[2016/02/25 13:25:31.135322, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 25 12:41:16 2016 [2016/02/25 13:25:31.135504, 3] lib/access.c:338(allow_access) Allowed connection from 172.18.0.241 (172.18.0.241) [2016/02/25 13:25:31.135558, 10] smbd/process.c:3020(smbd_process) Connection allowed from ipv4:172.18.0.241:52031 to ipv4:172.18.0.111:445 [2016/02/25 13:25:31.135670, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2016/02/25 13:25:31.135813, 3] smbd/oplock_linux.c:239(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2016/02/25 13:25:31.135883, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2016/02/25 13:25:31.135979, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0x2b14ce434210 [2016/02/25 13:25:31.136040, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0x2b14ce43fed0 [2016/02/25 13:25:31.136097, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x2b14ce43cbe0 [2016/02/25 13:25:31.136221, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 155 [2016/02/25 13:25:31.136293, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9b [2016/02/25 13:25:31.136342, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 159 (0 toread) [2016/02/25 13:25:31.136388, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.136415, 5] lib/util.c:342(show_msg) size=155 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=120 [2016/02/25 13:25:31.136677, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [0060] 32 00 02 53 4D 42 20 32 2E 30 30 32 00 02 53 4D 2..SMB 2 .002..SM [0070] 42 20 32 2E 3F 3F 3F 00 B 2.???. [2016/02/25 13:25:31.137128, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 4881) conn 0x0 [2016/02/25 13:25:31.137202, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.137267, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.137322, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.137412, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:31.138088, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2016/02/25 13:25:31.138168, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2016/02/25 13:25:31.138224, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2016/02/25 13:25:31.138276, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2016/02/25 13:25:31.138326, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2016/02/25 13:25:31.138375, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2016/02/25 13:25:31.138424, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [SMB 2.002] [2016/02/25 13:25:31.138497, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [SMB 2.???] [2016/02/25 13:25:31.138553, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Win2K' [2016/02/25 13:25:31.138657, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 25 12:41:16 2016 [2016/02/25 13:25:31.138767, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 11130000FFFFFFFF [2016/02/25 13:25:31.138868, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b14c6126ef0 [2016/02/25 13:25:31.138923, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 11130000FFFFFFFF [2016/02/25 13:25:31.139014, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 25 12:41:16 2016 [2016/02/25 13:25:31.139166, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2016/02/25 13:25:31.139217, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2016/02/25 13:25:31.139263, 5] smbd/negprot.c:711(reply_negprot) negprot index=5 [2016/02/25 13:25:31.139310, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.139338, 5] lib/util.c:342(show_msg) size=181 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 4352 (0x1100) smb_vwv[ 8]= 19 (0x13) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]=65152 (0xFE80) smb_vwv[12]= 3753 (0xEA9) smb_vwv[13]=51102 (0xC79E) smb_vwv[14]=53615 (0xD16F) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=112 [2016/02/25 13:25:31.139963, 10] ../lib/util/util.c:415(dump_data) [0000] 73 75 6E 65 77 73 70 69 6C 6F 74 30 34 00 00 00 sunewspi lot04... [0010] 60 5E 06 06 2B 06 01 05 05 02 A0 54 30 52 A0 24 `^..+... ...T0R.$ [0020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [0030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [0040] 37 02 02 0A A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 7....*0( .&.$not_ [0050] 64 65 66 69 6E 65 64 5F 69 6E 5F 52 46 43 34 31 defined_ in_RFC41 [0060] 37 38 40 70 6C 65 61 73 65 5F 69 67 6E 6F 72 65 78@pleas e_ignore [2016/02/25 13:25:31.660900, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1948 [2016/02/25 13:25:31.661060, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x79c [2016/02/25 13:25:31.661121, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 1952 (0 toread) [2016/02/25 13:25:31.661170, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.661198, 5] lib/util.c:342(show_msg) size=1948 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 1885 (0x75D) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=1889 [2016/02/25 13:25:31.661722, 10] ../lib/util/util.c:415(dump_data) [0000] 60 82 07 59 06 06 2B 06 01 05 05 02 A0 82 07 4D `..Y..+. .......M [0010] 30 82 07 49 A0 30 30 2E 06 09 2A 86 48 82 F7 12 0..I.00. ..*.H... [0020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ [0030] 2B 06 01 04 01 82 37 02 02 1E 06 0A 2B 06 01 04 +.....7. ....+... [0040] 01 82 37 02 02 0A A2 82 07 13 04 82 07 0F 60 82 ..7..... ......`. [0050] 07 0B 06 09 2A 86 48 86 F7 12 01 02 02 01 00 6E ....*.H. .......n [0060] 82 06 FA 30 82 06 F6 A0 03 02 01 05 A1 03 02 01 ...0.... ........ [0070] 0E A2 07 03 05 00 20 00 00 00 A3 82 05 84 61 82 ...... . ......a. [0080] 05 80 30 82 05 7C A0 03 02 01 05 A1 07 1B 05 46 ..0..|.. .......F [0090] 44 2E 4E 4C A2 20 30 1E A0 03 02 01 02 A1 17 30 D.NL. 0. .......0 [00A0] 15 1B 04 63 69 66 73 1B 0D 73 75 6E 65 77 73 70 ...cifs. .sunewsp [00B0] 69 6C 6F 74 30 34 A3 82 05 48 30 82 05 44 A0 03 ilot04.. .H0..D.. [00C0] 02 01 17 A1 04 02 02 00 9D A2 82 05 35 04 82 05 ........ ....5... [00D0] 31 F2 9B F6 4A DD 31 3F B2 0E 91 88 A3 A2 AE 24 1...J.1? .......$ [00E0] 60 53 54 C9 DB 8E CD B4 95 80 FD 1A 2D 46 6D 9E `ST..... ....-Fm. [00F0] D1 73 F4 70 71 0A E7 65 DE F1 55 9E 9E F7 35 1D .s.pq..e ..U...5. [0100] 79 C2 1F D0 B5 C0 5D FC 68 E0 B7 21 F9 AD 08 37 y.....]. h..!...7 [0110] 6D FB DA 9E BC 9D DE 1D C7 08 A2 77 01 31 2C 7D m....... ...w.1,} [0120] AE 3C A8 58 CC 0D 13 72 F9 F0 26 DD 56 C6 59 B2 .<.X...r ..&.V.Y. [0130] 85 AF E2 A3 E8 01 AD 44 56 A0 FF F0 4F 5F 0F 8D .......D V...O_.. [0140] 3D 87 7F D1 BD 85 15 02 3E CD 03 BE 06 D6 0C D2 =....... >....... [0150] 3F 66 F2 CB FE E9 1E E1 A4 51 A4 A7 BC 85 C3 38 ?f...... .Q.....8 [0160] 98 40 F2 9E 41 C9 3A 3F 04 53 67 62 9D F2 12 90 .@..A.:? .Sgb.... [0170] 69 79 E5 65 19 10 21 4D 55 3D 03 03 1F 8D 29 9E iy.e..!M U=....). [0180] A0 A3 CF 8B DE 85 B8 64 E5 CE 81 26 6E 77 CC 52 .......d ...&nw.R [0190] 6C 7D 32 37 CA 0C BF 58 2D E0 AF 0F A3 DC 32 09 l}27...X -.....2. [01A0] AD C4 34 1C 65 57 56 67 43 8D E0 7D A9 87 59 70 ..4.eWVg C..}..Yp [01B0] 71 0D 10 8C 1F 22 CB 17 14 FF 20 C3 C5 22 45 1B q....".. .. .."E. [01C0] A3 94 96 C3 0A FC 42 64 14 7B 3E 1F 83 7E FB 60 ......Bd .{>..~.