[2014/07/11 17:04:37, 0] ../source3/smbd/server.c:1205(main) smbd version 4.1.8-Ubuntu started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/debug.c:334(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 doing parameter max log size = 20000 doing parameter include = /etc/samba/print.conf [2014/07/11 17:04:37, 3, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/print.conf" doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter cups options = raw doing parameter cups server = localhost:631 doing parameter spoolss: architecture = Windows x64 doing parameter root preexec = /usr/bin/renice +18 -p %d doing parameter printcap cache time = 60 [2014/07/11 17:04:37, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4877(lp_load_ex) pm_process() returned Yes [2014/07/11 17:04:37, 7, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5167(lp_servicenumber) lp_servicenumber: couldn't find homes [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 2 - private_data=(nil) [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 9 - private_data=(nil) [2014/07/11 17:04:37, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 11 - private_data=(nil) [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 12 - private_data=(nil) [2014/07/11 17:04:37, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 1 - private_data=(nil) [2014/07/11 17:04:37, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 5 - private_data=(nil) [2014/07/11 17:04:37.127191, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4838(lp_load_ex) lp_load_ex: refreshing parameters [2014/07/11 17:04:37.127288, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1487(free_param_opts) Freeing parametrics: [2014/07/11 17:04:37.127403, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:750(init_globals) Initialising global parameters [2014/07/11 17:04:37.127506, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:543(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2014/07/11 17:04:37.127655, 3, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2014/07/11 17:04:37.127751, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3564(do_section) Processing section "[global]" doing parameter unix extensions = no doing parameter security = ads doing parameter restrict anonymous = 2 doing parameter ldap ssl = start_tls doing parameter ldap ssl ads = yes doing parameter disable netbios = yes doing parameter netbios name = printsrv2-vie doing parameter realm = AD.CORP.ACME.COM doing parameter workgroup = ACME doing parameter local master = no doing parameter domain master = no doing parameter admin users = @"domain admins" @helpdesk-full doing parameter enable asu support = no doing parameter client use spnego = yes doing parameter inherit acls = yes doing parameter server signing = auto doing parameter client signing = auto doing parameter deadtime = 15 doing parameter max protocol = SMB2 doing parameter fake oplocks = yes doing parameter kernel oplocks = no doing parameter map to guest = bad uid doing parameter ntlm auth = no doing parameter log level = 10 [2014/07/11 17:04:37.128902, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/debug.c:334(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 doing parameter max log size = 20000 doing parameter include = /etc/samba/print.conf [2014/07/11 17:04:37.129915, 3, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/print.conf" doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter cups options = raw doing parameter cups server = localhost:631 doing parameter spoolss: architecture = Windows x64 doing parameter root preexec = /usr/bin/renice +18 -p %d doing parameter printcap cache time = 60 [2014/07/11 17:04:37.130457, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[printers]" [2014/07/11 17:04:37.130599, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1619(add_a_service) add_a_service: Creating snum = 0 for printers [2014/07/11 17:04:37.130720, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1660(hash_a_service) hash_a_service: creating servicehash [2014/07/11 17:04:37.130827, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1669(hash_a_service) hash_a_service: hashing index 0 for service name printers doing parameter admin users = @"domain admins" @support-admin-printers doing parameter comment = All Printers doing parameter browseable = yes doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter public = yes [2014/07/11 17:04:37.131251, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[print$]" [2014/07/11 17:04:37.131398, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1619(add_a_service) add_a_service: Creating snum = 1 for print$ [2014/07/11 17:04:37.131495, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1669(hash_a_service) hash_a_service: hashing index 1 for service name print$ doing parameter admin users = @"domain admins" @support-admin-printers doing parameter write list = @"domain admins" @support-admin-printers doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/printers doing parameter browseable = yes doing parameter guest ok = no doing parameter create mask = 2777 doing parameter directory mask = 2777 doing parameter force create mode = 2775 doing parameter force directory mode = 2775 [2014/07/11 17:04:37.132097, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3581(do_section) Processing section "[admin$]" [2014/07/11 17:04:37.132222, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1619(add_a_service) add_a_service: Creating snum = 2 for admin$ [2014/07/11 17:04:37.132329, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1669(hash_a_service) hash_a_service: hashing index 2 for service name admin$ doing parameter comment = Admin Share doing parameter path = /vol/admin doing parameter browseable = no doing parameter guest ok = yes doing parameter writeable = yes doing parameter include = /etc/samba/share.conf [2014/07/11 17:04:37.132728, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2841(handle_include) Can't find include file /etc/samba/share.conf doing parameter include = /etc/samba/gwinrc.conf [2014/07/11 17:04:37.132882, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2841(handle_include) Can't find include file /etc/samba/gwinrc.conf doing parameter include = /etc/samba/usershare.conf [2014/07/11 17:04:37.133036, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2841(handle_include) Can't find include file /etc/samba/usershare.conf [2014/07/11 17:04:37.133129, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4877(lp_load_ex) pm_process() returned Yes [2014/07/11 17:04:37.133244, 7, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:5167(lp_servicenumber) lp_servicenumber: couldn't find homes [2014/07/11 17:04:37.133366, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1619(add_a_service) add_a_service: Creating snum = 3 for IPC$ [2014/07/11 17:04:37.133460, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1669(hash_a_service) hash_a_service: hashing index 3 for service name IPC$ [2014/07/11 17:04:37.133562, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1773(lp_add_ipc) adding IPC service [2014/07/11 17:04:37.133682, 6, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2657(lp_file_list_changed) lp_file_list_changed() file /etc/samba/usershare.conf -> /etc/samba/usershare.conf last mod_time: Thu Jan 1 00:00:00 1970 file /etc/samba/gwinrc.conf -> /etc/samba/gwinrc.conf last mod_time: Thu Jan 1 00:00:00 1970 file /etc/samba/share.conf -> /etc/samba/share.conf last mod_time: Thu Jan 1 00:00:00 1970 file /etc/samba/print.conf -> /etc/samba/print.conf last mod_time: Tue Jun 3 19:21:17 2014 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Jul 11 17:00:57 2014 [2014/07/11 17:04:37.134471, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/interface.c:341(add_interface) added interface eth0 ip=2620:0:1054:0:a800:1ff:fe00:2326 bcast= netmask=ffff:ffff:ffff:ffff:: [2014/07/11 17:04:37.134603, 2, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/interface.c:341(add_interface) added interface eth0 ip=172.16.45.140 bcast=172.16.45.191 netmask=255.255.255.192 [2014/07/11 17:04:37.134778, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:1264(main) loaded services [2014/07/11 17:04:37.134903, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/util_names.c:144(init_names) Netbios name list:- my_netbios_names[0]="PRINTSRV2-VIE" [2014/07/11 17:04:37.135197, 0, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:1285(main) standard input is not a socket, assuming -D option [2014/07/11 17:04:37.135790, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:1296(main) Becoming a daemon. [2014/07/11 17:04:37.136223, 8, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/util.c:391(fcntl_lock) fcntl_lock 10 6 0 1 1 [2014/07/11 17:04:37.136354, 8, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/util.c:426(fcntl_lock) fcntl_lock: Lock call successful [2014/07/11 17:04:37.136655, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend smbpasswd [2014/07/11 17:04:37.136775, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2014/07/11 17:04:37.136890, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend tdbsam [2014/07/11 17:04:37.136985, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2014/07/11 17:04:37.137080, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend wbc_sam [2014/07/11 17:04:37.137174, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2014/07/11 17:04:37.137262, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend samba_dsdb [2014/07/11 17:04:37.137357, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'samba_dsdb' [2014/07/11 17:04:37.137445, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend samba4 [2014/07/11 17:04:37.137534, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'samba4' [2014/07/11 17:04:37.137626, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend ldapsam [2014/07/11 17:04:37.137720, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2014/07/11 17:04:37.137813, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2014/07/11 17:04:37.137907, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2014/07/11 17:04:37.137999, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:77(smb_register_passdb) Attempting to register passdb backend IPA_ldapsam [2014/07/11 17:04:37.138088, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:90(smb_register_passdb) Successfully added passdb backend 'IPA_ldapsam' [2014/07/11 17:04:37.138183, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:153(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2014/07/11 17:04:37.138274, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:174(make_pdb_method_name) Found pdb backend tdbsam [2014/07/11 17:04:37.138383, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:185(make_pdb_method_name) pdb backend tdbsam has a valid init [2014/07/11 17:04:37.138774, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_version_global.tdb [2014/07/11 17:04:37.138884, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_version_global.tdb 2: 3: [2014/07/11 17:04:37.138984, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 736D62587372765F7665 [2014/07/11 17:04:37.139099, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0x7faf5f9fdc40 [2014/07/11 17:04:37.139381, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 736D62587372765F7665 [2014/07/11 17:04:37.139511, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_version_global.tdb [2014/07/11 17:04:37.139606, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2014/07/11 17:04:37.139699, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_version.c:245(smbXsrv_version_global_init) smbXsrv_version_global_init [2014/07/11 17:04:37.139788, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_version.c:246(smbXsrv_version_global_init) [2014/07/11 17:04:37.139846, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_version_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_version_globalU(case 0) info0 : * info0: struct smbXsrv_version_global0 db_rec : NULL num_nodes : 0x00000001 (1) nodes: ARRAY(1) nodes: struct smbXsrv_version_node0 server_id: struct server_id pid : 0x0000000000000c07 (3079) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xe5baadc2659d830e (-1893009642915790066) min_version : SMBXSRV_VERSION_0 (0) max_version : SMBXSRV_VERSION_0 (0) current_version : SMBXSRV_VERSION_0 (0) [2014/07/11 17:04:37.141675, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 784 - private_data=0x7faf5f9fe980 [2014/07/11 17:04:37.141808, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 788 - private_data=0x7faf5fa00470 [2014/07/11 17:04:37.141923, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:293(messaging_register) Registering messaging pointer for type 789 - private_data=0x7faf5fa00900 [2014/07/11 17:04:37.142239, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:759(regdb_init) regdb_init: registry db openend. refcount reset (1) [2014/07/11 17:04:37.142384, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:70(reghook_cache_init) reghook_cache_init: new tree with default ops 0x7faf5e19a3e0 for key [] [2014/07/11 