183909238) open_volatile_id : 0x000000005d3d098c (1564281228) open_owner : S-1-5-21-2645804954-394631454-4195090362-1000 open_time : Sat Feb 8 02:42:49 PM 2014 MSK create_guid : 00000000-0000-0000-0000-000000000000 client_guid : a279ecee-9056-11e3-bf3b-c8600076e97b app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 Unlocking key BDC69976 release lock order 1 for /var/cache/samba/smbXsrv_open_global.tdb lock order: 1: 2: 3: smbXsrv_open_create: global_id (0xbdc69976) stored &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x5d3d098c (1564281228) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) open_global_id : 0xbdc69976 (3183909238) open_persistent_id : 0x00000000bdc69976 (3183909238) open_volatile_id : 0x000000005d3d098c (1564281228) open_owner : S-1-5-21-2645804954-394631454-4195090362-1000 open_time : Sat Feb 8 02:42:49 PM 2014 MSK create_guid : 00000000-0000-0000-0000-000000000000 client_guid : a279ecee-9056-11e3-bf3b-c8600076e97b app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Sat Feb 8 02:42:49 PM 2014 MSK compat : NULL allocated file structure fnum 1564281228 (1 used) file_name_hash: /tmp/srvsvc hash 0x8e98a76a Create pipe requested \srvsvc init_pipe_handle_list: created handle list for pipe \srvsvc init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc Created internal pipe \srvsvc dos_mode: srvsvc smbd_smb2_create_send: srvsvc - fnum 1564281228 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/6/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 6 (position 6) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 6 Skipping user change - already user mid 6, CreditCharge: 1, NeededCharge: 1 smbd_smb2_getinfo_send: srvsvc - fnum 1564281228 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[8] dyn[yes:24] at ../source3/smbd/smb2_getinfo.c:200 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/7/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 7 (position 7) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 7 Skipping user change - already user mid 7, CreditCharge: 1, NeededCharge: 1 smbd_smb2_write: srvsvc - fnum 1564281228 np_write_send: len: 160 write_to_pipe: data_left = 160 process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 144 process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 write_to_pipe: data_used = 0 write_to_pipe: data_left = 144 process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 PDU is in Little Endian format! r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 Processing packet type 11 api_pipe_bind_req: srvsvc -> srvsvc rpc service api_pipe_bind_req: make response. 724 check_bind_req for \srvsvc check_bind_req: srvsvc -> srvsvc rpc service init_pipe_handle_list: pipe_handles ref count = 2 for pipe \srvsvc &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\srvsvc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/8/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 8 (position 8) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 8 Skipping user change - already user mid 8, CreditCharge: 1, NeededCharge: 1 smbd_smb2_read: srvsvc - fnum 1564281228 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. free_pipe_context: destroying talloc pool of size 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 Received 68 bytes. There is no more data outstanding smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/9/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 9 (position 9) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 9 Skipping user change - already user mid 9, CreditCharge: 1, NeededCharge: 1 smbd_smb2_write: srvsvc - fnum 1564281228 np_write_send: len: 88 write_to_pipe: data_left = 88 process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 write_to_pipe: data_used = 0 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 PDU is in Little Endian format! r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0058 (88) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000040 (64) context_id : 0x0000 (0) opnum : 0x000f (15) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=64 [0000] 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 00 \.\.S.E. R.V.E.R. [0020] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 ........ ........ Processing packet type 0 Checking request auth. push_sec_ctx(1000, 1000) : sec_ctx_stack_ndx = 1 setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 1 Security token SIDs (11): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-1000 SID[ 1]: S-1-22-2-1000 SID[ 2]: S-1-22-2-4 SID[ 3]: S-1-22-2-5 SID[ 4]: S-1-22-2-10 SID[ 5]: S-1-22-2-33 SID[ 6]: S-1-22-2-150 SID[ 7]: S-1-1-0 SID[ 8]: S-1-5-2 SID[ 9]: S-1-5-11 SID[ 10]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 4 Group[ 2]: 5 Group[ 3]: 10 Group[ 4]: 33 Group[ 5]: 150 Requested \srvsvc rpc service api_rpcTNP: \srvsvc op 0xf - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL api_rpc_cmds[15].fn == 0x7f80225c4140 srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll in: struct srvsvc_NetShareEnumAll server_unc : * server_unc : '\\SERVER' info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level : 0x00000001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000000 (0) array : NULL max_buffer : 0xffffffff (4294967295) resume_handle : NULL _srvsvc_NetShareEnumAll: 1292 init_srv_share_info_ctr push_sec_ctx(1000, 1000) : sec_ctx_stack_ndx = 2 push_conn_ctx(3918047045) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups load_registry_shares() pop_sec_ctx (1000, 1000) - sec_ctx_stack_ndx = 1 NOT counting service homes counting service downloads counting service Music counting service http counting service projects counting service IPC$ counting service neosonic _srvsvc_NetShareEnumAll: 1306 srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll out: struct srvsvc_NetShareEnumAll info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level : 0x00000001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000006 (6) array : * array: ARRAY(6) array: struct srvsvc_NetShareInfo1 name : * name : 'downloads' type : STYPE_DISKTREE (0x0) comment : * comment : 'Transmission downloads' array: struct srvsvc_NetShareInfo1 name : * name : 'Music' type : STYPE_DISKTREE (0x0) comment : * comment : 'Music collection' array: struct srvsvc_NetShareInfo1 name : * name : 'http' type : STYPE_DISKTREE (0x0) comment : * comment : 'Web root' array: struct srvsvc_NetShareInfo1 name : * name : 'projects' type : STYPE_DISKTREE (0x0) comment : * comment : 'Projects' array: struct srvsvc_NetShareInfo1 name : * name : 'IPC$' type : STYPE_IPC_HIDDEN (0x80000003) comment : * comment : 'IPC Service (Samba Server)' array: struct srvsvc_NetShareInfo1 name : * name : 'neosonic' type : STYPE_DISKTREE (0x0) comment : * comment : 'Home Directories' totalentries : * totalentries : 0x00000006 (6) resume_handle : NULL result : WERR_OK api_rpcTNP: called \srvsvc successfully pop_sec_ctx (1000, 1000) - sec_ctx_stack_ndx = 0 write_to_pipe: data_used = 72 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 88 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/10/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 10 (position 10) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 10 Skipping user change - already user mid 10, CreditCharge: 1, NeededCharge: 1 smbd_smb2_read: srvsvc - fnum 1564281228 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 564. &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x024c (588) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000234 (564) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=564 [0000] 01 00 00 00 01 00 00 00 08 00 02 00 06 00 00 00 ........ ........ [0010] 0C 00 02 00 06 00 00 00 10 00 02 00 00 00 00 00 ........ ........ [0020] 14 00 02 00 18 00 02 00 00 00 00 00 1C 00 02 00 ........ ........ [0030] 20 00 02 00 00 00 00 00 24 00 02 00 28 00 02 00 ....... $...(... [0040] 00 00 00 00 2C 00 02 00 30 00 02 00 03 00 00 80 ....,... 0....... [0050] 34 00 02 00 38 00 02 00 00 00 00 00 3C 00 02 00 4...8... ....<... [0060] 0A 00 00 00 00 00 00 00 0A 00 00 00 64 00 6F 00 ........ ....d.o. [0070] 77 00 6E 00 6C 00 6F 00 61 00 64 00 73 00 00 00 w.n.l.o. a.d.s... [0080] 17 00 00 00 00 00 00 00 17 00 00 00 54 00 72 00 ........ ....T.r. [0090] 61 00 6E 00 73 00 6D 00 69 00 73 00 73 00 69 00 a.n.s.m. i.s.s.i. [00A0] 6F 00 6E 00 20 00 64 00 6F 00 77 00 6E 00 6C 00 o.n. .d. o.w.n.l. [00B0] 6F 00 61 00 64 00 73 00 00 00 00 00 06 00 00 00 o.a.d.s. ........ [00C0] 00 00 00 00 06 00 00 00 4D 00 75 00 73 00 69 00 ........ M.u.s.i. [00D0] 63 00 00 00 11 00 00 00 00 00 00 00 11 00 00 00 c....... ........ [00E0] 4D 00 75 00 73 00 69 00 63 00 20 00 63 00 6F 00 M.u.s.i. c. .c.o. [00F0] 6C 00 6C 00 65 00 63 00 74 00 69 00 6F 00 6E 00 l.l.e.c. t.i.o.n. [0100] 00 00 00 00 05 00 00 00 00 00 00 00 05 00 00 00 ........ ........ [0110] 68 00 74 00 74 00 70 00 00 00 00 00 09 00 00 00 h.t.t.p. ........ [0120] 00 00 00 00 09 00 00 00 57 00 65 00 62 00 20 00 ........ W.e.b. . [0130] 72 00 6F 00 6F 00 74 00 00 00 00 00 09 00 00 00 r.o.o.t. ........ [0140] 00 00 00 00 09 00 00 00 70 00 72 00 6F 00 6A 00 ........ p.r.o.j. [0150] 65 00 63 00 74 00 73 00 00 00 00 00 09 00 00 00 e.c.t.s. ........ [0160] 00 00 00 00 09 00 00 00 50 00 72 00 6F 00 6A 00 ........ P.r.o.j. [0170] 65 00 63 00 74 00 73 00 00 00 00 00 05 00 00 00 e.c.t.s. ........ [0180] 00 00 00 00 05 00 00 00 49 00 50 00 43 00 24 00 ........ I.P.C.$. [0190] 00 00 00 00 1B 00 00 00 00 00 00 00 1B 00 00 00 ........ ........ [01A0] 49 00 50 00 43 00 20 00 53 00 65 00 72 00 76 00 I.P.C. . S.e.r.v. [01B0] 69 00 63 00 65 00 20 00 28 00 53 00 61 00 6D 00 i.c.e. . (.S.a.m. [01C0] 62 00 61 00 20 00 53 00 65 00 72 00 76 00 65 00 b.a. .S. e.r.v.e. [01D0] 72 00 29 00 00 00 00 00 09 00 00 00 00 00 00 00 r.)..... ........ [01E0] 09 00 00 00 6E 00 65 00 6F 00 73 00 6F 00 6E 00 ....n.e. o.s.o.n. [01F0] 69 00 63 00 00 00 00 00 11 00 00 00 00 00 00 00 i.c..... ........ [0200] 11 00 00 00 48 00 6F 00 6D 00 65 00 20 00 44 00 ....H.o. m.e. .D. [0210] 69 00 72 00 65 00 63 00 74 00 6F 00 72 00 69 00 i.r.e.c. t.o.r.i. [0220] 65 00 73 00 00 00 00 00 06 00 00 00 00 00 00 00 e.s..... ........ [0230] 00 00 00 00 .... free_pipe_context: destroying talloc pool of size 399 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 Received 588 bytes. There is no more data outstanding smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:588] at ../source3/smbd/smb2_read.c:154 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/11/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 11 (position 11) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 11 Skipping user change - already user smbd_smb2_close: srvsvc - fnum 1564281228 check lock order 1 for /var/cache/samba/smbXsrv_open_global.tdb lock order: 1:/var/cache/samba/smbXsrv_open_global.tdb 2: 3: Locking key BDC69976 Allocated locked data 0x0x7f8025031400 Unlocking key BDC69976 release lock order 1 for /var/cache/samba/smbXsrv_open_global.tdb lock order: 1: 2: 3: freed files structure 1564281228 (0 used) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/12/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 12 (position 12) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 12 Skipping user change - already user mid 12, CreditCharge: 1, NeededCharge: 1 smbd_smb2_ioctl: ctl_code[0x00060194] , fnum [fsp is NULL] dfs_GetDFSReferral: struct dfs_GetDFSReferral in: struct dfs_GetDFSReferral req: struct dfs_GetDFSReferral_in max_referral_level : 0x0004 (4) servername : '\SERVER\downloads' parse_dfs_path: temp = |SERVER\downloads| after trimming \'s parse_dfs_path: hostname: SERVER parse_dfs_path: servicename: downloads get_referred_path: |downloads| in dfs path \SERVER\downloads is not a dfs root. smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 0 status NT_STATUS_NOT_FOUND smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309 smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_FOUND] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2651 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/13/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 13 (position 13) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_TCON] mid = 13 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) smbd_smb2_tree_connect: path[\\server\downloads] share[downloads] check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/cache/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key 72F6B7A7 Allocated locked data 0x0x7f80250341f0 smbXsrv_tcon_global_store: key '72F6B7A7' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x72f6b7a7 (1928771495) tcon_wire_id : 0x72f6b7a7 (1928771495) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) Unlocking key 72F6B7A7 release lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_create: global_id (0x72f6b7a7) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x72f6b7a7 (1928771495) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x72f6b7a7 (1928771495) tcon_wire_id : 0x72f6b7a7 (1928771495) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) status : NT_STATUS_INTERNAL_ERROR idle_time : Sat Feb 8 02:42:49 PM 2014 MSK compat : NULL Allowed connection from 192.168.88.5 (192.168.88.5) user_ok_token: share downloads is ok for unix user neosonic set_conn_connectpath: service downloads, connectpath = /home/transmission/downloads Connect path is '/home/transmission/downloads' for service [downloads] user_ok_token: share downloads is ok for unix user neosonic is_share_read_only_for_user: share downloads is read-only for unix user neosonic se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system Registering messaging pointer for type 784 - private_data=0x7f8025035e50 set_conn_connectpath: service downloads, connectpath = /home/transmission/downloads user_ok_token: share downloads is ok for unix user neosonic is_share_read_only_for_user: share downloads is read-only for unix user neosonic se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (11): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-1000 SID[ 1]: S-1-22-2-1000 SID[ 2]: S-1-22-2-4 SID[ 3]: S-1-22-2-5 SID[ 4]: S-1-22-2-10 SID[ 5]: S-1-22-2-33 SID[ 6]: S-1-22-2-150 SID[ 7]: S-1-1-0 SID[ 8]: S-1-5-2 SID[ 9]: S-1-5-11 SID[ 10]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 4 Group[ 2]: 5 Group[ 3]: 10 Group[ 4]: 33 Group[ 5]: 150 Impersonated user: uid=(1000,1000), gid=(0,1000) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) set_conn_connectpath: service downloads, connectpath = /home/transmission/downloads vfswrap_fs_capabilities: timestamp resolution of sec available on share downloads, directory /home/transmission/downloads neosonic-pc (ipv4:192.168.88.5:62775) connect to service downloads initially as user neosonic (uid=1000, gid=1000) (pid 9188) check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/cache/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key 72F6B7A7 Allocated locked data 0x0x7f80250310c0 smbXsrv_tcon_global_store: key '72F6B7A7' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x72f6b7a7 (1928771495) tcon_wire_id : 0x72f6b7a7 (1928771495) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : 'downloads' encryption_required : 0x00 (0) session_global_id : 0xe988a745 (3918047045) Unlocking key 72F6B7A7 release lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_update: global_id (0x72f6b7a7) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x72f6b7a7 (1928771495) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x72f6b7a7 (1928771495) tcon_wire_id : 0x72f6b7a7 (1928771495) server_id: struct server_id pid : 0x00000000000023e4 (9188) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x93087459b51b6df7 (-7851898021681074697) creation_time : Sat Feb 8 02:42:49 PM 2014 MSK share_name : 'downloads' encryption_required : 0x00 (0) session_global_id : 0xe988a745 (3918047045) status : NT_STATUS_OK idle_time : Sat Feb 8 02:42:49 PM 2014 MSK compat : * smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[no:0] at ../source3/smbd/smb2_tcon.c:162 smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/14/31 smbd_smb2_request idx[1] of 5 vectors smb2_validate_sequence_number: clearing id 14 (position 14) from bitmap smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 14 setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (11): SID[ 0]: S-1-5-21-2645804954-394631454-4195090362-1000 SID[ 1]: S-1-22-2-1000 SID[ 2]: S-1-22-2-4 SID[ 3]: S-1-22-2-5 SID[ 4]: S-1-22-2-10 SID[ 5]: S-1-22-2-33 SID[ 6]: S-1-22-2-150 SID[ 7]: S-1-1-0 SID[ 8]: S-1-5-2 SID[ 9]: S-1-5-11 SID[ 10]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 4 Group[ 2]: 5 Group[ 3]: 10 Group[ 4]: 33 Group[ 5]: 150 Impersonated user: uid=(1000,1000), gid=(0,1000) vfs_ChDir to /home/transmission/downloads vfs_ChDir got /home/transmission/downloads mid 14, CreditCharge: 1, NeededCharge: 1 smbd_smb2_ioctl: ctl_code[0x00140204] , fnum [fsp is NULL] smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 24 status NT_STATUS_OK