` [01D0] C2 61 AB 44 02 5A 31 0B 09 8E 59 59 04 C0 21 C7 .a.D.Z1. ..YY..!. [01E0] E8 6E 5D DB 71 04 17 7A 14 50 66 BC A4 0D 92 BE .n].q..z .Pf..... [01F0] FD 3C 44 3F ED 4C C8 D2 B5 9A 80 83 B4 5A 65 1C . /etc/samba/smb.conf last mod_time: Thu Feb 25 12:41:16 2016 [2016/02/25 13:25:31.776143, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user WNTHFD+infomaker [2016/02/25 13:25:31.776198, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is wnthfd+infomaker [2016/02/25 13:25:31.776252, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [WNTHFD+infomaker]! [2016/02/25 13:25:31.776937, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for infomaker [2016/02/25 13:25:31.777053, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.777117, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:31.777171, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.777218, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.777265, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.777609, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.777689, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-16582] [2016/02/25 13:25:31.777754, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-513] [2016/02/25 13:25:31.777816, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-10746] [2016/02/25 13:25:31.777922, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-14876] [2016/02/25 13:25:31.777984, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-21357] [2016/02/25 13:25:31.778046, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-23110] [2016/02/25 13:25:31.778105, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-21039] [2016/02/25 13:25:31.778163, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-20918] [2016/02/25 13:25:31.778222, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-15006] [2016/02/25 13:25:31.778281, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-23082] [2016/02/25 13:25:31.778340, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-6562] [2016/02/25 13:25:31.778423, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2138249453-1736393925-328618392-21040] [2016/02/25 13:25:31.778485, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-18-1] [2016/02/25 13:25:31.778547, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2016/02/25 13:25:31.778623, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2016/02/25 13:25:31.778682, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2016/02/25 13:25:31.778755, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2016/02/25 13:25:31.781716, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-18-1 [2016/02/25 13:25:31.781796, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-18-1 [2016/02/25 13:25:31.781856, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-18-1 to gid, ignoring it [2016/02/25 13:25:31.781971, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (33): SID[ 0]: S-1-5-21-2138249453-1736393925-328618392-16582 SID[ 1]: S-1-5-21-2138249453-1736393925-328618392-513 SID[ 2]: S-1-5-21-2138249453-1736393925-328618392-10746 SID[ 3]: S-1-5-21-2138249453-1736393925-328618392-14876 SID[ 4]: S-1-5-21-2138249453-1736393925-328618392-21357 SID[ 5]: S-1-5-21-2138249453-1736393925-328618392-23110 SID[ 6]: S-1-5-21-2138249453-1736393925-328618392-21039 SID[ 7]: S-1-5-21-2138249453-1736393925-328618392-20918 SID[ 8]: S-1-5-21-2138249453-1736393925-328618392-15006 SID[ 9]: S-1-5-21-2138249453-1736393925-328618392-23082 SID[ 10]: S-1-5-21-2138249453-1736393925-328618392-6562 SID[ 11]: S-1-5-21-2138249453-1736393925-328618392-21040 SID[ 12]: S-1-18-1 SID[ 13]: S-1-1-0 SID[ 14]: S-1-5-2 SID[ 15]: S-1-5-11 SID[ 16]: S-1-5-32-545 SID[ 17]: S-1-22-1-62213 SID[ 18]: S-1-22-2-61000 SID[ 19]: S-1-22-2-61017 SID[ 20]: S-1-22-2-61024 SID[ 21]: S-1-22-2-61107 SID[ 22]: S-1-22-2-61108 SID[ 23]: S-1-22-2-61109 SID[ 24]: S-1-22-2-61030 SID[ 25]: S-1-22-2-61034 SID[ 26]: S-1-22-2-61110 SID[ 27]: S-1-22-2-61037 SID[ 28]: S-1-22-2-61111 SID[ 29]: S-1-22-2-61104 SID[ 30]: S-1-22-2-61105 SID[ 31]: S-1-22-2-61106 SID[ 32]: S-1-22-2-61016 Privileges (0x 0): Rights (0x 0): [2016/02/25 13:25:31.782819, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 62213 Primary group is 61000 and contains 15 supplementary groups Group[ 0]: 61000 Group[ 1]: 61017 Group[ 2]: 61024 Group[ 3]: 61107 Group[ 4]: 61108 Group[ 5]: 61109 Group[ 6]: 61030 Group[ 7]: 61034 Group[ 8]: 61110 Group[ 9]: 61037 Group[ 10]: 61111 Group[ 11]: 61104 Group[ 12]: 61105 Group[ 13]: 61106 Group[ 14]: 61016 [2016/02/25 13:25:31.783218, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 101 [2016/02/25 13:25:31.783276, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (62213,61000) WNTHFD+infomaker infomaker WNTHFD guest=0 [2016/02/25 13:25:31.783327, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: WNTHFD+infomaker Real name: infomaker [2016/02/25 13:25:31.783395, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 62213 is UNIX user WNTHFD+infomaker, and will be vuid 101 [2016/02/25 13:25:31.783467, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F343838312F3130 [2016/02/25 13:25:31.783533, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b14c6106830 [2016/02/25 13:25:31.783631, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F343838312F3130 [2016/02/25 13:25:31.783714, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find WNTHFD+infomaker [2016/02/25 13:25:31.783763, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user WNTHFD+infomaker [2016/02/25 13:25:31.783808, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is wnthfd+infomaker [2016/02/25 13:25:31.783858, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [WNTHFD+infomaker]! [2016/02/25 13:25:31.783942, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'WNTHFD+infomaker' using home directory: '/home/WNTHFD/infomaker' [2016/02/25 13:25:31.784079, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 6 for infomaker [2016/02/25 13:25:31.784134, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 6 for service name infomaker [2016/02/25 13:25:31.784192, 3] param/loadparm.c:6582(lp_add_home) adding home's share [infomaker] for user 'WNTHFD+infomaker' at '/home/WNTHFD/infomaker' [2016/02/25 13:25:31.784271, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Feb 25 12:41:16 2016 [2016/02/25 13:25:31.784445, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.784481, 5] lib/util.c:342(show_msg) size=246 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=101 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 153 (0x99) smb_bcc=203 [2016/02/25 13:25:31.784794, 10] ../lib/util/util.c:415(dump_data) [0000] A1 81 96 30 81 93 A0 03 0A 01 00 A1 0B 06 09 2A ...0.... .......* [0010] 86 48 82 F7 12 01 02 02 A2 7F 04 7D 60 7B 06 09 .H...... ...}`{.. [0020] 2A 86 48 86 F7 12 01 02 02 02 00 6F 6C 30 6A A0 *.H..... ...ol0j. [0030] 03 02 01 05 A1 03 02 01 0F A2 5E 30 5C A0 03 02 ........ ..^0\... [0040] 01 17 A2 55 04 53 36 54 2F B8 D8 70 62 0D 5C 76 ...U.S6T /..pb.\v [0050] 91 06 F9 27 8F 4F 78 DB 37 24 91 D7 02 B2 1B 46 ...'.Ox. 7$.....F [0060] D7 12 47 64 38 1C 45 FE 97 36 78 AB E9 E1 F2 72 ..Gd8.E. .6x....r [0070] 40 1D FD EE E9 B0 2F 75 42 E7 8F BB 34 36 B1 ED @...../u B...46.. [0080] 62 5C 37 ED 9F 3C 71 64 57 37 16 03 E1 E3 6C C7 b\7.. domain=[SUNEWSPILOT04], name=[root] [2016/02/25 13:25:31.787443, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:31.787497, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.787545, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:31.787592, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.787636, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.787680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.787774, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2016/02/25 13:25:31.787846, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.787894, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.787974, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:31.788024, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.788068, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.788111, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.788203, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:31.788274, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:31.788343, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.788424, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2016/02/25 13:25:31.788473, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:31.789533, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user WNTHFD+infomaker [2016/02/25 13:25:31.789625, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user WNTHFD+infomaker [2016/02/25 13:25:31.789676, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is wnthfd+infomaker [2016/02/25 13:25:31.789726, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [WNTHFD+infomaker]! [2016/02/25 13:25:31.789782, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2016/02/25 13:25:31.789832, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2016/02/25 13:25:31.789906, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2016/02/25 13:25:31.790002, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2016/02/25 13:25:31.790061, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2016/02/25 