17:04:37.142878, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2014/07/11 17:04:37.143034, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2014/07/11 17:04:37.143136, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/07/11 17:04:37.143261, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2014/07/11 17:04:37.143358, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.143495, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2014/07/11 17:04:37.143596, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2014/07/11 17:04:37.143693, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.143814, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2014/07/11 17:04:37.143910, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2014/07/11 17:04:37.144016, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69de20 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2014/07/11 17:04:37.144111, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.144216, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2014/07/11 17:04:37.144309, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.144405, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e19a3e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2014/07/11 17:04:37.144498, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.144593, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2014/07/11 17:04:37.144685, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.144777, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e19a3e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2014/07/11 17:04:37.144866, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.144959, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2014/07/11 17:04:37.145056, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.145148, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69de80 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2014/07/11 17:04:37.145238, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.145331, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2014/07/11 17:04:37.145434, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.145528, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5d1d1b60 for key [\HKLM\SOFTWARE\Samba\smbconf] [2014/07/11 17:04:37.145618, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.145710, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2014/07/11 17:04:37.145801, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.145895, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69dee0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2014/07/11 17:04:37.145986, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.146078, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2014/07/11 17:04:37.146169, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.146259, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69df40 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2014/07/11 17:04:37.146348, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.146440, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2014/07/11 17:04:37.146530, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.146621, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69dfa0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2014/07/11 17:04:37.146711, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.146803, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2014/07/11 17:04:37.146894, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.146990, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69e000 for key [\HKPT] [2014/07/11 17:04:37.147079, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.147170, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2014/07/11 17:04:37.147259, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.147350, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69e060 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2014/07/11 17:04:37.147441, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.147544, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2014/07/11 17:04:37.147633, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.147727, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7faf5e69e0c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2014/07/11 17:04:37.147816, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2014/07/11 17:04:37.147909, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2014/07/11 17:04:37.147999, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2014/07/11 17:04:37.148090, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2014/07/11 17:04:37.148430, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2014/07/11 17:04:37.148535, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2014/07/11 17:04:37.149117, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2014/07/11 17:04:37.149464, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user PRINTSRV2-VIE\nobody [2014/07/11 17:04:37.149563, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is printsrv2-vie\nobody [2014/07/11 17:04:37.183310, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:128(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is PRINTSRV2-VIE\nobody [2014/07/11 17:04:37.183682, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:141(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is PRINTSRV2-VIE\NOBODY [2014/07/11 17:04:37.184020, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:153(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in printsrv2-vie\nobody [2014/07/11 17:04:37.184119, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [PRINTSRV2-VIE\nobody]! [2014/07/11 17:04:37.184211, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2014/07/11 17:04:37.184301, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2014/07/11 17:04:37.184398, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2014/07/11 17:04:37.184614, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:77(lookup_name) lookup_name: PRINTSRV2-VIE\nobody => domain=[PRINTSRV2-VIE], name=[nobody] [2014/07/11 17:04:37.184717, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:78(lookup_name) lookup_name: flags = 0x073 [2014/07/11 17:04:37.184834, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.184940, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.185059, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.185162, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.185264, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.185550, 4, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:552(tdbsam_open) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2014/07/11 17:04:37.185681, 5, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:594(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_nobody [2014/07/11 17:04:37.185827, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.185933, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.186026, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.186116, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.186205, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.186294, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.186592, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.186699, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:77(lookup_name) lookup_name: Unix User\nobody => domain=[Unix User], name=[nobody] [2014/07/11 17:04:37.186789, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:78(lookup_name) lookup_name: flags = 0x073 [2014/07/11 17:04:37.186915, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2014/07/11 17:04:37.187010, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2014/07/11 17:04:37.187103, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2014/07/11 17:04:37.187240, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1359(sid_to_uid) sid S-1-22-1-65534 -> uid 65534 [2014/07/11 17:04:37.187449, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) sys_getgrouplist: user [nobody] [2014/07/11 17:04:37.313857, 5, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:67(gencache_init) Opening cache file at /var/cache/samba/gencache.tdb [2014/07/11 17:04:37.314131, 5, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:110(gencache_init) Opening cache file at /var/run/samba/gencache_notrans.tdb [2014/07/11 17:04:37.314337, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65534 [2014/07/11 17:04:37.314440, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.314533, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.314763, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.314857, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.314947, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.315135, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.315233, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 65534 -> sid S-1-22-2-65534 [2014/07/11 17:04:37.315336, 1, pid=3079, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2936(lp_idmap_range) idmap range not specified for domain '*' [2014/07/11 17:04:37.315431, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:340(create_local_nt_token) Create local NT token for S-1-22-1-65534 [2014/07/11 17:04:37.315545, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2014/07/11 17:04:37.315638, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2014/07/11 17:04:37.315730, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2014/07/11 17:04:37.315847, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) sys_getgrouplist: user [nobody] [2014/07/11 17:04:37.442593, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1212(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65534 [2014/07/11 17:04:37.442716, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.442812, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.442902, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.442992, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.443081, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.443264, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.443362, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1075(legacy_gid_to_sid) LEGACY: gid 65534 -> sid S-1-22-2-65534 [2014/07/11 17:04:37.443527, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1435(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2014/07/11 17:04:37.443630, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.443722, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.443812, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.443901, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.444005, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.444178, 10, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-544 [2014/07/11 17:04:37.444290, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.444383, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-32-544 [2014/07/11 17:04:37.444481, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.444573, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.444662, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.444750, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.444838, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.445034, 10, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-544 [2014/07/11 17:04:37.445154, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_util.c:157(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2014/07/11 17:04:37.445263, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.445416, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1435(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2014/07/11 17:04:37.445517, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.445607, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.445694, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.445782, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.445868, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.446027, 10, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-545 [2014/07/11 17:04:37.446137, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.446230, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-32-545 [2014/07/11 17:04:37.446324, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.446415, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.446504, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.446607, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.446695, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.446872, 10, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-545 [2014/07/11 17:04:37.446985, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_util.c:128(create_builtin_users) create_builtin_users: Failed to create Users [2014/07/11 17:04:37.447088, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.447186, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.447277, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.447365, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.447453, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.447540, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.447823, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.448072, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-65534] [2014/07/11 