The Samba-Bugzilla – Attachment 12050 Details for
Bug 11865
usrmgr.exe from WRTK is no longer working
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Samba Log - Level 10
20160430.samba_debug_level 10.log (text/plain), 555.85 KB, created by
Stasiak, Krzysztof
on 2016-04-30 10:58:30 UTC
(
hide
)
Description:
Samba Log - Level 10
Filename:
MIME Type:
Creator:
Stasiak, Krzysztof
Created:
2016-04-30 10:58:30 UTC
Size:
555.85 KB
patch
obsolete
> Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.327023, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.327061, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.327068, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 747, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.327074, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.327080, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 160 >[2016/04/30 10:52:40.327085, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 160 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 160 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.327117, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 160 >[2016/04/30 10:52:40.327123, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.327144, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.327150, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.327155, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.327160, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.327165, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 >[2016/04/30 10:52:40.327170, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.327175, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.327182, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.327190, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.327200, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.327205, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.327289, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.327325, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.327331, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.327335, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.327341, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.327349, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x001e (30) > name_size : 0x001e (30) > name : * > name : 'KeyboardLayout' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000004 (4) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.327403, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.327422, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2016/04/30 10:52:40.327428, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.327434, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/30 10:52:40.327439, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/30 10:52:40.327468, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.327476, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.327485, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0010 (16) > call_id : 0x0000002d (45) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 1C 00 02 00 00 00 00 00 ........ ........ > [0020] 20 00 02 00 00 00 00 00 02 00 00 00 ....... .... >[2016/04/30 10:52:40.327589, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.327609, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.327615, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 44 bytes >[2016/04/30 10:52:40.327620, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/04/30 10:52:40.327643, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/04/30 10:52:40.327658, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 96 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.327664, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 96 status NT_STATUS_OK >[2016/04/30 10:52:40.327668, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:96] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.327674, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/748/127 >[2016/04/30 10:52:40.328057, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.328074, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 748 (position 748) from bitmap >[2016/04/30 10:52:40.328079, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 748 >[2016/04/30 10:52:40.328085, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.328090, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.328169, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.328201, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.328206, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 748, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.328211, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.328216, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 176 >[2016/04/30 10:52:40.328221, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 176 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 176 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.328246, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 176 >[2016/04/30 10:52:40.328252, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.328268, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.328273, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.328277, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.328282, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.328286, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8 >[2016/04/30 10:52:40.328291, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.328295, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.328304, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.328310, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.328316, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.328320, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.328395, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.328426, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.328431, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.328435, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.328440, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.328446, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x0026 (38) > name_size : 0x0026 (38) > name : * > name : 'MinEncryptionLevel' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000004 (4) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.328492, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.328509, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2016/04/30 10:52:40.328514, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.328519, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/30 10:52:40.328523, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/30 10:52:40.328547, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.328555, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.328562, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0010 (16) > call_id : 0x0000002e (46) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 1C 00 02 00 00 00 00 00 ........ ........ > [0020] 20 00 02 00 00 00 00 00 02 00 00 00 ....... .... >[2016/04/30 10:52:40.328663, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.328682, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.328689, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 44 bytes >[2016/04/30 10:52:40.328693, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/04/30 10:52:40.328715, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/04/30 10:52:40.328722, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 96 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.328728, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 96 status NT_STATUS_OK >[2016/04/30 10:52:40.328733, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:96] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.328739, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/749/127 >[2016/04/30 10:52:40.329241, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.329255, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 749 (position 749) from bitmap >[2016/04/30 10:52:40.329261, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 749 >[2016/04/30 10:52:40.329268, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.329275, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.329364, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.329402, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.329409, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 749, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.329415, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.329421, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.329425, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.329457, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.329463, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.329483, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.329489, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.329494, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.329499, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.329504, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.329513, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.329518, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.329525, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.329532, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.329538, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.329543, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.329628, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.329663, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.329669, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.329674, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x1a - api_rpcTNP: rpc command: WINREG_GETVERSION >[2016/04/30 10:52:40.329680, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7f9b33e01300 >[2016/04/30 10:52:40.329686, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_GetVersion: struct winreg_GetVersion > in: struct winreg_GetVersion > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.329708, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.329727, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_GetVersion: struct winreg_GetVersion > out: struct winreg_GetVersion > version : * > version : 0x00000005 (5) > result : WERR_OK >[2016/04/30 10:52:40.329742, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.329751, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.329759, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0020 (32) > auth_length : 0x0010 (16) > call_id : 0x0000002f (47) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000008 (8) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=8 > [0000] 05 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.329834, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.329853, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.329859, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 8 bytes >[2016/04/30 10:52:40.329864, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 64 >[2016/04/30 10:52:40.329887, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 64 bytes. There is no more data outstanding >[2016/04/30 10:52:40.329896, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 64 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.329903, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 64 status NT_STATUS_OK >[2016/04/30 10:52:40.329908, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:64] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.329914, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/750/127 >[2016/04/30 10:52:40.330428, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.330442, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 750 (position 750) from bitmap >[2016/04/30 10:52:40.330448, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 750 >[2016/04/30 10:52:40.330456, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.330462, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.330548, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.330589, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.330596, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 750, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.330602, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.330608, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 176 >[2016/04/30 10:52:40.330613, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 176 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 176 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.330644, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 176 >[2016/04/30 10:52:40.330651, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.330670, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.330676, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.330682, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.330687, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.330692, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8 >[2016/04/30 10:52:40.330697, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.330702, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.330710, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.330717, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.330723, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.330728, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.330816, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.330851, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.330857, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.330862, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY >[2016/04/30 10:52:40.330868, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[15].fn == 0x7f9b33e02fa0 >[2016/04/30 10:52:40.330875, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > keyname: struct winreg_String > name_len : 0x0046 (70) > name_size : 0x0046 (70) > name : * > name : 'UserOverride\Control Panel\Desktop' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x00020019 (131097) > 1: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 1: KEY_ENUMERATE_SUB_KEYS > 1: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/30 10:52:40.330936, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.330960, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [UserOverride] >[2016/04/30 10:52:40.330965, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/30 10:52:40.330972, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] >[2016/04/30 10:52:40.330978, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] >[2016/04/30 10:52:40.330986, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.330990, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b33606020 for key [\HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] >[2016/04/30 10:52:40.331004, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:1744(regdb_fetch_keys_internal) > key [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] not found >[2016/04/30 10:52:40.331010, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/30 10:52:40.331015, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_BADFILE >[2016/04/30 10:52:40.331037, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.331046, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.331055, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000030 (48) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 02 00 00 00 ........ >[2016/04/30 10:52:40.331145, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.331165, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.331172, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.331177, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.331200, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.331207, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.331213, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.331218, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.331225, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/751/127 >[2016/04/30 10:52:40.331601, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.331615, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 751 (position 751) from bitmap >[2016/04/30 10:52:40.331621, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 751 >[2016/04/30 10:52:40.331629, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.331635, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.331725, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.331762, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.331769, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 751, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.331775, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.331781, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.331786, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.331817, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.331824, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.331843, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.331849, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.331855, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.331859, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.331865, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.331873, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.331878, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.331885, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.331892, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.331899, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.331904, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.331989, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.332165, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.332172, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.332177, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x1a - api_rpcTNP: rpc command: WINREG_GETVERSION >[2016/04/30 10:52:40.332183, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7f9b33e01300 >[2016/04/30 10:52:40.332189, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_GetVersion: struct winreg_GetVersion > in: struct winreg_GetVersion > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.332211, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.332230, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_GetVersion: struct winreg_GetVersion > out: struct winreg_GetVersion > version : * > version : 0x00000005 (5) > result : WERR_OK >[2016/04/30 10:52:40.332246, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.332255, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.332264, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0020 (32) > auth_length : 0x0010 (16) > call_id : 0x00000031 (49) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000008 (8) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=8 > [0000] 05 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.332338, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.332358, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.332365, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 8 bytes >[2016/04/30 10:52:40.332370, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 64 >[2016/04/30 10:52:40.332394, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 64 bytes. There is no more data outstanding >[2016/04/30 10:52:40.332404, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 64 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.332411, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 64 status NT_STATUS_OK >[2016/04/30 10:52:40.332416, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:64] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.332423, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/752/127 >[2016/04/30 10:52:40.332835, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.332866, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 752 (position 752) from bitmap >[2016/04/30 10:52:40.332871, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 752 >[2016/04/30 10:52:40.332878, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.332884, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.332969, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.333008, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.333015, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 752, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.333020, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.333026, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 176 >[2016/04/30 10:52:40.333031, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 176 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 176 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.333061, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 176 >[2016/04/30 10:52:40.333067, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.333085, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.333091, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.333096, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.333101, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.333106, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8 >[2016/04/30 10:52:40.333111, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.333116, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.333123, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.333130, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.333136, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.333141, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.333229, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.333264, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.333269, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.333274, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY >[2016/04/30 10:52:40.333280, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[15].fn == 0x7f9b33e02fa0 >[2016/04/30 10:52:40.333287, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > keyname: struct winreg_String > name_len : 0x0046 (70) > name_size : 0x0046 (70) > name : * > name : 'UserOverride\Control Panel\Desktop' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x00020019 (131097) > 1: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 1: KEY_ENUMERATE_SUB_KEYS > 1: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/30 10:52:40.333348, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.333370, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [UserOverride] >[2016/04/30 10:52:40.333375, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/30 10:52:40.333382, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] >[2016/04/30 10:52:40.333387, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] >[2016/04/30 10:52:40.333394, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.333399, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b33606020 for key [\HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] >[2016/04/30 10:52:40.333409, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:1744(regdb_fetch_keys_internal) > key [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration\UserOverride] not found >[2016/04/30 10:52:40.333415, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/30 10:52:40.333420, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_BADFILE >[2016/04/30 10:52:40.333441, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.333450, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.333458, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000032 (50) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 02 00 00 00 ........ >[2016/04/30 10:52:40.333548, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.333568, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.333574, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.333579, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.333602, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.333608, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.333614, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.333619, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.333626, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/753/127 >[2016/04/30 10:52:40.334001, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.334014, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 753 (position 753) from bitmap >[2016/04/30 10:52:40.334021, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 753 >[2016/04/30 10:52:40.334028, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.334035, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.334125, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.334162, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.334169, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 753, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.334174, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.334180, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 160 >[2016/04/30 10:52:40.334185, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 160 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 160 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.334216, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 160 >[2016/04/30 10:52:40.334223, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.334243, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.334249, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.334254, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.334259, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.334264, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 4 >[2016/04/30 10:52:40.334272, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.334277, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.334285, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.334292, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.334298, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.334304, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.334387, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.334422, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.334428, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.334433, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.334439, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.334447, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x001c (28) > name_size : 0x001c (28) > name : * > name : 'NWLogonServer' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000060 (96) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.334500, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.334518, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2016/04/30 10:52:40.334524, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.334530, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/30 10:52:40.334535, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/30 10:52:40.334562, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.334571, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.334579, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0010 (16) > call_id : 0x00000033 (51) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 1C 00 02 00 00 00 00 00 ........ ........ > [0020] 20 00 02 00 00 00 00 00 02 00 00 00 ....... .... >[2016/04/30 10:52:40.334684, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.334703, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.334710, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 44 bytes >[2016/04/30 10:52:40.334715, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/04/30 10:52:40.334737, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/04/30 10:52:40.334744, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 96 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.334750, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 96 status NT_STATUS_OK >[2016/04/30 10:52:40.334756, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:96] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.334762, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/754/127 >[2016/04/30 10:52:40.335241, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.335266, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 754 (position 754) from bitmap >[2016/04/30 10:52:40.335272, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 754 >[2016/04/30 10:52:40.335280, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.335286, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.335377, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.335416, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.335423, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 754, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.335428, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.335434, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 160 >[2016/04/30 10:52:40.335439, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 160 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 160 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.335470, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 160 >[2016/04/30 10:52:40.335477, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.335497, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.335503, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.335508, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.335516, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.335521, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 >[2016/04/30 10:52:40.335527, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.335532, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.335539, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.335546, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.335553, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.335558, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.335642, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.335679, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.335685, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.335690, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.335698, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.335706, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x001e (30) > name_size : 0x001e (30) > name : * > name : 'WFHomeDirDrive' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000008 (8) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.335756, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.335775, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2016/04/30 10:52:40.335780, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.335786, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/30 10:52:40.335791, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/30 10:52:40.335819, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.335827, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.335836, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0010 (16) > call_id : 0x00000034 (52) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 1C 00 02 00 00 00 00 00 ........ ........ > [0020] 20 00 02 00 00 00 00 00 02 00 00 00 ....... .... >[2016/04/30 10:52:40.335941, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.335960, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.335967, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 44 bytes >[2016/04/30 10:52:40.335972, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/04/30 10:52:40.335995, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/04/30 10:52:40.336006, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 96 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.336013, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 96 status NT_STATUS_OK >[2016/04/30 10:52:40.336019, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:96] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.336025, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/755/127 >[2016/04/30 10:52:40.336435, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.336466, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 755 (position 755) from bitmap >[2016/04/30 10:52:40.336471, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 755 >[2016/04/30 10:52:40.336478, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.336488, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.336573, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.336609, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.336616, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 755, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.336621, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.336627, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 160 >[2016/04/30 10:52:40.336632, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 160 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 160 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.336662, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 160 >[2016/04/30 10:52:40.336668, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.336686, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.336694, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.336700, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.336704, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.336710, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8 >[2016/04/30 10:52:40.336715, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.336720, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.336727, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.336734, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.336740, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.336745, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.336829, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.336864, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.336872, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.336877, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.336883, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.336890, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ColorDepth' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000004 (4) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.336940, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.336959, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2016/04/30 10:52:40.336964, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.336970, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/30 10:52:40.336975, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/30 10:52:40.337002, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.337010, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.337018, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0010 (16) > call_id : 0x00000035 (53) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 1C 00 02 00 00 00 00 00 ........ ........ > [0020] 20 00 02 00 00 00 00 00 02 00 00 00 ....... .... >[2016/04/30 10:52:40.337123, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.337142, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.337149, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 44 bytes >[2016/04/30 10:52:40.337154, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/04/30 10:52:40.337175, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/04/30 10:52:40.337182, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 96 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.337188, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 96 status NT_STATUS_OK >[2016/04/30 10:52:40.337193, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:96] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.337199, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/756/127 >[2016/04/30 10:52:40.337632, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.337664, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 756 (position 756) from bitmap >[2016/04/30 10:52:40.337669, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 756 >[2016/04/30 10:52:40.337679, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.337685, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.337771, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.337806, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.337813, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 756, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.337818, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.337824, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 176 >[2016/04/30 10:52:40.337829, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 176 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 176 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.337858, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 176 >[2016/04/30 10:52:40.337867, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.337884, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.337890, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.337896, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.337900, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.337906, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.337911, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.337915, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.337923, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.337929, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.337936, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.337941, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.338024, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.338062, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.338068, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.338073, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.338079, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.338086, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x0022 (34) > name_size : 0x0022 (34) > name : * > name : 'fDisablePNPRedir' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000004 (4) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.338136, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.338154, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2016/04/30 10:52:40.338160, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.338166, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2016/04/30 10:52:40.338171, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2016/04/30 10:52:40.338200, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.338209, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.338220, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0010 (16) > call_id : 0x00000036 (54) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 14 00 02 00 00 00 00 00 18 00 02 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 1C 00 02 00 00 00 00 00 ........ ........ > [0020] 20 00 02 00 00 00 00 00 02 00 00 00 ....... .... >[2016/04/30 10:52:40.338322, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.338341, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.338348, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 44 bytes >[2016/04/30 10:52:40.338353, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/04/30 10:52:40.338374, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/04/30 10:52:40.338381, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 96 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.338387, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 96 status NT_STATUS_OK >[2016/04/30 10:52:40.338392, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:96] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.338398, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/757/127 >[2016/04/30 10:52:40.338840, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.338874, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 757 (position 757) from bitmap >[2016/04/30 10:52:40.338880, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 757 >[2016/04/30 10:52:40.338887, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.338893, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.338977, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.339013, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.339019, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 757, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.339024, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.339030, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.339035, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.339067, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.339073, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.339090, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.339096, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.339101, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.339106, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.339112, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.339117, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.339121, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.339128, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.339135, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.339141, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.339146, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.339230, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.339268, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.339274, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.339279, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2016/04/30 10:52:40.339285, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[5].fn == 0x7f9b33e04880 >[2016/04/30 10:52:40.339291, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.339310, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.339329, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 57 58 72 ....0... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.339346, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/04/30 10:52:40.339351, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (2->1) >[2016/04/30 10:52:40.339356, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/30 10:52:40.339377, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.339386, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.339394, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000037 (55) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.339483, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.339503, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.339509, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.339514, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.339536, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.339542, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.339548, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.339554, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.339560, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/758/127 >[2016/04/30 10:52:40.340033, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.340042, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 758 (position 758) from bitmap >[2016/04/30 10:52:40.340047, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 758 >[2016/04/30 10:52:40.340054, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.340063, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.340148, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.340184, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.340190, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 758, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.340196, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1489316331 >[2016/04/30 10:52:40.340201, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.340206, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.340235, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.340241, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.340258, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.340267, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.340272, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.340277, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.340282, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.340287, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.340292, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.340299, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.340306, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.340312, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.340317, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.340401, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.340436, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.340444, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.340449, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2016/04/30 10:52:40.340455, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[5].fn == 0x7f9b33e04880 >[2016/04/30 10:52:40.340460, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.340479, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 24 57 58 72 ..../... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.340498, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 24 57 58 72 ..../... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.340515, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/04/30 10:52:40.340520, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (1->0) >[2016/04/30 10:52:40.340539, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/30 10:52:40.340562, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.340571, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.340580, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000038 (56) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.340670, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.340689, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.340696, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.340701, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.340724, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.340730, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.340737, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.340742, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.340748, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/759/127 >[2016/04/30 10:52:40.341225, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.341232, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 759 (position 759) from bitmap >[2016/04/30 10:52:40.341238, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 759 >[2016/04/30 10:52:40.341245, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.341250, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.341339, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.341376, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.341383, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_close.c:227(smbd_smb2_close) > smbd_smb2_close: winreg - fnum 1489316331 >[2016/04/30 10:52:40.341390, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.341396, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.341403, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 12A2B6D0 >[2016/04/30 10:52:40.341411, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353dfc40 >[2016/04/30 10:52:40.341420, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 12A2B6D0 >[2016/04/30 10:52:40.341425, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.341430, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.341444, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/30 10:52:40.341460, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 1489316331 (1 used) >[2016/04/30 10:52:40.341468, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:144 >[2016/04/30 10:52:40.341474, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/760/127 >[2016/04/30 10:52:40.342220, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.342234, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 760 (position 760) from bitmap >[2016/04/30 10:52:40.342240, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 760 >[2016/04/30 10:52:40.342248, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.342254, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.342340, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.342376, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.342384, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_create.c:501(smbd_smb2_create_send) > smbd_smb2_create: name[srvsvc] >[2016/04/30 10:52:40.342393, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.342399, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.342406, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 3FF693DC >[2016/04/30 10:52:40.342412, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353e9610 >[2016/04/30 10:52:40.342417, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:587(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/30 10:52:40.342435, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:706(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '3FF693DC' stored >[2016/04/30 10:52:40.342442, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x000000000000990a (39178) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0xee090ec3329c23cf (-1294487186361801777) > open_global_id : 0x3ff693dc (1073124316) > open_persistent_id : 0x000000003ff693dc (1073124316) > open_volatile_id : 0x000000003f3a5a58 (1060788824) > open_owner : S-1-5-21-1193122258-3968554332-1479395916-1000 > open_time : Sat Apr 30 10:52:40 2016 CEST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/30 10:52:40.342512, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 3FF693DC >[2016/04/30 10:52:40.342517, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.342522, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.342528, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:880(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x3ff693dc) stored >[2016/04/30 10:52:40.342533, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x3f3a5a58 (1060788824) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x000000000000990a (39178) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0xee090ec3329c23cf (-1294487186361801777) > open_global_id : 0x3ff693dc (1073124316) > open_persistent_id : 0x000000003ff693dc (1073124316) > open_volatile_id : 0x000000003f3a5a58 (1060788824) > open_owner : S-1-5-21-1193122258-3968554332-1479395916-1000 > open_time : Sat Apr 30 10:52:40 2016 CEST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Sat Apr 30 10:52:40 2016 CEST > compat : NULL >[2016/04/30 10:52:40.342623, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 1060788824 (2 used) >[2016/04/30 10:52:40.342630, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) > file_name_hash: /tmp/srvsvc hash 0x8e98a76a >[2016/04/30 10:52:40.342639, 4, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) > Create of internal pipe srvsvc requested >[2016/04/30 10:52:40.342679, 8, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/dosmode.c:583(dos_mode) > dos_mode: srvsvc >[2016/04/30 10:52:40.342688, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_create.c:1303(smbd_smb2_create_send) > smbd_smb2_create_send: srvsvc - fnum 1060788824 >[2016/04/30 10:52:40.342695, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:364 >[2016/04/30 10:52:40.342702, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/761/127 >[2016/04/30 10:52:40.343233, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.343258, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 761 (position 761) from bitmap >[2016/04/30 10:52:40.343265, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 761 >[2016/04/30 10:52:40.343272, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.343279, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.343369, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.343406, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.343414, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 761, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.343419, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: srvsvc - fnum 1060788824 >[2016/04/30 10:52:40.343427, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.343434, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.343440, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/762/127 >[2016/04/30 10:52:40.343793, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.343806, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 762 (position 762) from bitmap >[2016/04/30 10:52:40.343813, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 762 >[2016/04/30 10:52:40.343820, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.343826, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.343917, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.343954, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.343961, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 762, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.343966, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: srvsvc - fnum 1060788824 >[2016/04/30 10:52:40.343973, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.343980, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.343986, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/763/127 >[2016/04/30 10:52:40.344213, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.344246, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 763 (position 763) from bitmap >[2016/04/30 10:52:40.344252, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 763 >[2016/04/30 10:52:40.344259, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.344264, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.344353, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.344389, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.344395, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 763, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.344400, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: srvsvc - fnum 1060788824 >[2016/04/30 10:52:40.344407, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.344413, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.344419, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/764/127 >[2016/04/30 10:52:40.344852, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.344860, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 764 (position 764) from bitmap >[2016/04/30 10:52:40.344866, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 764 >[2016/04/30 10:52:40.344872, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.344877, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.344964, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.345000, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.345007, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 764, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.345012, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_write.c:290(smbd_smb2_write_send) > smbd_smb2_write: srvsvc - fnum 1060788824 >[2016/04/30 10:52:40.345017, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 116 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 116 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.345048, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:164 >[2016/04/30 10:52:40.345056, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/765/127 >[2016/04/30 10:52:40.345078, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.345085, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 11 >[2016/04/30 10:52:40.345092, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) > api_pipe_bind_req: srvsvc -> srvsvc rpc service >[2016/04/30 10:52:40.345101, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) > api_pipe_bind_req: make response. 761 >[2016/04/30 10:52:40.345106, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for srvsvc context_id=0 >[2016/04/30 10:52:40.345111, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: srvsvc -> srvsvc rpc service >[2016/04/30 10:52:40.345117, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe srvsvc >[2016/04/30 10:52:40.345122, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe srvsvc >[2016/04/30 10:52:40.345133, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\srvsvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2016/04/30 10:52:40.345227, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 0 bytes >[2016/04/30 10:52:40.345232, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 68 >[2016/04/30 10:52:40.345448, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.345479, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 765 (position 765) from bitmap >[2016/04/30 10:52:40.345485, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 765 >[2016/04/30 10:52:40.345495, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.345500, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.345585, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.345621, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.345628, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 765, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.345633, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_read.c:463(smbd_smb2_read_send) > smbd_smb2_read: srvsvc - fnum 1060788824 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 1 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.345669, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2016/04/30 10:52:40.345676, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:164 >[2016/04/30 10:52:40.345683, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/766/127 >[2016/04/30 10:52:40.346215, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.346235, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 766 (position 766) from bitmap >[2016/04/30 10:52:40.346250, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 766 >[2016/04/30 10:52:40.346257, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.346263, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.346347, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.346382, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.346388, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 766, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.346393, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] srvsvc, fnum 1060788824 >[2016/04/30 10:52:40.346398, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 64 >[2016/04/30 10:52:40.346403, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 64 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 64 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.346434, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 64 >[2016/04/30 10:52:40.346441, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.346458, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.346464, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.346469, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.346476, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.346482, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.346488, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.346572, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.346606, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.346614, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested srvsvc rpc service >[2016/04/30 10:52:40.346619, 4, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRVSVC_NETSRVGETINFO >[2016/04/30 10:52:40.346625, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[21].fn == 0x7f9b33dc62d0 >[2016/04/30 10:52:40.346632, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > in: struct srvsvc_NetSrvGetInfo > server_unc : * > server_unc : '\\SERWER2' > level : 0x00000065 (101) >[2016/04/30 10:52:40.346648, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1304(_srvsvc_NetSrvGetInfo) > _srvsvc_NetSrvGetInfo: 1304 >[2016/04/30 10:52:40.346655, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1382(_srvsvc_NetSrvGetInfo) > _srvsvc_NetSrvGetInfo: 1382 >[2016/04/30 10:52:40.346660, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > srvsvc_NetSrvGetInfo: struct srvsvc_NetSrvGetInfo > out: struct srvsvc_NetSrvGetInfo > info : * > info : union srvsvc_NetSrvInfo(case 101) > info101 : * > info101: struct srvsvc_NetSrvInfo101 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'SERWER2' > version_major : 0x00000006 (6) > version_minor : 0x00000001 (1) > server_type : 0x00809a2b (8428075) > 1: SV_TYPE_WORKSTATION > 1: SV_TYPE_SERVER > 0: SV_TYPE_SQLSERVER > 1: SV_TYPE_DOMAIN_CTRL > 0: SV_TYPE_DOMAIN_BAKCTRL > 1: SV_TYPE_TIME_SOURCE > 0: SV_TYPE_AFP > 0: SV_TYPE_NOVELL > 0: SV_TYPE_DOMAIN_MEMBER > 1: SV_TYPE_PRINTQ_SERVER > 0: SV_TYPE_DIALIN_SERVER > 1: SV_TYPE_SERVER_UNIX > 1: SV_TYPE_NT > 0: SV_TYPE_WFW > 0: SV_TYPE_SERVER_MFPN > 1: SV_TYPE_SERVER_NT > 0: SV_TYPE_POTENTIAL_BROWSER > 0: SV_TYPE_BACKUP_BROWSER > 0: SV_TYPE_MASTER_BROWSER > 0: SV_TYPE_DOMAIN_MASTER > 0: SV_TYPE_SERVER_OSF > 0: SV_TYPE_SERVER_VMS > 0: SV_TYPE_WIN95_PLUS > 1: SV_TYPE_DFS_SERVER > 0: SV_TYPE_ALTERNATE_XPORT > 0: SV_TYPE_LOCAL_LIST_ONLY > 0: SV_TYPE_DOMAIN_ENUM > comment : * > comment : 'TS' > result : WERR_OK >[2016/04/30 10:52:40.346771, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called srvsvc successfully >[2016/04/30 10:52:40.346780, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.346788, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x006c (108) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000054 (84) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=84 > [0000] 65 00 00 00 04 00 02 00 F4 01 00 00 08 00 02 00 e....... ........ > [0010] 06 00 00 00 01 00 00 00 2B 9A 80 00 0C 00 02 00 ........ +....... > [0020] 08 00 00 00 00 00 00 00 08 00 00 00 53 00 45 00 ........ ....S.E. > [0030] 52 00 57 00 45 00 52 00 32 00 00 00 03 00 00 00 R.W.E.R. 2....... > [0040] 00 00 00 00 03 00 00 00 54 00 53 00 00 00 00 00 ........ T.S..... > [0050] 00 00 00 00 .... >[2016/04/30 10:52:40.346924, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 84 bytes >[2016/04/30 10:52:40.346929, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 108 >[2016/04/30 10:52:40.346950, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 108 bytes. There is no more data outstanding >[2016/04/30 10:52:40.346957, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 108 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.346963, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 108 status NT_STATUS_OK >[2016/04/30 10:52:40.346968, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:108] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.346975, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/767/127 >[2016/04/30 10:52:40.347443, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.347473, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 767 (position 767) from bitmap >[2016/04/30 10:52:40.347482, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 767 >[2016/04/30 10:52:40.347488, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.347494, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.347580, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.347615, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.347622, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_close.c:227(smbd_smb2_close) > smbd_smb2_close: srvsvc - fnum 1060788824 >[2016/04/30 10:52:40.347628, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.347633, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.347640, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 3FF693DC >[2016/04/30 10:52:40.347646, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353eff60 >[2016/04/30 10:52:40.347654, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 3FF693DC >[2016/04/30 10:52:40.347659, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.347667, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.347678, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection srvsvc >[2016/04/30 10:52:40.347689, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 1060788824 (1 used) >[2016/04/30 10:52:40.347696, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:144 >[2016/04/30 10:52:40.347702, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/768/127 >[2016/04/30 10:52:40.348548, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.348580, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 768 (position 768) from bitmap >[2016/04/30 10:52:40.348585, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 768 >[2016/04/30 10:52:40.348591, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.348597, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.348681, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.348719, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.348726, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_create.c:501(smbd_smb2_create_send) > smbd_smb2_create: name[winreg] >[2016/04/30 10:52:40.348733, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.348738, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.348744, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 69D9A458 >[2016/04/30 10:52:40.348751, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353db2b0 >[2016/04/30 10:52:40.348756, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:587(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/30 10:52:40.348767, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:706(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '69D9A458' stored >[2016/04/30 10:52:40.348772, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x000000000000990a (39178) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0xee090ec3329c23cf (-1294487186361801777) > open_global_id : 0x69d9a458 (1775871064) > open_persistent_id : 0x0000000069d9a458 (1775871064) > open_volatile_id : 0x0000000042f17ffa (1123123194) > open_owner : S-1-5-21-1193122258-3968554332-1479395916-1000 > open_time : Sat Apr 30 10:52:40 2016 CEST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/30 10:52:40.348840, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 69D9A458 >[2016/04/30 10:52:40.348845, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.348850, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.348856, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:880(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x69d9a458) stored >[2016/04/30 10:52:40.348860, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x42f17ffa (1123123194) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x000000000000990a (39178) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0xee090ec3329c23cf (-1294487186361801777) > open_global_id : 0x69d9a458 (1775871064) > open_persistent_id : 0x0000000069d9a458 (1775871064) > open_volatile_id : 0x0000000042f17ffa (1123123194) > open_owner : S-1-5-21-1193122258-3968554332-1479395916-1000 > open_time : Sat Apr 30 10:52:40 2016 CEST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Sat Apr 30 10:52:40 2016 CEST > compat : NULL >[2016/04/30 10:52:40.348950, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 1123123194 (2 used) >[2016/04/30 10:52:40.348957, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) > file_name_hash: /tmp/winreg hash 0x718d6f2 >[2016/04/30 10:52:40.348964, 4, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) > Create of internal pipe winreg requested >[2016/04/30 10:52:40.348998, 8, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/dosmode.c:583(dos_mode) > dos_mode: winreg >[2016/04/30 10:52:40.349005, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_create.c:1303(smbd_smb2_create_send) > smbd_smb2_create_send: winreg - fnum 1123123194 >[2016/04/30 10:52:40.349012, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:364 >[2016/04/30 10:52:40.349019, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/769/127 >[2016/04/30 10:52:40.349428, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.349459, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 769 (position 769) from bitmap >[2016/04/30 10:52:40.349464, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 769 >[2016/04/30 10:52:40.349471, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.349479, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.349564, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.349601, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.349607, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 769, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.349613, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: winreg - fnum 1123123194 >[2016/04/30 10:52:40.349620, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.349626, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.349632, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/770/127 >[2016/04/30 10:52:40.350005, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.350024, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 770 (position 770) from bitmap >[2016/04/30 10:52:40.350043, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 770 >[2016/04/30 10:52:40.350050, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.350055, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.350139, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.350174, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.350180, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 770, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.350185, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: winreg - fnum 1123123194 >[2016/04/30 10:52:40.350191, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.350198, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.350204, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/771/127 >[2016/04/30 10:52:40.350414, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.350448, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 771 (position 771) from bitmap >[2016/04/30 10:52:40.350453, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 771 >[2016/04/30 10:52:40.350459, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.350465, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.350549, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.350584, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.350590, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 771, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.350595, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: winreg - fnum 1123123194 >[2016/04/30 10:52:40.350601, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.350607, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.350612, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/772/127 >[2016/04/30 10:52:40.350930, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.350950, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 772 (position 772) from bitmap >[2016/04/30 10:52:40.350966, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 772 >[2016/04/30 10:52:40.350972, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.350977, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.351060, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.351094, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.351100, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 772, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.351105, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_write.c:290(smbd_smb2_write_send) > smbd_smb2_write: winreg - fnum 1123123194 >[2016/04/30 10:52:40.351111, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 164 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 164 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.351144, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:164 >[2016/04/30 10:52:40.351151, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/773/127 >[2016/04/30 10:52:40.351172, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.351179, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 11 >[2016/04/30 10:52:40.351185, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) > api_pipe_bind_req: winreg -> winreg rpc service >[2016/04/30 10:52:40.351190, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) > api_pipe_bind_req: make response. 