13:25:31.790115, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2016/02/25 13:25:31.790165, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2016/02/25 13:25:31.790216, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2016/02/25 13:25:31.790261, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2016/02/25 13:25:31.790306, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2016/02/25 13:25:31.790397, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2016/02/25 13:25:31.790473, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2016/02/25 13:25:31.790599, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 11130000FFFFFFFFA322 [2016/02/25 13:25:31.790659, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b14c6127200 [2016/02/25 13:25:31.790748, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 11130000FFFFFFFFA322 [2016/02/25 13:25:31.790903, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2016/02/25 13:25:31.791000, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2016/02/25 13:25:31.791062, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: SUNEWSPILOT04\root => domain=[SUNEWSPILOT04], name=[root] [2016/02/25 13:25:31.791107, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:31.791155, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.791201, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:31.791245, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.791290, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.791334, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.791441, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2016/02/25 13:25:31.791517, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.791569, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.791618, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:31.791678, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.791726, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.791770, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.791853, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:31.791922, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:31.792029, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.792095, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2016/02/25 13:25:31.792141, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:31.792884, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user WNTHFD+infomaker [2016/02/25 13:25:31.792961, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user WNTHFD+infomaker [2016/02/25 13:25:31.793077, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2016/02/25 13:25:31.793151, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (62213, 61000) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.793202, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (33): SID[ 0]: S-1-5-21-2138249453-1736393925-328618392-16582 SID[ 1]: S-1-5-21-2138249453-1736393925-328618392-513 SID[ 2]: S-1-5-21-2138249453-1736393925-328618392-10746 SID[ 3]: S-1-5-21-2138249453-1736393925-328618392-14876 SID[ 4]: S-1-5-21-2138249453-1736393925-328618392-21357 SID[ 5]: S-1-5-21-2138249453-1736393925-328618392-23110 SID[ 6]: S-1-5-21-2138249453-1736393925-328618392-21039 SID[ 7]: S-1-5-21-2138249453-1736393925-328618392-20918 SID[ 8]: S-1-5-21-2138249453-1736393925-328618392-15006 SID[ 9]: S-1-5-21-2138249453-1736393925-328618392-23082 SID[ 10]: S-1-5-21-2138249453-1736393925-328618392-6562 SID[ 11]: S-1-5-21-2138249453-1736393925-328618392-21040 SID[ 12]: S-1-18-1 SID[ 13]: S-1-1-0 SID[ 14]: S-1-5-2 SID[ 15]: S-1-5-11 SID[ 16]: S-1-5-32-545 SID[ 17]: S-1-22-1-62213 SID[ 18]: S-1-22-2-61000 SID[ 19]: S-1-22-2-61017 SID[ 20]: S-1-22-2-61024 SID[ 21]: S-1-22-2-61107 SID[ 22]: S-1-22-2-61108 SID[ 23]: S-1-22-2-61109 SID[ 24]: S-1-22-2-61030 SID[ 25]: S-1-22-2-61034 SID[ 26]: S-1-22-2-61110 SID[ 27]: S-1-22-2-61037 SID[ 28]: S-1-22-2-61111 SID[ 29]: S-1-22-2-61104 SID[ 30]: S-1-22-2-61105 SID[ 31]: S-1-22-2-61106 SID[ 32]: S-1-22-2-61016 Privileges (0x 0): Rights (0x 0): [2016/02/25 13:25:31.794039, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 62213 Primary group is 61000 and contains 15 supplementary groups Group[ 0]: 61000 Group[ 1]: 61017 Group[ 2]: 61024 Group[ 3]: 61107 Group[ 4]: 61108 Group[ 5]: 61109 Group[ 6]: 61030 Group[ 7]: 61034 Group[ 8]: 61110 Group[ 9]: 61037 Group[ 10]: 61111 Group[ 11]: 61104 Group[ 12]: 61105 Group[ 13]: 61106 Group[ 14]: 61016 [2016/02/25 13:25:31.794417, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,62213), gid=(0,61000) [2016/02/25 13:25:31.794480, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.794528, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.794575, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.794651, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:31.794705, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2016/02/25 13:25:31.794768, 3] smbd/service.c:1114(make_connection_snum) 172.18.0.241 (172.18.0.241) connect to service IPC$ initially as user WNTHFD+infomaker (uid=62213, gid=61000) (pid 4881) [2016/02/25 13:25:31.794827, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2016/02/25 13:25:31.795554, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 100 [2016/02/25 13:25:31.795631, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x64 [2016/02/25 13:25:31.795680, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 104 (0 toread) [2016/02/25 13:25:31.795726, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.795753, 5] lib/util.c:342(show_msg) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4948 smb_uid=101 smb_mid=192 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [2016/02/25 13:25:31.796506, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . [2016/02/25 13:25:31.796630, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.796686, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (62213, 61000) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.796737, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (33): SID[ 0]: S-1-5-21-2138249453-1736393925-328618392-16582 SID[ 1]: S-1-5-21-2138249453-1736393925-328618392-513 SID[ 2]: S-1-5-21-2138249453-1736393925-328618392-10746 SID[ 3]: S-1-5-21-2138249453-1736393925-328618392-14876 SID[ 4]: S-1-5-21-2138249453-1736393925-328618392-21357 SID[ 5]: S-1-5-21-2138249453-1736393925-328618392-23110 SID[ 6]: S-1-5-21-2138249453-1736393925-328618392-21039 SID[ 7]: S-1-5-21-2138249453-1736393925-328618392-20918 SID[ 8]: S-1-5-21-2138249453-1736393925-328618392-15006 SID[ 9]: S-1-5-21-2138249453-1736393925-328618392-23082 SID[ 10]: S-1-5-21-2138249453-1736393925-328618392-6562 SID[ 11]: S-1-5-21-2138249453-1736393925-328618392-21040 SID[ 12]: S-1-18-1 SID[ 13]: S-1-1-0 SID[ 14]: S-1-5-2 SID[ 15]: S-1-5-11 SID[ 16]: S-1-5-32-545 SID[ 17]: S-1-22-1-62213 SID[ 18]: S-1-22-2-61000 SID[ 19]: S-1-22-2-61017 SID[ 20]: S-1-22-2-61024 SID[ 21]: S-1-22-2-61107 SID[ 22]: S-1-22-2-61108 SID[ 23]: S-1-22-2-61109 SID[ 24]: S-1-22-2-61030 SID[ 25]: S-1-22-2-61034 SID[ 26]: S-1-22-2-61110 SID[ 27]: S-1-22-2-61037 SID[ 28]: S-1-22-2-61111 SID[ 29]: S-1-22-2-61104 SID[ 30]: S-1-22-2-61105 SID[ 31]: S-1-22-2-61106 SID[ 32]: S-1-22-2-61016 Privileges (0x 0): Rights (0x 0): [2016/02/25 13:25:31.797557, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 62213 Primary group is 61000 and contains 15 supplementary groups Group[ 0]: 61000 Group[ 1]: 61017 Group[ 2]: 61024 Group[ 3]: 61107 Group[ 4]: 61108 Group[ 5]: 61109 Group[ 6]: 61030 Group[ 7]: 61034 Group[ 8]: 61110 Group[ 9]: 61037 Group[ 10]: 61111 Group[ 11]: 61104 Group[ 12]: 61105 Group[ 13]: 61106 Group[ 14]: 61016 [2016/02/25 13:25:31.797934, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,62213), gid=(0,61000) [2016/02/25 13:25:31.797995, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2016/02/25 13:25:31.798125, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc [2016/02/25 13:25:31.798191, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \srvsvc. [2016/02/25 13:25:31.798267, 5] smbd/files.c:140(file_new) allocated file structure 8618, fnum = 12714 (1 used) [2016/02/25 13:25:31.798323, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/srvsvc hash 0x8e98a76a [2016/02/25 