17:04:37.448189, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-65534] [2014/07/11 17:04:37.448299, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:176(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2014/07/11 17:04:37.448441, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2014/07/11 17:04:37.448550, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2014/07/11 17:04:37.448762, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1280(sids_to_unixids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2014/07/11 17:04:37.448869, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.448961, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.449049, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.460392, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.460487, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.460638, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.460776, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-1-0 [2014/07/11 17:04:37.460892, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.460984, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.461072, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.461160, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.461259, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.461449, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.461545, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-1-0 [2014/07/11 17:04:37.461638, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.461743, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.461834, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.461922, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.462010, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.462157, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.462250, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-2 [2014/07/11 17:04:37.462343, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.462433, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.462522, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.462610, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.462698, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.462844, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.462937, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-2 [2014/07/11 17:04:37.463031, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.463121, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.463209, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.463315, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.463404, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.463565, 10, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-546 [2014/07/11 17:04:37.463676, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.463769, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-32-546 [2014/07/11 17:04:37.463863, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.463953, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.464042, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.464131, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.464219, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.464375, 10, pid=3079, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1526(pdb_default_sid_to_id) Could not find map for sid S-1-5-32-546 [2014/07/11 17:04:37.464484, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.464578, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1094(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-32-546 [2014/07/11 17:04:37.464675, 10, pid=3079, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:585(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2014/07/11 17:04:37.464775, 10, pid=3079, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:585(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2014/07/11 17:04:37.464867, 10, pid=3079, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:585(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2014/07/11 17:04:37.464970, 10, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (5): SID[ 0]: S-1-22-1-65534 SID[ 1]: S-1-22-2-65534 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 Privileges (0x 0): Rights (0x 0): [2014/07/11 17:04:37.465328, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 65534 [2014/07/11 17:04:37.466152, 3, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2014/07/11 17:04:37.466274, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.466369, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.466459, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.466564, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.466655, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.466913, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.467017, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2014/07/11 17:04:37.467309, 4, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/07/11 17:04:37.467440, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/07/11 17:04:37.467537, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/07/11 17:04:37.467872, 4, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/07/11 17:04:37.468127, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/07/11 17:04:37.468702, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/07/11 17:04:37.468800, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2014/07/11 17:04:37.468900, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/07/11 17:04:37.468995, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/07/11 17:04:37.469087, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.469177, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM] [2014/07/11 17:04:37.469359, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.469529, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 result : WERR_OK [2014/07/11 17:04:37.470071, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/07/11 17:04:37.474465, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.474637, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.474750, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/07/11 17:04:37.474848, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.474939, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.475031, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.475126, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.475237, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.475334, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.475430, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.475520, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.475611, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.475701, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.475832, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.475933, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.476031, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.476120, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.476212, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.476301, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.476434, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.476532, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.476625, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.476779, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 result : WERR_OK [2014/07/11 17:04:37.477167, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/07/11 17:04:37.477664, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.477835, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.477929, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.478032, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.478186, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.479244, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.480206, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.480365, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.480467, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.481284, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.482157, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.482316, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.482410, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.483157, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.484046, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.484205, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.484298, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.485023, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.485893, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.486050, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.486143, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.486976, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.487847, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.488003, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.488097, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.488829, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.489780, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.489938, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.490032, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.490791, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2014/07/11 17:04:37.491674, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.491833, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.491926, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.492720, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2014/07/11 17:04:37.494059, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.494215, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2014/07/11 17:04:37.494326, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.494430, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.494525, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.494617, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.494711, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.494801, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.494892, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.494994, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.495118, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.495219, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.495311, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.495406, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.495495, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.495587, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.495677, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.495791, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.495892, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.495987, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.496081, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.496175, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.496266, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.496358, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.496447, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.496575, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.496675, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2014/07/11 17:04:37.496768, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.496864, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.496954, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.497060, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.497152, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.497263, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.497362, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.497517, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.498000, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.498924, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.499081, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2014/07/11 17:04:37.499178, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.499271, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.499365, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.499471, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2014/07/11 17:04:37.499582, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2014/07/11 17:04:37.499680, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2014/07/11 17:04:37.499774, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2014/07/11 17:04:37.499868, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[28] [2014/07/11 17:04:37.499965, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[106] [2014/07/11 17:04:37.500060, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2014/07/11 17:04:37.500155, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.500357, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.501237, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.501409, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2014/07/11 