761 >[2016/04/30 10:52:40.351195, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for winreg context_id=0 >[2016/04/30 10:52:40.351200, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: winreg -> winreg rpc service >[2016/04/30 10:52:40.351205, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/04/30 10:52:40.351210, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/04/30 10:52:40.351217, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 >[2016/04/30 10:52:40.351222, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.351228, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.351233, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.351238, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.351242, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.351253, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:484(make_auth_context_subsystem) > Making default auth method list for DC >[2016/04/30 10:52:40.351260, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:378(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2016/04/30 10:52:40.351265, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:403(load_auth_module) > load_auth_module: auth method guest has a valid init >[2016/04/30 10:52:40.351271, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:378(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2016/04/30 10:52:40.351279, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:403(load_auth_module) > load_auth_module: auth method sam has a valid init >[2016/04/30 10:52:40.351284, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:378(load_auth_module) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2016/04/30 10:52:40.351289, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:378(load_auth_module) > load_auth_module: Attempting to find an auth method to match trustdomain >[2016/04/30 10:52:40.351294, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:403(load_auth_module) > load_auth_module: auth method trustdomain has a valid init >[2016/04/30 10:52:40.351298, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:403(load_auth_module) > load_auth_module: auth method winbind has a valid init >[2016/04/30 10:52:40.351318, 5, pid=39178, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:680(gensec_start_mech) > Starting GENSEC mechanism ntlmssp >[2016/04/30 10:52:40.351330, 3, pid=39178, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0xe20882b7 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2016/04/30 10:52:40.351364, 1, pid=39178, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0xe20882b7 (3792208567) > 1: NTLMSSP_NEGOTIATE_UNICODE > 1: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 1: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 1: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 1: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : NULL > WorkstationLen : 0x0000 (0) > WorkstationMaxLen : 0x0000 (0) > Workstation : NULL > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0) > ProductBuild : 0x1772 (6002) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >[2016/04/30 10:52:40.351492, 1, pid=39178, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0014 (20) > TargetNameMaxLen : 0x0014 (20) > TargetName : * > TargetName : 'TRASKOSTAL' > NegotiateFlags : 0xe2898235 (3800662581) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 1: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 1: NTLMSSP_NEGOTIATE_56 > ServerChallenge : 543042cc5b332286 > Reserved : 0000000000000000 > TargetInfoLen : 0x008e (142) > TargetInfoMaxLen : 0x008e (142) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000006 (6) > pair: ARRAY(6) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'TRASKOSTAL' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000e (14) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERWER2' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'trasko.intranet' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002e (46) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'serwer2.trasko.intranet' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : Sat Apr 30 10:52:40 2016 CEST > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) > ProductBuild : 0x0000 (0) > Reserved : 000000 > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) >[2016/04/30 10:52:40.351680, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.351691, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x00da (218) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\winreg' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2016/04/30 10:52:40.351782, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=218 > [0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 14 00 14 00 NTLMSSP. ........ > [0010] 38 00 00 00 35 82 89 E2 54 30 42 CC 5B 33 22 86 8...5... T0B.[3". > [0020] 00 00 00 00 00 00 00 00 8E 00 8E 00 4C 00 00 00 ........ ....L... > [0030] 06 01 00 00 00 00 00 0F 54 00 52 00 41 00 53 00 ........ T.R.A.S. > [0040] 4B 00 4F 00 53 00 54 00 41 00 4C 00 02 00 14 00 K.O.S.T. A.L..... > [0050] 54 00 52 00 41 00 53 00 4B 00 4F 00 53 00 54 00 T.R.A.S. K.O.S.T. > [0060] 41 00 4C 00 01 00 0E 00 53 00 45 00 52 00 57 00 A.L..... S.E.R.W. > [0070] 45 00 52 00 32 00 04 00 1E 00 74 00 72 00 61 00 E.R.2... ..t.r.a. > [0080] 73 00 6B 00 6F 00 2E 00 69 00 6E 00 74 00 72 00 s.k.o... i.n.t.r. > [0090] 61 00 6E 00 65 00 74 00 03 00 2E 00 73 00 65 00 a.n.e.t. ....s.e. > [00A0] 72 00 77 00 65 00 72 00 32 00 2E 00 74 00 72 00 r.w.e.r. 2...t.r. > [00B0] 61 00 73 00 6B 00 6F 00 2E 00 69 00 6E 00 74 00 a.s.k.o. ..i.n.t. > [00C0] 72 00 61 00 6E 00 65 00 74 00 07 00 08 00 D4 D7 r.a.n.e. t....... > [00D0] EC A6 BD A2 D1 01 00 00 00 00 ........ .. >[2016/04/30 10:52:40.351982, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 0 bytes >[2016/04/30 10:52:40.351987, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 294 >[2016/04/30 10:52:40.352011, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.352038, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 773 (position 773) from bitmap >[2016/04/30 10:52:40.352057, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 773 >[2016/04/30 10:52:40.352063, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.352077, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.352153, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.352186, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.352192, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 773, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.352196, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_read.c:463(smbd_smb2_read_send) > smbd_smb2_read: winreg - fnum 1123123194 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 1 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.352232, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 294 bytes. There is no more data outstanding >[2016/04/30 10:52:40.352238, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:294] at ../source3/smbd/smb2_read.c:164 >[2016/04/30 10:52:40.352244, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/774/127 >[2016/04/30 10:52:40.352781, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.352800, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 774 (position 774) from bitmap >[2016/04/30 10:52:40.352815, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 774 >[2016/04/30 10:52:40.352821, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.352826, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.352900, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.352935, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.352941, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 774, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.352945, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_write.c:290(smbd_smb2_write_send) > smbd_smb2_write: winreg - fnum 1123123194 >[2016/04/30 10:52:40.352950, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 450 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 450 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.352976, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:164 >[2016/04/30 10:52:40.352982, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/775/127 >[2016/04/30 10:52:40.353001, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.353006, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 16 >[2016/04/30 10:52:40.353011, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:938(api_pipe_bind_auth3) > api_pipe_bind_auth3: decode request. 938 >[2016/04/30 10:52:40.353024, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 >[2016/04/30 10:52:40.353030, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.353036, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.353041, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.353045, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.353050, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.353075, 1, pid=39178, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : 000000000000000000000000000000000000000000000000 > NtChallengeResponseLen : 0x00fe (254) > NtChallengeResponseMaxLen: 0x00fe (254) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 254) > v2: struct NTLMv2_RESPONSE > Response : 10ec5e0291fff9f9e69744e50a4b3e43 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Sat Apr 30 10:52:40 2016 CEST > ChallengeFromClient : 36f41cc89707c7a0 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000008 (8) > pair: ARRAY(8) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'TRASKOSTAL' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000e (14) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERWER2' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'trasko.intranet' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002e (46) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'serwer2.trasko.intranet' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : Sat Apr 30 10:52:40 2016 CEST > pair: struct AV_PAIR > AvId : MsvAvFlags (0x6) > AvLen : 0x0004 (4) > Value : union ntlmssp_AvValue(case 0x6) > AvFlags : 0x00000002 (2) > 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT > 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE > 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE > pair: struct AV_PAIR > AvId : MsvAvSingleHost (0x8) > AvLen : 0x0030 (48) > Value : union ntlmssp_AvValue(case 0x8) > AvSingleHost: struct ntlmssp_SingleHostData > Size : 0x00000030 (48) > Z4 : 0x00000000 (0) > token_info: struct LSAP_TOKEN_INFO_INTEGRITY > Flags : 0x00000000 (0) > TokenIL : 0x00003000 (12288) > MachineId : 366c8a5d29f2ac1a61e0a306dbb7f8712dfb609389ecc7c4b2ce0aaf56c02e5c > remaining : DATA_BLOB length=0 > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x0014 (20) > DomainNameMaxLen : 0x0014 (20) > DomainName : * > DomainName : 'TRASKOSTAL' > UserNameLen : 0x000c (12) > UserNameMaxLen : 0x000c (12) > UserName : * > UserName : 'admink' > WorkstationLen : 0x0008 (8) > WorkstationMaxLen : 0x0008 (8) > Workstation : * > Workstation : 'TS78' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] B2 B9 EC 94 5C 1F E6 85 51 BA DE 3D FF AE D1 B2 ....\... Q..=.... > NegotiateFlags : 0xe2888235 (3800597045) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 1: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 1: NTLMSSP_NEGOTIATE_56 > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0) > ProductBuild : 0x1772 (6002) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >[2016/04/30 10:52:40.353413, 3, pid=39178, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:449(ntlmssp_server_preauth) > Got user=[admink] domain=[TRASKOSTAL] workstation=[TS78] len1=24 len2=254 >[2016/04/30 10:52:40.353423, 10, pid=39178, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:480(ntlmssp_server_preauth) >[2016/04/30 10:52:40.353426, 1, pid=39178, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &v2_resp: struct NTLMv2_RESPONSE > Response : 10ec5e0291fff9f9e69744e50a4b3e43 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Sat Apr 30 10:52:40 2016 CEST > ChallengeFromClient : 36f41cc89707c7a0 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000008 (8) > pair: ARRAY(8) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'TRASKOSTAL' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000e (14) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERWER2' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'trasko.intranet' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002e (46) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'serwer2.trasko.intranet' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : Sat Apr 30 10:52:40 2016 CEST > pair: struct AV_PAIR > AvId : MsvAvFlags (0x6) > AvLen : 0x0004 (4) > Value : union ntlmssp_AvValue(case 0x6) > AvFlags : 0x00000002 (2) > 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT > 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE > 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE > pair: struct AV_PAIR > AvId : MsvAvSingleHost (0x8) > AvLen : 0x0030 (48) > Value : union ntlmssp_AvValue(case 0x8) > AvSingleHost: struct ntlmssp_SingleHostData > Size : 0x00000030 (48) > Z4 : 0x00000000 (0) > token_info: struct LSAP_TOKEN_INFO_INTEGRITY > Flags : 0x00000000 (0) > TokenIL : 0x00003000 (12288) > MachineId : 366c8a5d29f2ac1a61e0a306dbb7f8712dfb609389ecc7c4b2ce0aaf56c02e5c > remaining : DATA_BLOB length=0 > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) >[2016/04/30 10:52:40.353591, 3, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3740(lp_load_ex) > lp_load_ex: refreshing parameters >[2016/04/30 10:52:40.353597, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1322(free_param_opts) > Freeing parametrics: >[2016/04/30 10:52:40.353627, 3, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:545(init_globals) > Initialising global parameters >[2016/04/30 10:52:40.353673, 3, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2669(lp_do_section) > Processing section "[global]" > doing parameter unix charset = UTF-8 > doing parameter dos charset = CP852 > doing parameter workgroup = TRASKOSTAL > doing parameter server string = TS > doing parameter obey pam restrictions = Yes > doing parameter lanman auth = Yes > doing parameter map untrusted to domain = Yes > doing parameter log file = /var/log/samba/log.%U.