13:25:31.798426, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \srvsvc [2016/02/25 13:25:31.798517, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \srvsvc [2016/02/25 13:25:31.798570, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \srvsvc [2016/02/25 13:25:31.798635, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \srvsvc (pipes_open=0) [2016/02/25 13:25:31.798690, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \srvsvc [2016/02/25 13:25:31.799137, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2016/02/25 13:25:31.799213, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2016/02/25 13:25:31.799262, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 76 (0 toread) [2016/02/25 13:25:31.799324, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.799354, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=4948 smb_uid=101 smb_mid=256 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2016/02/25 13:25:31.799897, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 AA 31 ED 03 ....1.. [2016/02/25 13:25:31.799969, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.800021, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:31.800126, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2016/02/25 13:25:31.800183, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2016/02/25 13:25:31.800229, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.800256, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=4948 smb_uid=101 smb_mid=256 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2016/02/25 13:25:31.800693, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2016/02/25 13:25:31.801722, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2016/02/25 13:25:31.801801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2016/02/25 13:25:31.801850, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 228 (0 toread) [2016/02/25 13:25:31.801897, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.801925, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=12714 (0x31AA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2016/02/25 13:25:31.802482, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 C8 4F 32 .+.H`... ......O2 [0050] 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 03 00 00 Kp....xZ G.n..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 C8 4F 32 4B 70 16 D3 6....... ..O2Kp.. [0080] 01 12 78 5A 47 BF 6E E1 88 03 00 00 00 2C 1C B7 ..xZG.n. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2016/02/25 13:25:31.802990, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.803081, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:31.803162, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 31aa name: srvsvc len: 160 [2016/02/25 13:25:31.803214, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2016/02/25 13:25:31.803261, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2016/02/25 13:25:31.803309, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2016/02/25 13:25:31.803373, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2016/02/25 13:25:31.803435, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2016/02/25 13:25:31.803484, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2016/02/25 13:25:31.803532, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2016/02/25 13:25:31.803598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2016/02/25 13:25:31.803650, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2016/02/25 13:25:31.803695, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2016/02/25 13:25:31.803745, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2016/02/25 13:25:31.803816, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 4b324fc8-1670-01d3-1278-5a47bf6ee188 if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2016/02/25 13:25:31.805101, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2016/02/25 13:25:31.805183, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc [2016/02/25 13:25:31.805240, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2016/02/25 13:25:31.805288, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \srvsvc [2016/02/25 13:25:31.805336, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc [2016/02/25 13:25:31.805427, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\srvsvc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2016/02/25 13:25:31.806175, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2016/02/25 13:25:31.806247, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2016/02/25 13:25:31.806829, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2016/02/25 13:25:31.806913, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2016/02/25 13:25:31.806962, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 63 (0 toread) [2016/02/25 13:25:31.807009, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.807037, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=12714 (0x31AA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2016/02/25 13:25:31.807620, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:31.807658, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.807709, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:31.807765, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \srvsvc len: 1024 [2016/02/25 13:25:31.807818, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2016/02/25 13:25:31.807868, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 28 [2016/02/25 13:25:31.807928, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2016/02/25 13:25:31.807978, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2016/02/25 13:25:31.808574, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 164 [2016/02/25 13:25:31.808656, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2016/02/25 13:25:31.808706, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 168 (0 toread) [2016/02/25 13:25:31.808753, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.808781, 5] lib/util.c:342(show_msg) size=164 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=448 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=12714 (0x31AA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 100 (0x64) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 100 (0x64) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=101 [2016/02/25 13:25:31.809324, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... [0010] 00 4C 00 00 00 00 00 0F 00 00 00 02 00 10 00 00 .L...... ........ [0020] 00 00 00 00 00 10 00 00 00 5C 00 5C 00 53 00 55 ........ .\.\.S.U [0030] 00 4E 00 45 00 57 00 53 00 50 00 49 00 4C 00 4F .N.E.W.S .P.I.L.O [0040] 00 54 00 30 00 34 00 00 00 01 00 00 00 01 00 00 .T.0.4.. ........ [0050] 00 04 00 02 00 00 00 00 00 00 00 00 00 FF FF FF ........ ........ [0060] FF 00 00 00 00 ..... [2016/02/25 13:25:31.809655, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.809709, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:31.809760, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 31aa name: srvsvc len: 100 [2016/02/25 13:25:31.809811, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 100 [2016/02/25 13:25:31.809860, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 100 [2016/02/25 13:25:31.809906, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 100 [2016/02/25 13:25:31.809952, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2016/02/25 13:25:31.809999, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2016/02/25 13:25:31.810045, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 84 [2016/02/25 13:25:31.810089, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 84 [2016/02/25 13:25:31.810163, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2016/02/25 13:25:31.810242, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 84 [2016/02/25 13:25:31.810289, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 84, incoming data = 84 [2016/02/25 13:25:31.810336, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2016/02/25 13:25:31.810412, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0064 (100) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x000f (15) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=76 [0000] 00 00 02 00 10 00 00 00 00 00 00 00 10 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 55 00 4E 00 45 00 57 00 53 00 \.