17:04:37.501509, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.501604, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.501802, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.502608, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.502764, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2014/07/11 17:04:37.502858, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.502953, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.503166, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2014/07/11 17:04:37.504737, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.504909, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2014/07/11 17:04:37.505004, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.505104, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.505357, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2014/07/11 17:04:37.507082, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.507237, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2014/07/11 17:04:37.507332, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.507441, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.507640, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2014/07/11 17:04:37.511921, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.512080, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2014/07/11 17:04:37.512174, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.512269, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.512468, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2014/07/11 17:04:37.517210, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.517366, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2014/07/11 17:04:37.517460, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.517555, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.517786, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.518085, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.518253, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.518409, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.518501, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.518591, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.518946, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2014/07/11 17:04:37.520363, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.520520, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2014/07/11 17:04:37.520616, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.520729, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.520824, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.520931, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.521025, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.521115, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.521209, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.521297, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.521407, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.521506, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.521598, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.521695, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.521786, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.521877, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.521967, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.522096, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.522196, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.522290, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.522382, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.522476, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.522565, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.522657, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.522747, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.522875, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.522988, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.523084, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2014/07/11 17:04:37.523177, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.523271, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.523361, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.523453, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.523542, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2014/07/11 17:04:37.523652, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.523750, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2014/07/11 17:04:37.523843, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.523939, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2014/07/11 17:04:37.524029, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2014/07/11 17:04:37.524122, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.524210, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2014/07/11 17:04:37.524316, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.524413, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.524568, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.525057, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2014/07/11 17:04:37.530423, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.530581, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2014/07/11 17:04:37.530706, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.530804, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.530898, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2014/07/11 17:04:37.531004, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2014/07/11 17:04:37.531101, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.531293, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.531591, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.531746, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.531899, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.531990, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.532094, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.532455, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2014/07/11 17:04:37.533793, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.533950, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2014/07/11 17:04:37.534045, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.534139, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.534235, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.534327, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.534421, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.534511, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.534602, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.534691, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.534800, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.534897, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.534990, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.535089, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.535183, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.535274, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.535380, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.535495, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.535595, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.535688, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.535781, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.535876, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.535966, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.536062, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.536152, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.536279, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.536379, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2014/07/11 17:04:37.536472, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.536568, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.536658, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.536751, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.536840, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.536955, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.537054, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.537210, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.537660, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.538456, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.538612, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2014/07/11 17:04:37.538706, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.538798, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.538894, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.538999, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2014/07/11 17:04:37.539097, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2014/07/11 17:04:37.539192, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2014/07/11 17:04:37.539287, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2014/07/11 17:04:37.539381, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[20] [2014/07/11 17:04:37.539475, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[164] [2014/07/11 17:04:37.539570, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2014/07/11 17:04:37.539663, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.539873, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.540791, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.540949, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2014/07/11 17:04:37.541044, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.541139, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.541336, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.542131, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.542302, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2014/07/11 17:04:37.542396, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.542506, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.542705, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2014/07/11 17:04:37.544362, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.544520, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2014/07/11 17:04:37.544614, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.544710, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.544912, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2014/07/11 17:04:37.546337, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.546494, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2014/07/11 17:04:37.546588, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.546684, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.546880, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2014/07/11 17:04:37.551057, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.551226, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2014/07/11 17:04:37.551323, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.551419, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.551618, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2014/07/11 17:04:37.559293, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.559465, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2014/07/11 17:04:37.559560, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.559656, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.559850, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.560148, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.560312, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.560525, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.560619, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.560732, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.561092, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2014/07/11 17:04:37.562497, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.562654, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2014/07/11 17:04:37.562750, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.562844, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.562937, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.563030, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.563124, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.563214, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.563305, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.563394, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.563504, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.563602, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.563695, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.563792, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.563882, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.563973, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.564062, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.564174, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.564287, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.564381, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.564473, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.564567, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.564657, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.564749, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.564837, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.564966, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.565067, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.565169, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2014/07/11 