%m > doing parameter name resolve order = wins bcast hosts > doing parameter time server = Yes > doing parameter add user script = /etc/samba/smbuseradd.sh '%u' > doing parameter delete user script = /etc/samba/smbuserdel.sh '%u' > doing parameter add group script = /etc/samba/smbgrpadd.sh '%g' > doing parameter delete group script = /etc/samba/smbgrpdel.sh '%g' > doing parameter add user to group script = /etc/samba/smbtogrpadd.sh '%u' '%g' > doing parameter delete user from group script = /etc/samba/smbfromgrpdel.sh '%u' '%g' > doing parameter set primary group script = /etc/samba/smbsetgrpprime.sh '%u' '%g' > doing parameter add machine script = /etc/samba/smbmachadd.sh '%u' > doing parameter logon script = general.bat > doing parameter domain logons = Yes > doing parameter wins support = Yes > doing parameter os level = 130 > doing parameter preferred master = Yes > doing parameter domain master = Yes > doing parameter local master = Yes > doing parameter dns proxy = No > doing parameter panic action = /usr/share/samba/panic-action %d > doing parameter idmap config * : range = 10000-20000 > doing parameter winbind enum users = Yes > doing parameter winbind enum groups = Yes > doing parameter idmap config * : backend = tdb > doing parameter admin users = admink > doing parameter map acl inherit = Yes > doing parameter use client driver = Yes > doing parameter veto files = lost+found/RECYCLER/aquota.group/aquota.user/ > doing parameter allow nt4 crypto = yes > doing parameter require strong key = false > doing parameter winbind sealed pipes = false > doing parameter winbind expand groups = 10 > doing parameter smb2 leases = yes > doing parameter dbwrap_tdb_mutexes:* = yes > doing parameter debug level = 10 >[2016/04/30 10:52:40.353939, 5, pid=39178, effective(0, 0), real(0, 0)] ../lib/util/debug.c:638(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > doing parameter log file = /var/log/samba/debug_%m.log > doing parameter max log size = 5000 > doing parameter allow dcerpc auth level connect = yes >[2016/04/30 10:52:40.353995, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[printers]" > doing parameter comment = All Printers > doing parameter path = /srv/samba/printers > doing parameter create mask = 0777 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter print ok = Yes > doing parameter default devmode = No > doing parameter browseable = No >[2016/04/30 10:52:40.354050, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[print$]" > doing parameter comment = Printer Drivers > doing parameter path = /var/lib/samba/printers > doing parameter write list = root, admink > doing parameter read only = No > doing parameter guest ok = Yes >[2016/04/30 10:52:40.354071, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[netlogon]" > doing parameter comment = Zasob administracyjny > doing parameter path = /srv/samba/netlogon > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter acl allow execute always = True >[2016/04/30 10:52:40.354095, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[Install]" > doing parameter comment = Instalki > doing parameter path = /srv/samba/install > doing parameter read only = No > doing parameter inherit acls = Yes >[2016/04/30 10:52:40.354112, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[BLACHY]" > doing parameter comment = Dysk sieciowy > doing parameter path = /cage/company/Rejestry/Magazyny/Zwroty > doing parameter create mask = 0770 > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter hide unreadable = Yes >[2016/04/30 10:52:40.354139, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[COMPANY]" >[2016/04/30 10:52:40.354143, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1322(free_param_opts) > Freeing parametrics: > doing parameter comment = Dysk sieciowy > doing parameter path = /cage/company > doing parameter create mask = 0770 > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter hide unreadable = Yes > doing parameter vfs objects = recycle > doing parameter recycle:keeptree = yes > doing parameter recycle:versions = yes > doing parameter recycle:repository = /.recycle > doing parameter recycle:directory_mode = 0777 > doing parameter recycle:subdir_mode = 0777 >[2016/04/30 10:52:40.354221, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[ARCHIVE]" > doing parameter comment = Dysk sieciowy > doing parameter path = /cage/archive > doing parameter create mask = 0770 > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter hide unreadable = Yes > doing parameter preexec = echo \"[X] %u connected to %S from %m (%I)\" >> /var/log/samba/company > doing parameter postexec = echo \"[X] %u disconnected from %S from %m (%I)\" >> /var/log/samba/company >[2016/04/30 10:52:40.354264, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[USER]" >[2016/04/30 10:52:40.354269, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1322(free_param_opts) > Freeing parametrics: > doing parameter comment = Katalog Domowy %u > doing parameter path = /cage/users/%u > doing parameter writeable = yes > doing parameter browseable = yes > doing parameter create mask = 700 > doing parameter vfs objects = recycle > doing parameter recycle:keeptree = yes > doing parameter recycle:versions = yes > doing parameter recycle:repository = /cage/users/%u/.$RecycleBin > doing parameter recycle:directory_mode = 0777 > doing parameter recycle:subdir_mode = 0777 >[2016/04/30 10:52:40.354343, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[AUSERS]" > doing parameter comment = Katalog Uzytkownikow > doing parameter path = /cage/users > doing parameter create mask = 0770 > doing parameter writeable = yes > doing parameter browseable = yes > doing parameter hide unreadable = Yes > doing parameter valid users = admink >[2016/04/30 10:52:40.354375, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[GROUPS]" >[2016/04/30 10:52:40.354379, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1322(free_param_opts) > Freeing parametrics: > doing parameter comment = Katalog Grupowy %G > doing parameter path = /cage/groups > doing parameter create mask = 0770 > doing parameter writeable = yes > doing parameter browseable = yes > doing parameter hide unreadable = Yes > doing parameter vfs objects = recycle > doing parameter recycle:keeptree = yes > doing parameter recycle:versions = yes > doing parameter recycle:repository = /.recycle > doing parameter recycle:directory_mode = 0777 > doing parameter recycle:subdir_mode = 0777 >[2016/04/30 10:52:40.354457, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[TEMP]" >[2016/04/30 10:52:40.354462, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1322(free_param_opts) > Freeing parametrics: > doing parameter comment = Temp > doing parameter path = /srv/samba/Temp > doing parameter create mask = 0777 > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter vfs objects = default_quota > doing parameter default_quota:uid = 1153 > doing parameter default_quota:uid nolimit = no > doing parameter vfs objects = recycle > doing parameter recycle:keeptree = yes > doing parameter recycle:versions = yes > doing parameter recycle:repository = /.recycle > doing parameter recycle:directory_mode = 0777 > doing parameter recycle:subdir_mode = 0777 >[2016/04/30 10:52:40.354555, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[SKANER]" >[2016/04/30 10:52:40.354559, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1322(free_param_opts) > Freeing parametrics: > doing parameter comment = Kopiarki > doing parameter path = /srv/samba/Skaner > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter vfs objects = default_quota > doing parameter default_quota:uid = 1153 > doing parameter default_quota:uid nolimit = no >[2016/04/30 10:52:40.354600, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[N]" > doing parameter comment = NEST > doing parameter path = /srv/samba/Nesty > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter guest ok = Yes >[2016/04/30 10:52:40.354622, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[2850ND]" > doing parameter comment = Drukarka Sieciowa A4 BW > doing parameter path = /srv/samba/printers > doing parameter read only = No > doing parameter create mask = 0700 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter print ok = Yes > doing parameter printer name = 2850ND >[2016/04/30 10:52:40.354659, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[KOPIARKA1]" > doing parameter comment = Kopiarka Kolorowa - BIUROWIEC > doing parameter path = /srv/samba/printers > doing parameter read only = No > doing parameter create mask = 0700 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter print ok = Yes > doing parameter printer name = KOPIARKA1 >[2016/04/30 10:52:40.354696, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[KOPIARKA2]" > doing parameter comment = Kopiarka Kolorowa - Jakosc > doing parameter path = /srv/samba/printers > doing parameter read only = No > doing parameter create mask = 0700 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter print ok = Yes > doing parameter printer name = KOPIARKA2 >[2016/04/30 10:52:40.354731, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[KOPIARKA3]" > doing parameter comment = Kopiarka Mono -Technologia > doing parameter path = /srv/samba/printers > doing parameter read only = No > doing parameter create mask = 0700 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter print ok = Yes > doing parameter printer name = KOPIARKA3 >[2016/04/30 10:52:40.354768, 2, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2686(lp_do_section) > Processing section "[OCE9400]" > doing parameter comment = Ploter A0 > doing parameter path = /srv/samba/printers > doing parameter read only = No > doing parameter create mask = 0700 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter print ok = Yes > doing parameter printer name = OCE9400 >[2016/04/30 10:52:40.354810, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3781(lp_load_ex) > pm_process() returned Yes >[2016/04/30 10:52:40.354821, 7, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4097(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2016/04/30 10:52:40.354827, 3, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1586(lp_add_ipc) > adding IPC service >[2016/04/30 10:52:40.354833, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:117(make_user_info_map) > Mapping user [TRASKOSTAL]\[admink] from workstation [TS78] >[2016/04/30 10:52:40.354839, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:62(make_user_info) > attempting to make a user_info for admink (admink) >[2016/04/30 10:52:40.354844, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:70(make_user_info) > making strings for admink's user_info struct >[2016/04/30 10:52:40.354848, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:108(make_user_info) > making blobs for admink's user_info struct >[2016/04/30 10:52:40.354853, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_info.c:159(make_user_info) > made a user_info for admink (admink) >[2016/04/30 10:52:40.354857, 3, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:178(auth_check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [TRASKOSTAL]\[admink]@[TS78] with the new password interface >[2016/04/30 10:52:40.354862, 3, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:181(auth_check_ntlm_password) > check_ntlm_password: mapped user is: [TRASKOSTAL]\[admink]@[TS78] >[2016/04/30 10:52:40.354866, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:190(auth_check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2016/04/30 10:52:40.354871, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password) > challenge is: >[2016/04/30 10:52:40.354875, 5, pid=39178, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 54 30 42 CC 5B 33 22 86 T0B.[3". >[2016/04/30 10:52:40.354884, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_builtin.c:44(check_guest_security) > Check auth for: [admink] >[2016/04/30 10:52:40.354889, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:233(auth_check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2016/04/30 10:52:40.354893, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [admink] >[2016/04/30 10:52:40.354898, 8, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1206(is_myname) > is_myname("TRASKOSTAL") returns 0 >[2016/04/30 10:52:40.354903, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.354908, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.354912, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.354916, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.354920, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.354935, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username) > pdb_set_username: setting username admink, was >[2016/04/30 10:52:40.354943, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain) > pdb_set_domain: setting domain TRASKOSTAL, was >[2016/04/30 10:52:40.354947, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username) > pdb_set_nt_username: setting nt username , was >[2016/04/30 10:52:40.354952, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname) > pdb_set_full_name: setting full name admink, was >[2016/04/30 10:52:40.354956, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2016/04/30 10:52:40.354961, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2016/04/30 10:52:40.354965, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script) > pdb_set_logon_script: setting logon script it.bat, was >[2016/04/30 10:52:40.354970, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2016/04/30 10:52:40.354974, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2016/04/30 10:52:40.354980, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.354984, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.354988, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.354992, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.354996, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355004, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2016/04/30 10:52:40.355010, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355015, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-1193122258-3968554332-1479395916-1000 >[2016/04/30 10:52:40.355021, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1193122258-3968554332-1479395916-1000 from rid 1000 >[2016/04/30 10:52:40.355030, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355034, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355038, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355042, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355046, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355056, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2016/04/30 10:52:40.355061, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355066, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user admink >[2016/04/30 10:52:40.355071, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is admink >[2016/04/30 10:52:40.355077, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [admink]! >[2016/04/30 10:52:40.355084, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1015 -> sid S-1-5-21-1193122258-3968554332-1479395916-1004 >[2016/04/30 10:52:40.355089, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1624(get_primary_group_sid) > do lookup_sid(S-1-5-21-1193122258-3968554332-1479395916-1004) for group of user admink >[2016/04/30 10:52:40.355094, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1026(lookup_sid) > lookup_sid called for SID 'S-1-5-21-1193122258-3968554332-1479395916-1004' >[2016/04/30 10:52:40.355101, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level) > Accepting SID S-1-5-21-1193122258-3968554332-1479395916 in level 1 >[2016/04/30 10:52:40.355107, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids) > lookup_rids called for domain sid 'S-1-5-21-1193122258-3968554332-1479395916' >[2016/04/30 10:52:40.355112, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355116, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355120, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355124, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355128, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355135, 5, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1004. >[2016/04/30 10:52:40.355140, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 >[2016/04/30 10:52:40.355144, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355148, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 >[2016/04/30 10:52:40.355152, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355156, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355165, 5, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 1004 by key RID_000003ec. >[2016/04/30 10:52:40.355177, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355182, 5, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids) > lookup_rids: Informatycy:2 >[2016/04/30 10:52:40.355188, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355193, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1061(lookup_sid) > Sid S-1-5-21-1193122258-3968554332-1479395916-1004 -> TRASKOSTAL\Informatycy(2) >[2016/04/30 10:52:40.355199, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355203, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355207, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355211, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355215, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355223, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2016/04/30 10:52:40.355228, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355235, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username) > pdb_set_username: setting username admink, was >[2016/04/30 10:52:40.355239, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain) > pdb_set_domain: setting domain TRASKOSTAL, was >[2016/04/30 10:52:40.355244, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username) > pdb_set_nt_username: setting nt username , was >[2016/04/30 10:52:40.355248, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname) > pdb_set_full_name: setting full name admink, was >[2016/04/30 10:52:40.355252, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2016/04/30 10:52:40.355256, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2016/04/30 10:52:40.355260, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script) > pdb_set_logon_script: setting logon script it.bat, was >[2016/04/30 10:52:40.355265, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2016/04/30 10:52:40.355269, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2016/04/30 10:52:40.355274, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355278, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355282, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355288, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355292, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355300, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2016/04/30 10:52:40.355305, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355310, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-1193122258-3968554332-1479395916-1000 >[2016/04/30 10:52:40.355315, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1193122258-3968554332-1479395916-1000 from rid 1000 >[2016/04/30 10:52:40.355325, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1004]: value=[1015:G] >[2016/04/30 10:52:40.355330, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1004]: id=[1015], endptr=[:G] >[2016/04/30 10:52:40.355335, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1522(sid_to_gid) > sid