\.S.U. N.E.W.S. [0020] 50 00 49 00 4C 00 4F 00 54 00 30 00 34 00 00 00 P.I.L.O. T.0.4... [0030] 01 00 00 00 01 00 00 00 04 00 02 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 FF FF FF FF 00 00 00 00 ........ .... [2016/02/25 13:25:31.811234, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2016/02/25 13:25:31.811289, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2016/02/25 13:25:31.811345, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\srvsvc [2016/02/25 13:25:31.811417, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \srvsvc op 0xf - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL [2016/02/25 13:25:31.811474, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[15].fn == 0x2b14c57d73ed [2016/02/25 13:25:31.811559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll in: struct srvsvc_NetShareEnumAll server_unc : * server_unc : '\\SUNEWSPILOT04' info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level : 0x00000001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000000 (0) array : NULL max_buffer : 0xffffffff (4294967295) resume_handle : NULL [2016/02/25 13:25:31.811932, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1381(_srvsvc_NetShareEnumAll) _srvsvc_NetShareEnumAll: 1381 [2016/02/25 13:25:31.811991, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:567(init_srv_share_info_ctr) init_srv_share_info_ctr [2016/02/25 13:25:31.812039, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(62213, 61000) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.812093, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:31.812139, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:31.812225, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:31.812288, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:31.812385, 8] smbd/service.c:248(load_registry_shares) load_registry_shares() [2016/02/25 13:25:31.812448, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (62213, 61000) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:31.812503, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:590(init_srv_share_info_ctr) NOT counting service homes [2016/02/25 13:25:31.812557, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:590(init_srv_share_info_ctr) NOT counting service printers [2016/02/25 13:25:31.812608, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) counting service public [2016/02/25 13:25:31.812656, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) counting service newspilotFStest [2016/02/25 13:25:31.812720, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) counting service newspilotpluginstest [2016/02/25 13:25:31.812768, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) counting service IPC$ [2016/02/25 13:25:31.812815, 10] rpc_server/srvsvc/srv_srvsvc_nt.c:585(init_srv_share_info_ctr) counting service infomaker [2016/02/25 13:25:31.812898, 5] rpc_server/srvsvc/srv_srvsvc_nt.c:1395(_srvsvc_NetShareEnumAll) _srvsvc_NetShareEnumAll: 1395 [2016/02/25 13:25:31.812946, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) srvsvc_NetShareEnumAll: struct srvsvc_NetShareEnumAll out: struct srvsvc_NetShareEnumAll info_ctr : * info_ctr: struct srvsvc_NetShareInfoCtr level : 0x00000001 (1) ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000005 (5) array : * array: ARRAY(5) array: struct srvsvc_NetShareInfo1 name : * name : 'public' type : STYPE_DISKTREE (0x0) comment : * comment : 'Public Stuff' array: struct srvsvc_NetShareInfo1 name : * name : 'newspilotFStest' type : STYPE_DISKTREE (0x0) comment : * comment : 'newspilot' array: struct srvsvc_NetShareInfo1 name : * name : 'newspilotpluginstest' type : STYPE_DISKTREE (0x0) comment : * comment : 'newspilot-profiles' array: struct srvsvc_NetShareInfo1 name : * name : 'IPC$' type : STYPE_IPC_HIDDEN (0x80000003) comment : * comment : 'IPC Service ("SUNEWSPILOT04 " newspilot server)' array: struct srvsvc_NetShareInfo1 name : * name : 'infomaker' type : STYPE_DISKTREE (0x0) comment : * comment : 'Home Directories' totalentries : * totalentries : 0x00000005 (5) resume_handle : NULL result : WERR_OK [2016/02/25 13:25:31.814135, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \srvsvc successfully [2016/02/25 13:25:31.814239, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 84 [2016/02/25 13:25:31.814307, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=100 [2016/02/25 13:25:31.814963, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2016/02/25 13:25:31.815038, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2016/02/25 13:25:31.815087, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 63 (0 toread) [2016/02/25 13:25:31.815134, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.815161, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=12714 (0x31AA) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2016/02/25 13:25:31.815682, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:31.815719, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.815770, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:31.815825, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \srvsvc len: 1024 [2016/02/25 13:25:31.815879, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 560. [2016/02/25 13:25:31.815944, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0248 (584) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000230 (560) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=560 [0000] 01 00 00 00 01 00 00 00 08 00 02 00 05 00 00 00 ........ ........ [0010] 0C 00 02 00 05 00 00 00 10 00 02 00 00 00 00 00 ........ ........ [0020] 14 00 02 00 18 00 02 00 00 00 00 00 1C 00 02 00 ........ ........ [0030] 20 00 02 00 00 00 00 00 24 00 02 00 28 00 02 00 ....... $...(... [0040] 03 00 00 80 2C 00 02 00 30 00 02 00 00 00 00 00 ....,... 0....... [0050] 34 00 02 00 07 00 00 00 00 00 00 00 07 00 00 00 4....... ........ [0060] 70 00 75 00 62 00 6C 00 69 00 63 00 00 00 00 00 p.u.b.l. i.c..... [0070] 0D 00 00 00 00 00 00 00 0D 00 00 00 50 00 75 00 ........ ....P.u. [0080] 62 00 6C 00 69 00 63 00 20 00 53 00 74 00 75 00 b.l.i.c. .S.t.u. [0090] 66 00 66 00 00 00 00 00 10 00 00 00 00 00 00 00 f.f..... ........ [00A0] 10 00 00 00 6E 00 65 00 77 00 73 00 70 00 69 00 ....n.e. w.s.p.i. [00B0] 6C 00 6F 00 74 00 46 00 53 00 74 00 65 00 73 00 l.o.t.F. S.t.e.s. [00C0] 74 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 t....... ........ [00D0] 6E 00 65 00 77 00 73 00 70 00 69 00 6C 00 6F 00 n.e.w.s. p.i.l.o. [00E0] 74 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 t....... ........ [00F0] 6E 00 65 00 77 00 73 00 70 00 69 00 6C 00 6F 00 n.e.w.s. p.i.l.o. [0100] 74 00 70 00 6C 00 75 00 67 00 69 00 6E 00 73 00 t.p.l.u. g.i.n.s. [0110] 74 00 65 00 73 00 74 00 00 00 00 00 13 00 00 00 t.e.s.t. ........ [0120] 00 00 00 00 13 00 00 00 6E 00 65 00 77 00 73 00 ........ n.e.w.s. [0130] 70 00 69 00 6C 00 6F 00 74 00 2D 00 70 00 72 00 p.i.l.o. t.-.p.r. [0140] 6F 00 66 00 69 00 6C 00 65 00 73 00 00 00 00 00 o.f.i.l. e.s..... [0150] 05 00 00 00 00 00 00 00 05 00 00 00 49 00 50 00 ........ ....I.P. [0160] 43 00 24 00 00 00 00 00 30 00 00 00 00 00 00 00 C.$..... 0....... [0170] 30 00 00 00 49 00 50 00 43 00 20 00 53 00 65 00 0...I.P. C. .S.e. [0180] 72 00 76 00 69 00 63 00 65 00 20 00 28 00 22 00 r.v.i.c. e. .(.". [0190] 53 00 55 00 4E 00 45 00 57 00 53 00 50 00 49 00 S.U.N.E. W.S.P.I. [01A0] 4C 00 4F 00 54 00 30 00 34 00 20 00 22 00 20 00 L.O.T.0. 4. .". . [01B0] 6E 00 65 00 77 00 73 00 70 00 69 00 6C 00 6F 00 n.e.w.s. p.i.l.o. [01C0] 74 00 20 00 73 00 65 00 72 00 76 00 65 00 72 00 t. .s.e. r.v.e.r. [01D0] 29 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 )....... ........ [01E0] 69 00 6E 00 66 00 6F 00 6D 00 61 00 6B 00 65 00 i.n.f.o. m.a.k.e. [01F0] 72 00 00 00 11 00 00 00 00 00 00 00 11 00 00 00 r....... ........ [0200] 48 00 6F 00 6D 00 65 00 20 00 44 00 69 00 72 00 H.o.m.e. .D.i.r. [0210] 65 00 63 00 74 00 6F 00 72 00 69 00 65 00 73 00 e.c.t.o. r.i.e.s. [0220] 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2016/02/25 13:25:31.818447, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 385 [2016/02/25 13:25:31.818518, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 584 bytes. There is no more data outstanding [2016/02/25 13:25:31.818571, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=584 [2016/02/25 13:25:31.819194, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2016/02/25 13:25:31.819300, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2016/02/25 13:25:31.819351, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 45 (0 toread) [2016/02/25 13:25:31.819422, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.819452, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=3 smb_vwv[ 0]=12714 (0x31AA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2016/02/25 13:25:31.819750, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:31.819783, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:31.819833, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:31.819886, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=12714 (numopen=1) [2016/02/25 13:25:31.819939, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2016/02/25 13:25:31.820015, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \srvsvc [2016/02/25 13:25:31.820091, 5] smbd/files.c:482(file_free) freed files structure 12714 (0 used) [2016/02/25 13:25:31.820146, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:31.820173, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=0 smb_bcc=0 [2016/02/25 13:25:31.820473, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:34.104059, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 132 [2016/02/25 13:25:34.104183, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x84 [2016/02/25 13:25:34.104220, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 136 (0 toread) [2016/02/25 13:25:34.104253, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:34.104271, 5] lib/util.c:342(show_msg) size=132 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=9680 smb_uid=101 smb_mid=640 smt_wct=15 smb_vwv[ 0]= 64 (0x40) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 64 (0x40) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=67 [2016/02/25 13:25:34.104595, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 04 00 5C 00 73 00 75 00 6E 00 65 00 77 .....\.s .u.n.e.w [0010] 00 73 00 70 00 69 00 6C 00 6F 00 74 00 30 00 34 .s.p.i.l .o.t.0.4 [0020] 00 5C 00 6E 00 65 00 77 00 73 00 70 00 69 00 6C .\.n.e.w .s.p.i.l [0030] 00 6F 00 74 00 66 00 73 00 74 00 65 00 73 00 74 .o.t.f.s .t.e.s.t [0040] 00 00 00 ... [2016/02/25 13:25:34.104728, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:34.104752, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2016/02/25 13:25:34.104776, 10] smbd/trans2.c:8339(call_trans2getdfsreferral) call_trans2getdfsreferral [2016/02/25 13:25:34.104819, 10] smbd/msdfs.c:113(parse_dfs_path) parse_dfs_path: temp = |sunewspilot04\newspilotfstest| after trimming \'s [2016/02/25 13:25:34.104844, 10] smbd/msdfs.c:138(parse_dfs_path) parse_dfs_path: hostname: sunewspilot04 [2016/02/25 13:25:34.104864, 10] smbd/msdfs.c:180(parse_dfs_path) parse_dfs_path: servicename: newspilotfstest [2016/02/25 13:25:34.104892, 3] smbd/msdfs.c:891(get_referred_path) get_referred_path: |newspilotfstest| in dfs path \sunewspilot04\newspilotfstest is not a dfs root. [2016/02/25 13:25:34.104917, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(8361) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2016/02/25 13:25:34.104941, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:34.104952, 5] lib/util.c:342(show_msg) size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=9680 smb_uid=101 smb_mid=640 smt_wct=0 smb_bcc=0 [2016/02/25 13:25:34.105051, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:34.105478, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 114 [2016/02/25 13:25:34.105519, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2016/02/25 13:25:34.105541, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 118 (0 toread) [2016/02/25 13:25:34.105561, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:34.105572, 5] lib/util.c:342(show_msg) size=114 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 114 (0x72) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=71 [2016/02/25 13:25:34.105724, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 53 00 55 00 4E 00 45 00 57 00 53 .\.\.S.U .N.E.W.S [0010] 00 50 00 49 00 4C 00 4F 00 54 00 30 00 34 00 5C .P.I.L.O .T.0.4.\ [0020] 00 4E 00 45 00 57 00 53 00 50 00 49 00 4C 00 4F .N.E.W.S .P.I.L.O [0030] 00 54 00 46 00 53 00 54 00 45 00 53 00 54 00 00 .T.F.S.T .E.S.T.. [0040] 00 3F 3F 3F 3F 3F 00 .?????. [2016/02/25 13:25:34.105842, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 4881) conn 0x0 [2016/02/25 13:25:34.105863, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.105883, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.105902, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.105938, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:34.105967, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [NEWSPILOTFSTEST] [2016/02/25 13:25:34.105996, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service newspilotfstest [2016/02/25 13:25:34.106022, 3] lib/access.c:338(allow_access) Allowed connection from 172.18.0.241 (172.18.0.241) [2016/02/25 13:25:34.106048, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2016/02/25 13:25:34.106072, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: SUNEWSPILOT04\root => domain=[SUNEWSPILOT04], name=[root] [2016/02/25 13:25:34.106104, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:34.106127, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.106149, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.106168, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.106188, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.106206, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.106249, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2016/02/25 13:25:34.106279, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.106300, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.106319, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.106337, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.106356, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.106373, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.106412, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.106442, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.106471, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.106493, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2016/02/25 13:25:34.106511, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:34.106967, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+lg_fs_newspilot is not in a valid format [2016/02/25 13:25:34.107009, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\lg_fs_newspilot => domain=[WNTHFD], name=[lg_fs_newspilot] [2016/02/25 13:25:34.107032, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.108014, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+LG_FS_NEWSPILOT is not in a valid format [2016/02/25 13:25:34.108048, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\LG_FS_NEWSPILOT => domain=[WNTHFD], name=[LG_FS_NEWSPILOT] [2016/02/25 13:25:34.108070, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.108181, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+svc_SWPREMEDIA01 is not in a valid format [2016/02/25 13:25:34.108209, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\svc_SWPREMEDIA01 => domain=[WNTHFD], name=[svc_SWPREMEDIA01] [2016/02/25 13:25:34.108229, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.108850, 5] smbd/share_access.c:127(token_contains_name) WNTHFD+svc_SWPREMEDIA01 is a User, expected a group [2016/02/25 13:25:34.108885, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+Redactie is not in a valid format [2016/02/25 13:25:34.108907, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\Redactie => domain=[WNTHFD], name=[Redactie] [2016/02/25 13:25:34.108927, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.109542, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+smbBeeld is not in a valid format [2016/02/25 13:25:34.109574, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\smbBeeld => domain=[WNTHFD], name=[smbBeeld] [2016/02/25 