17:04:37.565261, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.565356, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.565446, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.565539, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.565628, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2014/07/11 17:04:37.565742, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.565840, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2014/07/11 17:04:37.565933, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.566029, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2014/07/11 17:04:37.566121, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2014/07/11 17:04:37.566214, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.566317, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2014/07/11 17:04:37.566425, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.566522, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.566677, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.567118, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2014/07/11 17:04:37.572517, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.572688, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2014/07/11 17:04:37.572783, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.572876, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.572969, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2014/07/11 17:04:37.573083, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2014/07/11 17:04:37.573180, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.573375, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.573675, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.573830, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.573982, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.574087, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.574179, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.574534, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2014/07/11 17:04:37.575865, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.576022, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2014/07/11 17:04:37.576118, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.576211, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.576304, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.576396, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.576490, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.576591, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.576686, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.576774, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.576884, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.576982, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.577074, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.577171, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.577260, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.577350, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.577438, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.577550, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.577648, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.577742, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.577834, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.577928, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.578017, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.578111, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.578200, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.578327, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.578426, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2014/07/11 17:04:37.578517, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.578612, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.578715, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.578808, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.578897, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.579007, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.579104, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.579259, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.579791, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.580591, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.580786, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2014/07/11 17:04:37.580883, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.580976, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.581070, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.581191, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2014/07/11 17:04:37.581289, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2014/07/11 17:04:37.581384, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2014/07/11 17:04:37.581478, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2014/07/11 17:04:37.581572, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[48] [2014/07/11 17:04:37.581683, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[126] [2014/07/11 17:04:37.581779, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2014/07/11 17:04:37.581874, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.582225, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.583026, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.583183, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2014/07/11 17:04:37.583277, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.583371, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.583567, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.584376, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.584532, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2014/07/11 17:04:37.584628, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.584723, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.584920, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2014/07/11 17:04:37.586510, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.586666, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2014/07/11 17:04:37.586761, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.586856, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.587057, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2014/07/11 17:04:37.589560, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.589716, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2014/07/11 17:04:37.589810, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.589905, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.590103, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2014/07/11 17:04:37.594253, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.594425, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2014/07/11 17:04:37.594521, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.594736, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.594947, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2014/07/11 17:04:37.600453, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.600609, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2014/07/11 17:04:37.600772, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.600871, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.601064, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.601363, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.601518, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.601672, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.601777, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.601873, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.602231, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2014/07/11 17:04:37.603760, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.603922, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2014/07/11 17:04:37.604019, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.604114, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.604208, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.604300, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.604394, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.604484, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.604575, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.604664, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.604776, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.604875, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.604981, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.605077, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.605173, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.605265, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.605354, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.605467, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.605566, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.605659, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.605752, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.605846, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.605936, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.606030, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.606120, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.606248, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.606348, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.606442, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2014/07/11 17:04:37.606534, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.606629, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.606719, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.606811, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.606901, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2014/07/11 17:04:37.607025, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.607126, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2014/07/11 17:04:37.607219, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.607314, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2014/07/11 17:04:37.607405, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2014/07/11 17:04:37.607498, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.607587, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2014/07/11 17:04:37.607692, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.607790, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.607945, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.608387, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2014/07/11 17:04:37.613833, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.613993, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2014/07/11 17:04:37.614089, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.614183, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.614276, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2014/07/11 17:04:37.614384, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2014/07/11 17:04:37.614481, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.614675, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.614988, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.615149, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.615302, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.615394, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.615486, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.615842, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2014/07/11 17:04:37.617172, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.617340, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2014/07/11 17:04:37.617438, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.617532, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.617624, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.617716, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.617809, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.617898, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.617989, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.618078, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.618188, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.618286, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.618379, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.618477, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.618566, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.618658, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.618748, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.618860, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.618958, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.619051, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.619142, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.619237, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.619326, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.619433, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.619523, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.619650, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.619750, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2014/07/11 