S-1-5-21-1193122258-3968554332-1479395916-1004 -> gid 1015 >[2016/04/30 10:52:40.355340, 10, pid=39178, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:557(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-1193122258-3968554332-1479395916-1004 >[2016/04/30 10:52:40.355348, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.355354, 4, pid=39178, effective(0, 0), real(0, 0)] ../libcli/auth/ntlm_check.c:359(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [TRASKOSTAL] >[2016/04/30 10:52:40.355365, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:183(sam_account_ok) > sam_account_ok: Checking SMB password for user admink >[2016/04/30 10:52:40.355371, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:165(logon_hours_ok) > logon_hours_ok: user admink allowed to logon at this time (Sat Apr 30 08:52:40 2016 > ) >[2016/04/30 10:52:40.355376, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355381, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.355385, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355389, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355393, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355401, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2016/04/30 10:52:40.355406, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.355413, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355417, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.355421, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355425, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355429, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355436, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user admink >[2016/04/30 10:52:40.355440, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is admink >[2016/04/30 10:52:40.355444, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [admink]! >[2016/04/30 10:52:40.355450, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355454, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355458, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355462, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355466, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355473, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: minimum password age, val: 0 >[2016/04/30 10:52:40.355479, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355483, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355487, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355491, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2016/04/30 10:52:40.355495, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355499, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355506, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2016/04/30 10:52:40.355511, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355516, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user admink >[2016/04/30 10:52:40.355522, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is admink >[2016/04/30 10:52:40.355527, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [admink]! >[2016/04/30 10:52:40.355538, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) > sys_getgrouplist: user [admink] >[2016/04/30 10:52:40.355583, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1015 -> sid S-1-5-21-1193122258-3968554332-1479395916-1004 >[2016/04/30 10:52:40.355591, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 4 -> sid S-1-22-2-4 >[2016/04/30 10:52:40.355597, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 24 -> sid S-1-22-2-24 >[2016/04/30 10:52:40.355602, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 27 -> sid S-1-22-2-27 >[2016/04/30 10:52:40.355606, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 30 -> sid S-1-22-2-30 >[2016/04/30 10:52:40.355611, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 46 -> sid S-1-22-2-46 >[2016/04/30 10:52:40.355616, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 110 -> sid S-1-22-2-110 >[2016/04/30 10:52:40.355620, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 111 -> sid S-1-22-2-111 >[2016/04/30 10:52:40.355625, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1000 -> sid S-1-22-2-1000 >[2016/04/30 10:52:40.355630, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1012 -> sid S-1-5-21-1193122258-3968554332-1479395916-512 >[2016/04/30 10:52:40.355636, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1013 -> sid S-1-5-21-1193122258-3968554332-1479395916-513 >[2016/04/30 10:52:40.355641, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1046 -> sid S-1-5-21-1193122258-3968554332-1479395916-1078 >[2016/04/30 10:52:40.355646, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1060 -> sid S-1-5-21-1193122258-3968554332-1479395916-1184 >[2016/04/30 10:52:40.355651, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1061 -> sid S-1-5-21-1193122258-3968554332-1479395916-1197 >[2016/04/30 10:52:40.355656, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1063 -> sid S-1-5-21-1193122258-3968554332-1479395916-1216 >[2016/04/30 10:52:40.355664, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/server_info_sam.c:122(make_server_info_sam) > make_server_info_sam: made server info for user admink -> admink >[2016/04/30 10:52:40.355671, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.355677, 3, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:249(auth_check_ntlm_password) > check_ntlm_password: sam authentication for user [admink] succeeded >[2016/04/30 10:52:40.355683, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355687, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.355691, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.355696, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.355702, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.355709, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: admink >[2016/04/30 10:52:40.358630, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 10.10.10.78 >[2016/04/30 10:52:40.358649, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2016/04/30 10:52:40.358658, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: admink >[2016/04/30 10:52:40.358666, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:567(smb_pam_account) > smb_pam_account: PAM: Account Management for User: admink >[2016/04/30 10:52:40.358810, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:586(smb_pam_account) > smb_pam_account: PAM: Account OK for User: admink >[2016/04/30 10:52:40.359037, 4, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2016/04/30 10:52:40.359053, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.359062, 5, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:292(auth_check_ntlm_password) > check_ntlm_password: PAM Account for user [admink] succeeded >[2016/04/30 10:52:40.359069, 2, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:305(auth_check_ntlm_password) > check_ntlm_password: authentication for user [admink] -> [admink] -> [admink] succeeded >[2016/04/30 10:52:40.359078, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:215(auth3_check_password) > Got NT session key of length 16 >[2016/04/30 10:52:40.359086, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:222(auth3_check_password) > Got LM session key of length 8 >[2016/04/30 10:52:40.359094, 10, pid=39178, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:818(ntlmssp_server_postauth) > ntlmssp_server_auth: Using unmodified nt session key. >[2016/04/30 10:52:40.359113, 3, pid=39178, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) > NTLMSSP Sign/Seal - Initialising with flags: >[2016/04/30 10:52:40.359121, 3, pid=39178, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0xe2088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2016/04/30 10:52:40.359167, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.359176, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:584(pipe_auth_generic_verify_final) > ../source3/rpc_server/srv_pipe.c:584: checking user details >[2016/04/30 10:52:40.359186, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.359200, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.359214, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.359222, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.359229, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.359247, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:224(create_local_nt_token_from_info3) > Create local NT token for admink >[2016/04/30 10:52:40.359268, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1000]: value=[1000:U] >[2016/04/30 10:52:40.359277, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1000]: id=[1000], endptr=[:U] >[2016/04/30 10:52:40.359286, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1468(sid_to_uid) > sid S-1-5-21-1193122258-3968554332-1479395916-1000 -> uid 1000 >[2016/04/30 10:52:40.359325, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) > sys_getgrouplist: user [admink] >[2016/04/30 10:52:40.359392, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1015 -> sid S-1-5-21-1193122258-3968554332-1479395916-1004 >[2016/04/30 10:52:40.359405, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 4 -> sid S-1-22-2-4 >[2016/04/30 10:52:40.359414, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 24 -> sid S-1-22-2-24 >[2016/04/30 10:52:40.359423, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 27 -> sid S-1-22-2-27 >[2016/04/30 10:52:40.359432, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 30 -> sid S-1-22-2-30 >[2016/04/30 10:52:40.359440, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 46 -> sid S-1-22-2-46 >[2016/04/30 10:52:40.359448, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 110 -> sid S-1-22-2-110 >[2016/04/30 10:52:40.359457, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 111 -> sid S-1-22-2-111 >[2016/04/30 10:52:40.359465, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1000 -> sid S-1-22-2-1000 >[2016/04/30 10:52:40.359474, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1012 -> sid S-1-5-21-1193122258-3968554332-1479395916-512 >[2016/04/30 10:52:40.359483, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1013 -> sid S-1-5-21-1193122258-3968554332-1479395916-513 >[2016/04/30 10:52:40.359493, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1046 -> sid S-1-5-21-1193122258-3968554332-1479395916-1078 >[2016/04/30 10:52:40.359502, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1060 -> sid S-1-5-21-1193122258-3968554332-1479395916-1184 >[2016/04/30 10:52:40.359511, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1061 -> sid S-1-5-21-1193122258-3968554332-1479395916-1197 >[2016/04/30 10:52:40.359520, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid) > gid 1063 -> sid S-1-5-21-1193122258-3968554332-1479395916-1216 >[2016/04/30 10:52:40.359546, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.359560, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.359567, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.359575, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.359582, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.359691, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.359704, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-1000] >[2016/04/30 10:52:40.359715, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-1004] >[2016/04/30 10:52:40.359726, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-512] >[2016/04/30 10:52:40.359737, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-513] >[2016/04/30 10:52:40.359748, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-1078] >[2016/04/30 10:52:40.359759, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-1184] >[2016/04/30 10:52:40.359769, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-1197] >[2016/04/30 10:52:40.359780, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1193122258-3968554332-1479395916-1216] >[2016/04/30 10:52:40.359790, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-4] >[2016/04/30 10:52:40.359800, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-24] >[2016/04/30 10:52:40.359810, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-27] >[2016/04/30 10:52:40.359819, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-30] >[2016/04/30 10:52:40.359829, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-46] >[2016/04/30 10:52:40.359839, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-110] >[2016/04/30 10:52:40.359848, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-111] >[2016/04/30 10:52:40.359858, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-1000] >[2016/04/30 10:52:40.359872, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:176(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2016/04/30 10:52:40.359884, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2016/04/30 10:52:40.359894, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2016/04/30 10:52:40.359904, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:176(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: 0x1ff0 >[2016/04/30 10:52:40.359916, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-32-545] >[2016/04/30 10:52:40.359929, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1000]: value=[1000:U] >[2016/04/30 10:52:40.359937, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1000]: id=[1000], endptr=[:U] >[2016/04/30 10:52:40.359947, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1004]: value=[1015:G] >[2016/04/30 10:52:40.359955, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1004]: id=[1015], endptr=[:G] >[2016/04/30 10:52:40.359965, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-512]: value=[1012:G] >[2016/04/30 10:52:40.359972, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-512]: id=[1012], endptr=[:G] >[2016/04/30 10:52:40.359982, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-513]: value=[1013:G] >[2016/04/30 10:52:40.359989, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-513]: id=[1013], endptr=[:G] >[2016/04/30 10:52:40.359998, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1078]: value=[1046:G] >[2016/04/30 10:52:40.360012, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1078]: id=[1046], endptr=[:G] >[2016/04/30 10:52:40.360023, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1184]: value=[1060:G] >[2016/04/30 10:52:40.360031, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1184]: id=[1060], endptr=[:G] >[2016/04/30 10:52:40.360040, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1197]: value=[1061:G] >[2016/04/30 10:52:40.360051, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1197]: id=[1061], endptr=[:G] >[2016/04/30 10:52:40.360060, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1216]: value=[1063:G] >[2016/04/30 10:52:40.360068, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1193122258-3968554332-1479395916-1216]: id=[1063], endptr=[:G] >[2016/04/30 10:52:40.360077, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-1-0]: value=[-1:N] >[2016/04/30 10:52:40.360084, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-1-0]: id=[4294967295], endptr=[:N] >[2016/04/30 10:52:40.360093, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-2]: value=[-1:N] >[2016/04/30 10:52:40.360100, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-2]: id=[4294967295], endptr=[:N] >[2016/04/30 10:52:40.360108, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-11]: value=[-1:N] >[2016/04/30 10:52:40.360116, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-11]: id=[4294967295], endptr=[:N] >[2016/04/30 10:52:40.360124, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-32-544]: value=[10000:G] >[2016/04/30 10:52:40.360132, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-32-544]: id=[10000], endptr=[:G] >[2016/04/30 10:52:40.360140, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-32-545]: value=[10001:G] >[2016/04/30 10:52:40.360147, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-32-545]: id=[10001], endptr=[:G] >[2016/04/30 10:52:40.360157, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:609(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2016/04/30 10:52:40.360166, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:609(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2016/04/30 10:52:40.360174, 10, pid=39178, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:609(create_local_token) > Could not convert SID S-1-5-11 to gid, ignoring it >[2016/04/30 10:52:40.360188, 10, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.360322, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.360377, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.360385, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/dcesrv_auth_generic.c:143(auth_generic_server_get_user_info) > ../source3/rpc_server/dcesrv_auth_generic.c:143OK: user: admink domain: TRASKOSTAL >[2016/04/30 10:52:40.360413, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.360422, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 775 (position 775) from bitmap >[2016/04/30 10:52:40.360430, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 775 >[2016/04/30 10:52:40.360441, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.360449, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.360583, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.360637, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.360647, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 775, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.360655, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1123123194 >[2016/04/30 10:52:40.360664, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 112 >[2016/04/30 10:52:40.360672, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 112 