13:25:34.109596, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.110247, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+smbOpmaak is not in a valid format [2016/02/25 13:25:34.110280, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\smbOpmaak => domain=[WNTHFD], name=[smbOpmaak] [2016/02/25 13:25:34.110300, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.110983, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+smbAdver is not in a valid format [2016/02/25 13:25:34.111014, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\smbAdver => domain=[WNTHFD], name=[smbAdver] [2016/02/25 13:25:34.111035, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.111685, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+uitleen is not in a valid format [2016/02/25 13:25:34.111716, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\uitleen => domain=[WNTHFD], name=[uitleen] [2016/02/25 13:25:34.111736, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.112348, 5] smbd/share_access.c:127(token_contains_name) WNTHFD+uitleen is a User, expected a group [2016/02/25 13:25:34.112382, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID WNTHFD+zadelhoff is not in a valid format [2016/02/25 13:25:34.112403, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\zadelhoff => domain=[WNTHFD], name=[zadelhoff] [2016/02/25 13:25:34.112424, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:34.121861, 10] lib/util_wellknown.c:152(lookup_wellknown_name) map_name_to_wellknown_sid: looking up zadelhoff [2016/02/25 13:25:34.121907, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.121929, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.121949, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.121975, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.121995, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.122045, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_zadelhoff [2016/02/25 13:25:34.122088, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.122112, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.122133, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.122153, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.122173, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.122192, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.122229, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.122259, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.122288, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.122399, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user zadelhoff [2016/02/25 13:25:34.122425, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is zadelhoff [2016/02/25 13:25:34.122537, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ZADELHOFF [2016/02/25 13:25:34.122653, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in zadelhoff [2016/02/25 13:25:34.122680, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [zadelhoff]! [2016/02/25 13:25:34.123607, 5] smbd/share_access.c:104(token_contains_name) lookup_name WNTHFD+zadelhoff failed [2016/02/25 13:25:34.123640, 10] smbd/share_access.c:219(user_ok_token) User WNTHFD+infomaker not in 'valid users' [2016/02/25 13:25:34.123660, 2] smbd/service.c:627(create_connection_session_info) user 'WNTHFD+infomaker' (from session setup) not permitted to access this share (newspilotFStest) [2016/02/25 13:25:34.123684, 1] smbd/service.c:805(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2016/02/25 13:25:34.123709, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2016/02/25 13:25:34.123730, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:34.123742, 5] lib/util.c:342(show_msg) size=35 smb_com=0x75 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=0 smb_bcc=0 [2016/02/25 13:25:34.123841, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:34.124283, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 114 [2016/02/25 13:25:34.124314, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2016/02/25 13:25:34.124335, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 118 (0 toread) [2016/02/25 13:25:34.124354, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:34.124366, 5] lib/util.c:342(show_msg) size=114 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 114 (0x72) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=71 [2016/02/25 13:25:34.124500, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 53 00 55 00 4E 00 45 00 57 00 53 .\.\.S.U .N.E.W.S [0010] 00 50 00 49 00 4C 00 4F 00 54 00 30 00 34 00 5C .P.I.L.O .T.0.4.\ [0020] 00 4E 00 45 00 57 00 53 00 50 00 49 00 4C 00 4F .N.E.W.S .P.I.L.O [0030] 00 54 00 46 00 53 00 54 00 45 00 53 00 54 00 00 .T.F.S.T .E.S.T.. [0040] 00 3F 3F 3F 3F 3F 00 .?????. [2016/02/25 13:25:34.124593, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 4881) conn 0x0 [2016/02/25 13:25:34.124622, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.124642, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.124660, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.124690, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:34.124715, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [NEWSPILOTFSTEST] [2016/02/25 13:25:34.124742, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service newspilotfstest [2016/02/25 13:25:34.124765, 3] lib/access.c:338(allow_access) Allowed connection from 172.18.0.241 (172.18.0.241) [2016/02/25 13:25:34.124789, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2016/02/25 13:25:34.124811, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: SUNEWSPILOT04\root => domain=[SUNEWSPILOT04], name=[root] [2016/02/25 13:25:34.124829, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:34.124849, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.124869, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.124887, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.124906, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.124924, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.124958, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2016/02/25 13:25:34.124988, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.125016, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.125035, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.125054, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.125082, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.125103, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.125139, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.125170, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.125201, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.125223, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2016/02/25 13:25:34.125242, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:34.125526, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+lg_fs_newspilot is not in a valid format [2016/02/25 13:25:34.125564, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\lg_fs_newspilot => domain=[WNTHFD], name=[lg_fs_newspilot] [2016/02/25 13:25:34.125586, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.125694, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+LG_FS_NEWSPILOT is not in a valid format [2016/02/25 13:25:34.125734, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\LG_FS_NEWSPILOT => domain=[WNTHFD], name=[LG_FS_NEWSPILOT] [2016/02/25 13:25:34.125755, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.125853, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+svc_SWPREMEDIA01 is not in a valid format [2016/02/25 13:25:34.125880, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\svc_SWPREMEDIA01 => domain=[WNTHFD], name=[svc_SWPREMEDIA01] [2016/02/25 13:25:34.125900, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.125987, 5] smbd/share_access.c:127(token_contains_name) WNTHFD+svc_SWPREMEDIA01 is a User, expected a group [2016/02/25 13:25:34.126022, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+Redactie is not in a valid format [2016/02/25 13:25:34.126044, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\Redactie => domain=[WNTHFD], name=[Redactie] [2016/02/25 13:25:34.126063, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.126176, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+smbBeeld