17:04:37.619843, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.620001, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.620094, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.620188, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.620277, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.620389, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.620489, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.620645, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.621099, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.621923, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.622081, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2014/07/11 17:04:37.622175, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.622268, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.622360, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.622464, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2014/07/11 17:04:37.622563, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2014/07/11 17:04:37.622658, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2014/07/11 17:04:37.622753, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2014/07/11 17:04:37.622847, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[74] [2014/07/11 17:04:37.622942, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[178] [2014/07/11 17:04:37.623037, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2014/07/11 17:04:37.623132, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.623327, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.624137, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.624295, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2014/07/11 17:04:37.624389, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.624645, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.624973, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2014/07/11 17:04:37.625830, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.625987, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2014/07/11 17:04:37.626084, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.626179, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.626379, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2014/07/11 17:04:37.627958, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.628114, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2014/07/11 17:04:37.628209, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.628303, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.628504, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2014/07/11 17:04:37.632107, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.632265, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2014/07/11 17:04:37.632359, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.632469, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.632667, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x6e (110) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2014/07/11 17:04:37.636707, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.636865, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2014/07/11 17:04:37.636960, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.637054, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.637251, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2014/07/11 17:04:37.644895, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.645052, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2014/07/11 17:04:37.645152, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.645247, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.645441, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.645737, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.645907, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.646063, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.646154, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.646245, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.646600, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2014/07/11 17:04:37.647931, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.648087, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2014/07/11 17:04:37.648183, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.648276, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.648384, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.648478, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.648572, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.648662, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.648754, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.648843, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.648953, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.649051, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.649221, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.649328, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.649418, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.649510, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.649598, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.649711, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.649811, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.649905, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.649997, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.650092, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.650182, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.650340, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.650432, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.650563, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.650696, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2014/07/11 17:04:37.650794, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2014/07/11 17:04:37.650933, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.651029, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.651119, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.651211, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.651315, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2014/07/11 17:04:37.651427, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.651526, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2014/07/11 17:04:37.651619, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.651717, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2014/07/11 17:04:37.651807, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2014/07/11 17:04:37.651899, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.651988, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2014/07/11 17:04:37.652094, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.652192, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.652348, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-c053-2519070c0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2014/07/11 17:04:37.652787, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-c053-2519070c0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2014/07/11 17:04:37.658064, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.658221, 8, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2014/07/11 17:04:37.658330, 5, pid=3079, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2014/07/11 17:04:37.658423, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.658516, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2014/07/11 17:04:37.658622, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2014/07/11 17:04:37.658718, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2014/07/11 17:04:37.658909, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.659206, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.659361, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.659514, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.659604, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.659696, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.660045, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.660435, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.660595, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.660784, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.660878, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/07/11 17:04:37.660969, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.661331, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2014/07/11 17:04:37.661452, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2014/07/11 17:04:37.661662, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/07/11 17:04:37.661829, 3, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2014/07/11 17:04:37.661942, 4, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2014/07/11 17:04:37.662041, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2014/07/11 17:04:37.662133, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2014/07/11 17:04:37.662260, 4, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2014/07/11 17:04:37.662370, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/07/11 17:04:37.662888, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2014/07/11 17:04:37.663042, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.663137, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2014/07/11 17:04:37.663230, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2014/07/11 17:04:37.663334, 5, pid=3079, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2014/07/11 17:04:37.663426, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:629(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2014/07/11 17:04:37.663697, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2014/07/11 17:04:37.663801, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2014/07/11 17:04:37.663896, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2014/07/11 17:04:37.663987, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2014/07/11 17:04:37.664077, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.664166, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM] [2014/07/11 17:04:37.664316, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.664478, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-c053-2519070c0000 result : WERR_OK [2014/07/11 17:04:37.664835, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-c053-2519070c0000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2014/07/11 17:04:37.665864, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.666023, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2014/07/11 17:04:37.666135, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2014/07/11 17:04:37.666230, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2014/07/11 17:04:37.666320, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2014/07/11 17:04:37.666412, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.666500, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM] [2014/07/11 17:04:37.666630, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2014/07/11 17:04:37.666728, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2014/07/11 17:04:37.666821, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.666911, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.667002, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.667092, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2014/07/11 17:04:37.667231, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2014/07/11 17:04:37.667328, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2014/07/11 17:04:37.667423, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.667512, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.667604, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.667693, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2014/07/11 17:04:37.667847, 7, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2014/07/11 17:04:37.667946, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2014/07/11 17:04:37.668041, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.668131, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.668235, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2014/07/11 17:04:37.668327, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7faf5e19a3e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.668454, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2014/07/11 17:04:37.668550, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2014/07/11 17:04:37.668642, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2014/07/11 17:04:37.668735, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.668889, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-c053-2519070c0000 result : WERR_OK [2014/07/11 17:04:37.669243, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-c053-2519070c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2014/07/11 17:04:37.669800, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.669964, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7faf5e19a3e0) [2014/07/11 17:04:37.670059, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.670185, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2014/07/11 17:04:37.670283, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2014/07/11 17:04:37.670379, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2014/07/11 17:04:37.670514, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2014/07/11 17:04:37.671547, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-c053-2519070c0000 [2014/07/11 17:04:37.671862, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.672019, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 C0 53 25 19 ........ .....S%. [0010] 07 0C 00 00 .... [2014/07/11 17:04:37.672172, 6, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2014/07/11 17:04:37.672263, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2014/07/11 17:04:37.672354, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2014/07/11 17:04:37.672698, 10, pid=3079, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2014/07/11 17:04:37.672829, 10, pid=3079, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2014/07/11 17:04:37.672957, 0, pid=3079, effective(0, 0), real(0, 0)] ../lib/util/become_daemon.c:136(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connectionsRegistering messaging pointer for type 515 - private_data=(nil) [2014/07/11 17:04:37.674463, 6, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:402(ads_find_dc) ads_find_dc: (ldap) looking for realm 'AD.CORP.ACME.COM' [2014/07/11 17:04:37.674639, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:102(sitename_fetch) sitename_fetch: No stored sitename for AD.CORP.ACME.COM [2014/07/11 17:04:37.674757, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:77(ads_dc_name) ads_dc_name: domain=ACME [2014/07/11 17:04:37.674884, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:102(sitename_fetch) sitename_fetch: No stored sitename for AD.CORP.ACME.COM [2014/07/11 17:04:37.674976, 6, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:422(ads_find_dc) ads_find_dc: (cldap) looking for realm 'AD.CORP.ACME.COM' [2014/07/11 17:04:37.675074, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3289(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name AD.CORP.ACME.COM (sitename NULL) [2014/07/11 17:04:37.675257, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:208(saf_fetch) saf_fetch: failed to find server for "AD.CORP.ACME.COM" domain [2014/07/11 17:04:37.675369, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3102(get_dc_list) get_dc_list: preferred server list: ", *" [2014/07/11 17:04:37.675476, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up AD.CORP.ACME.COM#1c (sitename (null)) [2014/07/11 17:04:37.675608, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:160(namecache_fetch) no entry for AD.CORP.ACME.COM#1C found. [2014/07/11 17:04:37.675717, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2452(resolve_ads) resolve_ads: Attempting to resolve DCs for AD.CORP.ACME.COM using DNS [2014/07/11 17:04:37.678903, 4, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:442(ads_dns_lookup_srv) ads_dns_lookup_srv: 10 records returned in the answer section. [2014/07/11 17:04:37.679043, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed cbf-dc-4.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679190, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed eem-dc-2.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679286, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed eem-dc-3.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679379, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed hot-dc-3.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679472, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed hot-dc-4.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679568, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed hot-dc-5.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679661, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed twd-dc-3.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679753, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed twd-dc-4.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679845, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed cbf-dc-2.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.679937, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed cbf-dc-3.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:37.836928, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:37.837026, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:78(namecache_store) namecache_store: storing 20 addresses for AD.CORP.ACME.COM#1c: [2620:0:10c0:115b:d6ae:52ff:fe72:375b],172.25.119.213,[2620:0:10c8:111f:7a2b:cbff:fe22:ac0a],172.25.152.139,[2620:0:10c8:1120:7a2b:cbff:fe51:4505],172.25.152.208,[2620:0:10c1:1130:862b:2bff:fe01:b86a],172.24.204.10,[2620:0:10c1:1130:862b:2bff:fe01:bb49],172.24.204.11,[2620:0:10c1:1130:862b:2bff:fe01:b710],172.24.204.12,[2620:0:10cc:1109:7a2b:cbff:fe1e:a39c],172.24.156.19,[2620:0:10cc:1109:7a2b:cbff:fe1e:b48c],172.24.156.20,[2620:0:10c0:1155:7a2b:cbff:fe40:9863],172.25.118.69,[2620:0:10c0:1157:7a2b:cbff:fe40:8b45],172.25.118.210 [2014/07/11 17:04:37.837204, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[NBT/AD.CORP.ACME.COM#1C] and timeout=[Fri Jul 11 17:15:37 2014 UTC] (660 seconds ahead) [2014/07/11 17:04:37.885456, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2764(internal_resolve_name) internal_resolve_name: returning 20 addresses: 2620:0:10c0:115b:d6ae:52ff:fe72:375b:389 172.25.119.213:389 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a:389 172.25.152.139:389 2620:0:10c8:1120:7a2b:cbff:fe51:4505:389 172.25.152.208:389 2620:0:10c1:1130:862b:2bff:fe01:b86a:389 172.24.204.10:389 2620:0:10c1:1130:862b:2bff:fe01:bb49:389 172.24.204.11:389 2620:0:10c1:1130:862b:2bff:fe01:b710:389 172.24.204.12:389 2620:0:10cc:1109:7a2b:cbff:fe1e:a39c:389 172.24.156.19:389 2620:0:10cc:1109:7a2b:cbff:fe1e:b48c:389 172.24.156.20:389 2620:0:10c0:1155:7a2b:cbff:fe40:9863:389 172.25.118.69:389 2620:0:10c0:1157:7a2b:cbff:fe40:8b45:389 172.25.118.210:389 [2014/07/11 17:04:37.885562, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3123(get_dc_list) Adding 20 DC's from auto lookup [2014/07/11 17:04:37.885672, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c0:115b:d6ae:52ff:fe72:375b [2014/07/11 17:04:37.885746, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.119.213 [2014/07/11 17:04:37.885816, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a [2014/07/11 17:04:37.885887, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.139 [2014/07/11 17:04:37.885956, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:1120:7a2b:cbff:fe51:4505 [2014/07/11 17:04:37.886024, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.208 [2014/07/11 17:04:37.886095, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c1:1130:862b:2bff:fe01:b86a [2014/07/11 17:04:37.886164, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.204.10 [2014/07/11 17:04:37.886233, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c1:1130:862b:2bff:fe01:bb49 [2014/07/11 17:04:37.886315, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.204.11 [2014/07/11 17:04:37.886386, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c1:1130:862b:2bff:fe01:b710 [2014/07/11 17:04:37.886455, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.204.12 [2014/07/11 17:04:37.886524, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10cc:1109:7a2b:cbff:fe1e:a39c [2014/07/11 17:04:37.886592, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.156.19 [2014/07/11 17:04:37.886661, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10cc:1109:7a2b:cbff:fe1e:b48c [2014/07/11 17:04:37.886729, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.156.20 [2014/07/11 17:04:37.886798, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c0:1155:7a2b:cbff:fe40:9863 [2014/07/11 17:04:37.886867, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.118.69 [2014/07/11 17:04:37.886936, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c0:1157:7a2b:cbff:fe40:8b45 [2014/07/11 17:04:37.887005, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.118.210 [2014/07/11 17:04:37.887059, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:37.887118, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3239(get_dc_list) get_dc_list: returning 20 ip addresses in an ordered list [2014/07/11 17:04:37.887172, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3240(get_dc_list) get_dc_list: 172.25.119.213:389 172.25.152.139:389 172.25.152.208:389 172.24.204.10:389 172.24.204.11:389 172.24.204.12:389 172.24.156.19:389 172.24.156.20:389 172.25.118.69:389 172.25.118.210:389 2620:0:10c0:115b:d6ae:52ff:fe72:375b:389 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a:389 2620:0:10c8:1120:7a2b:cbff:fe51:4505:389 2620:0:10c1:1130:862b:2bff:fe01:b86a:389 2620:0:10c1:1130:862b:2bff:fe01:bb49:389 2620:0:10c1:1130:862b:2bff:fe01:b710:389 2620:0:10cc:1109:7a2b:cbff:fe1e:a39c:389 2620:0:10cc:1109:7a2b:cbff:fe1e:b48c:389 2620:0:10c0:1155:7a2b:cbff:fe40:9863:389 2620:0:10c0:1157:7a2b:cbff:fe40:8b45:389 [2014/07/11 17:04:37.887267, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.119.213 [2014/07/11 17:04:37.887338, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:270(ads_try_connect) ads_try_connect: sending CLDAP request to 172.25.119.213 (realm: AD.CORP.ACME.COM) [2014/07/11 17:04:38.020510, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f17c (61820) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 0: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'CBF-DC-4.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'CBF-DC-4' user_name : '' server_site : 'CBF' client_site : 'VIE' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/07/11 17:04:38.022102, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ACME], sitename = [VIE], expire = [2085923199] [2014/07/11 17:04:38.022190, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[AD_SITENAME/DOMAIN/ACME] and timeout=[Wed Dec 31 23:59:59 -2147481749 UTC] (680824921 seconds ahead) [2014/07/11 17:04:38.022281, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ad.corp.acme.com], sitename = [VIE], expire = [2085923199] [2014/07/11 17:04:38.022362, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[AD_SITENAME/DOMAIN/AD.CORP.ACME.COM] and timeout=[Wed Dec 31 23:59:59 -2147481749 UTC] (680824921 seconds ahead) [2014/07/11 17:04:38.022452, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:680(ads_connect) Successfully contacted LDAP server 172.25.119.213 [2014/07/11 17:04:38.022538, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for AD.CORP.ACME.COM: "VIE" [2014/07/11 17:04:38.022604, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for AD.CORP.ACME.COM: "VIE" [2014/07/11 17:04:38.022682, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:363(gencache_del) Deleting cache entry (key=[NBT/AD.CORP.ACME.COM#1C]) [2014/07/11 17:04:38.022755, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[NBT/AD.CORP.ACME.COM#1C] and timeout=[Thu Jan 1 00:00:00 1970 UTC] (-1405098278 seconds in the past) [2014/07/11 17:04:38.022834, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:363(gencache_del) Deleting cache entry (key=[NBT/ACME#1C]) [2014/07/11 17:04:38.022903, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:77(ads_dc_name) ads_dc_name: domain=ACME [2014/07/11 17:04:38.022967, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for AD.CORP.ACME.COM: "VIE" [2014/07/11 17:04:38.023020, 6, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:422(ads_find_dc) ads_find_dc: (cldap) looking for realm 'AD.CORP.ACME.COM' [2014/07/11 17:04:38.023072, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3289(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name AD.CORP.ACME.COM (sitename VIE) [2014/07/11 17:04:38.023149, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:208(saf_fetch) saf_fetch: failed to find server for "AD.CORP.ACME.COM" domain [2014/07/11 17:04:38.023205, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3102(get_dc_list) get_dc_list: preferred server list: ", *" [2014/07/11 17:04:38.023258, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up AD.CORP.ACME.COM#1c (sitename VIE) [2014/07/11 17:04:38.023320, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:160(namecache_fetch) no entry for AD.CORP.ACME.COM#1C found. [2014/07/11 17:04:38.023377, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2452(resolve_ads) resolve_ads: Attempting to resolve DCs for AD.CORP.ACME.COM using DNS [2014/07/11 17:04:38.023823, 4, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:442(ads_dns_lookup_srv) ads_dns_lookup_srv: 2 records returned in the answer section. [2014/07/11 17:04:38.023890, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed eem-dc-3.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:38.023946, 10, pid=3079, effective(0, 0), real(0, 0)] ../lib/addns/dnsquery.c:216(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed eem-dc-2.ad.corp.acme.com [0, 100, 389] [2014/07/11 17:04:38.024983, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.025049, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:78(namecache_store) namecache_store: storing 4 addresses for AD.CORP.ACME.COM#1c: [2620:0:10c8:1120:7a2b:cbff:fe51:4505],172.25.152.208,[2620:0:10c8:111f:7a2b:cbff:fe22:ac0a],172.25.152.139 [2014/07/11 17:04:38.025134, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[NBT/AD.CORP.ACME.COM#1C] and timeout=[Fri Jul 11 17:15:38 2014 UTC] (660 seconds ahead) [2014/07/11 17:04:38.025216, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2764(internal_resolve_name) internal_resolve_name: returning 4 addresses: 2620:0:10c8:1120:7a2b:cbff:fe51:4505:389 172.25.152.208:389 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a:389 172.25.152.139:389 [2014/07/11 17:04:38.025277, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3123(get_dc_list) Adding 4 DC's from auto lookup [2014/07/11 17:04:38.025357, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:1120:7a2b:cbff:fe51:4505 [2014/07/11 17:04:38.025429, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.208 [2014/07/11 17:04:38.025498, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a [2014/07/11 17:04:38.025567, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.139 [2014/07/11 17:04:38.025621, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.025675, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3239(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2014/07/11 17:04:38.025728, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3240(get_dc_list) get_dc_list: 172.25.152.208:389 172.25.152.139:389 2620:0:10c8:1120:7a2b:cbff:fe51:4505:389 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a:389 [2014/07/11 17:04:38.025800, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.208 [2014/07/11 17:04:38.025858, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:270(ads_try_connect) ads_try_connect: sending CLDAP request to 172.25.152.208 (realm: AD.CORP.ACME.COM) [2014/07/11 17:04:38.066723, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fc (61948) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'EEM-DC-3.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'EEM-DC-3' user_name : '' server_site : 'EEM' client_site : 'VIE' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/07/11 17:04:38.067875, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ACME], sitename = [VIE], expire = [2085923199] [2014/07/11 17:04:38.067953, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for AD_SITENAME/DOMAIN/ACME, we already got it [2014/07/11 17:04:38.068009, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ad.corp.acme.com], sitename = [VIE], expire = [2085923199] [2014/07/11 17:04:38.068070, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for AD_SITENAME/DOMAIN/AD.CORP.ACME.COM, we already got it [2014/07/11 17:04:38.068129, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:680(ads_connect) Successfully contacted LDAP server 172.25.152.208 [2014/07/11 17:04:38.068194, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for AD.CORP.ACME.COM: "VIE" [2014/07/11 17:04:38.068256, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:222(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2014/07/11 17:04:38.068354, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:874(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.ACME, realm = AD.CORP.ACME.COM, domain = ACME [2014/07/11 17:04:38.068456, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:208(saf_fetch) saf_fetch: failed to find server for "AD.CORP.ACME.COM" domain [2014/07/11 17:04:38.068515, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3102(get_dc_list) get_dc_list: preferred server list: ", *" [2014/07/11 17:04:38.068568, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up AD.CORP.ACME.COM#1c (sitename VIE) [2014/07/11 17:04:38.068631, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch) name AD.CORP.ACME.COM#1C found. [2014/07/11 17:04:38.068707, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.068764, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3123(get_dc_list) Adding 4 DC's from auto lookup [2014/07/11 17:04:38.068833, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:1120:7a2b:cbff:fe51:4505 [2014/07/11 17:04:38.068902, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.208 [2014/07/11 17:04:38.068971, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a [2014/07/11 17:04:38.069040, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.139 [2014/07/11 17:04:38.069102, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.069158, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3239(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2014/07/11 17:04:38.069210, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3240(get_dc_list) get_dc_list: 172.25.152.208:389 172.25.152.139:389 2620:0:10c8:1120:7a2b:cbff:fe51:4505:389 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a:389 [2014/07/11 17:04:38.069292, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:208(saf_fetch) saf_fetch: failed to find server for "AD.CORP.ACME.COM" domain [2014/07/11 17:04:38.069347, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3102(get_dc_list) get_dc_list: preferred server list: ", *" [2014/07/11 17:04:38.069399, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up AD.CORP.ACME.COM#1c (sitename (null)) [2014/07/11 17:04:38.069461, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:165(namecache_fetch) name AD.CORP.ACME.COM#1C found. [2014/07/11 17:04:38.069523, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.069577, 8, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3123(get_dc_list) Adding 4 DC's from auto lookup [2014/07/11 17:04:38.069645, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:1120:7a2b:cbff:fe51:4505 [2014/07/11 17:04:38.069714, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.208 [2014/07/11 17:04:38.069783, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a [2014/07/11 17:04:38.069854, 9, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.25.152.139 [2014/07/11 17:04:38.069907, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.069960, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3239(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2014/07/11 17:04:38.070012, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:3240(get_dc_list) get_dc_list: 172.25.152.208:389 172.25.152.139:389 2620:0:10c8:1120:7a2b:cbff:fe51:4505:389 2620:0:10c8:111f:7a2b:cbff:fe22:ac0a:389 [2014/07/11 17:04:38.099731, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fc (61948) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'EEM-DC-2.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'EEM-DC-2' user_name : '' server_site : 'EEM' client_site : 'VIE' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/07/11 17:04:38.100971, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fc (61948) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'EEM-DC-3.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'EEM-DC-3' user_name : '' server_site : 'EEM' client_site : 'VIE' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/07/11 17:04:38.102077, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fc (61948) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'EEM-DC-3.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'EEM-DC-3' user_name : '' server_site : 'EEM' client_site : 'VIE' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/07/11 17:04:38.103187, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:614(print_kdc_line) print_kdc_line: IPv6 case for kdc_name: EEM-DC-3.ad.corp.acme.com, port: 0 [2014/07/11 17:04:38.103248, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:802(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 172.25.152.208 kdc = 172.25.152.139 kdc = EEM-DC-3.ad.corp.acme.com [2014/07/11 17:04:38.103425, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/kerberos.c:965(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.ACME with realm AD.CORP.ACME.COM KDC list = kdc = 172.25.152.208 kdc = 172.25.152.139 kdc = EEM-DC-3.ad.corp.acme.com [2014/07/11 17:04:38.103552, 4, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery_dc.c:153(ads_dc_name) ads_dc_name: using server='EEM-DC-3.AD.CORP.ACME.COM' IP=172.25.152.208 [2014/07/11 17:04:38.103628, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for AD.CORP.ACME.COM: "VIE" [2014/07/11 17:04:38.103683, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2598(internal_resolve_name) internal_resolve_name: looking up EEM-DC-3.AD.CORP.ACME.COM#20 (sitename VIE) [2014/07/11 17:04:38.103759, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:160(namecache_fetch) no entry for EEM-DC-3.AD.CORP.ACME.COM#20 found. [2014/07/11 17:04:38.103816, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2266(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name EEM-DC-3.AD.CORP.ACME.COM<0x20> [2014/07/11 17:04:38.103888, 3, pid=3079, effective(0, 0), real(0, 0)] ../libcli/nbt/lmhosts.c:185(resolve_lmhosts_file_as_sockaddr) resolve_lmhosts: Attempting lmhosts lookup for name EEM-DC-3.AD.CORP.ACME.COM<0x20> [2014/07/11 17:04:38.103951, 4, pid=3079, effective(0, 0), real(0, 0)] ../libcli/nbt/lmhosts.c:41(startlmhosts) startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory [2014/07/11 17:04:38.104030, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2068(resolve_wins_send) resolve_wins: WINS server resolution selected and no WINS servers listed. [2014/07/11 17:04:38.104092, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2323(resolve_hosts) resolve_hosts: Attempting host lookup for name EEM-DC-3.AD.CORP.ACME.COM<0x20> [2014/07/11 17:04:38.104813, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:1110(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2014/07/11 17:04:38.104877, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namecache.c:78(namecache_store) namecache_store: storing 2 addresses for EEM-DC-3.AD.CORP.ACME.COM#20: [2620:0:10c8:1120:7a2b:cbff:fe51:4505],172.25.152.208 [2014/07/11 17:04:38.104960, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[NBT/EEM-DC-3.AD.CORP.ACME.COM#20] and timeout=[Fri Jul 11 17:15:38 2014 UTC] (660 seconds ahead) [2014/07/11 17:04:38.105046, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:2764(internal_resolve_name) internal_resolve_name: returning 2 addresses: 2620:0:10c8:1120:7a2b:cbff:fe51:4505:0 172.25.152.208:0 [2014/07/11 17:04:38.105108, 5, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:270(ads_try_connect) ads_try_connect: sending CLDAP request to 172.25.152.208 (realm: AD.CORP.ACME.COM) [2014/07/11 17:04:38.134736, 1, pid=3079, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fc (61948) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'EEM-DC-3.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'EEM-DC-3' user_name : '' server_site : 'EEM' client_site : 'VIE' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2014/07/11 17:04:38.135869, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ACME], sitename = [VIE], expire = [2085923199] [2014/07/11 17:04:38.135943, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for AD_SITENAME/DOMAIN/ACME, we already got it [2014/07/11 17:04:38.135999, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ad.corp.acme.com], sitename = [VIE], expire = [2085923199] [2014/07/11 17:04:38.136059, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for AD_SITENAME/DOMAIN/AD.CORP.ACME.COM, we already got it [2014/07/11 17:04:38.136118, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:680(ads_connect) Successfully contacted LDAP server 172.25.152.208 [2014/07/11 17:04:38.136183, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:70(ldap_open_with_timeout) Opening connection to LDAP server 'EEM-DC-3.ad.corp.acme.com:389', timeout 15 seconds [2014/07/11 17:04:38.177335, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:118(ldap_open_with_timeout) Connected to LDAP server 'EEM-DC-3.ad.corp.acme.com:389' [2014/07/11 17:04:38.177420, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:723(ads_connect) Connected to LDAP server EEM-DC-3.ad.corp.acme.com [2014/07/11 17:04:38.177475, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:222(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2014/07/11 17:04:38.177542, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:86(saf_store) saf_store: domain = [ACME], server = [EEM-DC-3.ad.corp.acme.com], expire = [1405099178] [2014/07/11 17:04:38.177620, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[SAF/DOMAIN/ACME] and timeout=[Fri Jul 11 17:19:38 2014 UTC] (900 seconds ahead) [2014/07/11 17:04:38.177709, 10, pid=3079, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:86(saf_store) saf_store: domain = [AD.CORP.ACME.COM], server = [EEM-DC-3.ad.corp.acme.com], expire = [1405099178] [2014/07/11 17:04:38.177780, 10, pid=3079, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[SAF/DOMAIN/AD.CORP.ACME.COM] and timeout=[Fri Jul 11 17:19:38 2014 UTC] (900 seconds ahead) [2014/07/11 17:04:57.208476, 0, pid=3079, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Connect error [2014/07/11 17:04:57.208675, 3, pid=3079, effective(0, 0), real(0, 0)] ../source3/printing/nt_printing_ads.c:513(check_published_printers) ads_connect failed: Connect error