is not in a valid format [2016/02/25 13:25:34.126203, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\smbBeeld => domain=[WNTHFD], name=[smbBeeld] [2016/02/25 13:25:34.126223, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.126310, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+smbOpmaak is not in a valid format [2016/02/25 13:25:34.126336, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\smbOpmaak => domain=[WNTHFD], name=[smbOpmaak] [2016/02/25 13:25:34.126355, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.126438, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+smbAdver is not in a valid format [2016/02/25 13:25:34.126464, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\smbAdver => domain=[WNTHFD], name=[smbAdver] [2016/02/25 13:25:34.126483, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.126568, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID +WNTHFD+uitleen is not in a valid format [2016/02/25 13:25:34.126602, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\uitleen => domain=[WNTHFD], name=[uitleen] [2016/02/25 13:25:34.126622, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x077 [2016/02/25 13:25:34.126710, 5] smbd/share_access.c:127(token_contains_name) WNTHFD+uitleen is a User, expected a group [2016/02/25 13:25:34.126737, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID WNTHFD+zadelhoff is not in a valid format [2016/02/25 13:25:34.126758, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WNTHFD\zadelhoff => domain=[WNTHFD], name=[zadelhoff] [2016/02/25 13:25:34.126778, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2016/02/25 13:25:34.126868, 10] lib/util_wellknown.c:152(lookup_wellknown_name) map_name_to_wellknown_sid: looking up zadelhoff [2016/02/25 13:25:34.126896, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.126917, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.126936, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.126956, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.126975, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.127017, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_zadelhoff [2016/02/25 13:25:34.127049, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.127079, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.127109, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2016/02/25 13:25:34.127130, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/02/25 13:25:34.127150, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:34.127170, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:34.127206, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.127235, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2016/02/25 13:25:34.127265, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:34.127372, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user zadelhoff [2016/02/25 13:25:34.127398, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is zadelhoff [2016/02/25 13:25:34.127495, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ZADELHOFF [2016/02/25 13:25:34.127589, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in zadelhoff [2016/02/25 13:25:34.127615, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [zadelhoff]! [2016/02/25 13:25:34.127937, 5] smbd/share_access.c:104(token_contains_name) lookup_name WNTHFD+zadelhoff failed [2016/02/25 13:25:34.127968, 10] smbd/share_access.c:219(user_ok_token) User WNTHFD+infomaker not in 'valid users' [2016/02/25 13:25:34.127988, 2] smbd/service.c:627(create_connection_session_info) user 'WNTHFD+infomaker' (from session setup) not permitted to access this share (newspilotFStest) [2016/02/25 13:25:34.128010, 1] smbd/service.c:805(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2016/02/25 13:25:34.128041, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2016/02/25 13:25:34.128063, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:34.128085, 5] lib/util.c:342(show_msg) size=35 smb_com=0x75 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=0 smb_bcc=0 [2016/02/25 13:25:34.128186, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:44.985142, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2016/02/25 13:25:44.985318, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2016/02/25 13:25:44.985376, 3] smbd/process.c:1662(process_smb) Transaction 13 of length 39 (0 toread) [2016/02/25 13:25:44.985425, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:44.985455, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=0 smb_bcc=0 [2016/02/25 13:25:44.985841, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:44.985882, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 4881) conn 0x2b14ce43de50 [2016/02/25 13:25:44.985937, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:44.985989, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:44.986037, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:44.986118, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:44.986178, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:44.986223, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:44.986267, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:44.986376, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:44.986425, 3] smbd/service.c:1378(close_cnum) 172.18.0.241 (172.18.0.241) closed connection to service IPC$ [2016/02/25 13:25:44.986482, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2016/02/25 13:25:44.986650, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 11130000FFFFFFFFA322 [2016/02/25 13:25:44.986798, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b14c61268f0 [2016/02/25 13:25:44.986892, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 11130000FFFFFFFFA322 [2016/02/25 13:25:44.987025, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2016/02/25 13:25:44.987083, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:44.987133, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:44.987177, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:44.987248, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:44.987312, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:44.987340, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=0 smb_bcc=0 [2016/02/25 13:25:44.987619, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:44.988015, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 39 [2016/02/25 13:25:44.988092, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x27 [2016/02/25 13:25:44.988141, 3] smbd/process.c:1662(process_smb) Transaction 14 of length 43 (0 toread) [2016/02/25 13:25:44.988187, 5] lib/util.c:332(show_msg) [2016/02/25 13:25:44.988214, 5] lib/util.c:342(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=8167 smb_pid=65279 smb_uid=101 smb_mid=896 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2016/02/25 13:25:44.988495, 10] ../lib/util/util.c:415(dump_data) [2016/02/25 13:25:44.988525, 3] smbd/process.c:1467(switch_message) switch message SMBulogoffX (pid 4881) conn 0x0 [2016/02/25 13:25:44.988573, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:44.988671, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:44.988720, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:44.988843, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:44.988908, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F343838312F3130 [2016/02/25 13:25:44.988970, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b14ce43ce40 [2016/02/25 13:25:44.989033, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F343838312F3130 [2016/02/25 13:25:44.989102, 3] smbd/reply.c:2096(reply_ulogoffX) ulogoffX vuid=101 [2016/02/25 13:25:44.990068, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 172.18.0.241 read error = NT_STATUS_CONNECTION_RESET. [2016/02/25 13:25:44.990147, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/02/25 13:25:44.990196, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/02/25 13:25:44.990242, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/02/25 13:25:44.990314, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/02/25 13:25:44.990503, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request)