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 112 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.360719, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 112 >[2016/04/30 10:52:40.360728, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.360758, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.360767, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.360775, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.360783, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.360791, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 >[2016/04/30 10:52:40.360799, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.360806, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.360817, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.360831, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.360846, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.360854, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.360984, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.361038, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.361048, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.361056, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: WINREG_OPENHKLM >[2016/04/30 10:52:40.361065, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[2].fn == 0x7f9b33e05020 >[2016/04/30 10:52:40.361073, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : * > system_name : 0x48a0 (18592) > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/30 10:52:40.361128, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/04/30 10:52:40.361142, 4, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(1000, 1015) : sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.361152, 4, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(2421631163) : conn_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.361159, 4, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/04/30 10:52:40.361166, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:40.361173, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:40.361215, 4, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.361225, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2016/04/30 10:52:40.361234, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/04/30 10:52:40.361242, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/04/30 10:52:40.361250, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.361257, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b33606020 for key [\HKLM] >[2016/04/30 10:52:40.361279, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:2093(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2016/04/30 10:52:40.361300, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/30 10:52:40.361310, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 57 58 72 ....1... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.361340, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-2457-58720a990000 > result : WERR_OK >[2016/04/30 10:52:40.361375, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.361388, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.361402, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 57 58 72 ....1... ....$WXr > [0010] 0A 99 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.361544, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.361574, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.361585, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.361592, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.361630, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.361640, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.361650, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.361658, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.361668, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/776/127 >[2016/04/30 10:52:40.362026, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.362036, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 776 (position 776) from bitmap >[2016/04/30 10:52:40.362044, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 776 >[2016/04/30 10:52:40.362060, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.362069, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.362202, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.362257, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.362267, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 776, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.362276, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1123123194 >[2016/04/30 10:52:40.362285, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.362292, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.362338, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.362347, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.362379, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.362388, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.362396, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.362404, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.362412, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.362419, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.362427, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.362437, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.362448, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.362458, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.362466, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.362595, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.362654, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.362663, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.362671, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x1a - api_rpcTNP: rpc command: WINREG_GETVERSION >[2016/04/30 10:52:40.362680, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7f9b33e01300 >[2016/04/30 10:52:40.362689, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_GetVersion: struct winreg_GetVersion > in: struct winreg_GetVersion > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.362719, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 57 58 72 ....1... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.362747, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_GetVersion: struct winreg_GetVersion > out: struct winreg_GetVersion > version : * > version : 0x00000005 (5) > result : WERR_OK >[2016/04/30 10:52:40.362770, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.362782, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.362795, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0020 (32) > auth_length : 0x0010 (16) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000008 (8) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=8 > [0000] 05 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.362909, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.362942, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.362952, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 8 bytes >[2016/04/30 10:52:40.362960, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 64 >[2016/04/30 10:52:40.362993, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 64 bytes. There is no more data outstanding >[2016/04/30 10:52:40.363003, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 64 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.363013, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 64 status NT_STATUS_OK >[2016/04/30 10:52:40.363021, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:64] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.363030, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/777/127 >[2016/04/30 10:52:40.363467, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.363490, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 777 (position 777) from bitmap >[2016/04/30 10:52:40.363499, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 777 >[2016/04/30 10:52:40.363510, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.363519, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.363656, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.363711, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.363721, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 777, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.363729, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1123123194 >[2016/04/30 10:52:40.363738, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 192 >[2016/04/30 10:52:40.363746, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 192 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 192 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.363791, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 192 >[2016/04/30 10:52:40.363800, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.363828, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.363837, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.363845, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.363852, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.363861, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 >[2016/04/30 10:52:40.363868, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.363876, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.363887, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.363902, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.363912, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.363920, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.364058, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.364114, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.364123, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.364131, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: WINREG_OPENKEY >[2016/04/30 10:52:40.364140, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[15].fn == 0x7f9b33e02fa0 >[2016/04/30 10:52:40.364153, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-2457-58720a990000 > keyname: struct winreg_String > name_len : 0x0060 (96) > name_size : 0x0060 (96) > name : * > name : 'SYSTEM\CurrentControlSet\Control\ProductOptions' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/04/30 10:52:40.364254, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 57 58 72 ....1... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.364284, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2016/04/30 10:52:40.364292, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (1->2) >[2016/04/30 10:52:40.364301, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2016/04/30 10:52:40.364309, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2016/04/30 10:52:40.364318, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.364325, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b33606020 for key [\HKLM\SYSTEM] >[2016/04/30 10:52:40.364345, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:2093(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2016/04/30 10:52:40.364363, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2016/04/30 10:52:40.364373, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/04/30 10:52:40.364382, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2016/04/30 10:52:40.364389, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2016/04/30 10:52:40.364398, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.364405, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b33606020 for key [\HKLM\SYSTEM\CurrentControlSet] >[2016/04/30 10:52:40.364424, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:2093(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2016/04/30 10:52:40.364441, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2016/04/30 10:52:40.364454, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/04/30 10:52:40.364463, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] >[2016/04/30 10:52:40.364471, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] >[2016/04/30 10:52:40.364480, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.364487, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b33606020 for key [\HKLM\SYSTEM\CurrentControlSet\Control] >[2016/04/30 10:52:40.364508, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:2093(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] >[2016/04/30 10:52:40.364524, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [ProductOptions] >[2016/04/30 10:52:40.364533, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/04/30 10:52:40.364542, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2016/04/30 10:52:40.364549, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2016/04/30 10:52:40.364559, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/04/30 10:52:40.364566, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f9b34147a00 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2016/04/30 10:52:40.364584, 10, pid=39178, effective(1000, 1015), real(1000, 0)] ../libcli/security/access_check.c:188(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2016/04/30 10:52:40.364595, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/04/30 10:52:40.364604, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/04/30 10:52:40.364612, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/04/30 10:52:40.364620, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 57 58 72 ....2... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.364649, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-2457-58720a990000 > result : WERR_OK >[2016/04/30 10:52:40.364687, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.364702, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.364715, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 57 58 72 ....2... ....$WXr > [0010] 0A 99 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.364851, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.364881, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.364891, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.364899, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.364923, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1539(smbd_smb2_request_pending_timer) > smbd_smb2_request_pending_queue: opcode[SMB2_OP_IOCTL] mid 777 going async >[2016/04/30 10:52:40.364933, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/778/127 >[2016/04/30 10:52:40.364942, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1637(smbd_smb2_request_pending_timer) > state->vector[0/5].iov_len = 4 > state->vector[1/5].iov_len = 0 > state->vector[2/5].iov_len = 64 > state->vector[3/5].iov_len = 8 > state->vector[4/5].iov_len = 1 >[2016/04/30 10:52:40.364981, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.364996, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.365006, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.365014, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.365023, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 0, current possible/max 385/512, total granted/max/low/range 127/8192/778/127 >[2016/04/30 10:52:40.365453, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.365463, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 778 (position 778) from bitmap >[2016/04/30 10:52:40.365471, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 778 >[2016/04/30 10:52:40.365482, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.365491, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.365624, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.365680, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.365694, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 778, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.365702, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1123123194 >[2016/04/30 10:52:40.365712, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 160 >[2016/04/30 10:52:40.365719, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 160 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 160 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.365764, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 160 >[2016/04/30 10:52:40.365774, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.365801, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.365810, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.365818, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.365825, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.365834, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 8 >[2016/04/30 10:52:40.365841, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.365849, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.365860, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.365871, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.365880, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.365889, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.366025, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.366079, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.366088, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.366096, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: WINREG_QUERYVALUE >[2016/04/30 10:52:40.366105, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[17].fn == 0x7f9b33e02820 >[2016/04/30 10:52:40.366116, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-2457-58720a990000 > value_name : * > value_name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'ProductType' > type : * > type : REG_NONE (0) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000104 (260) > data_length : * > data_length : 0x00000000 (0) >[2016/04/30 10:52:40.366194, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 57 58 72 ....2... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.366222, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2016/04/30 10:52:40.366233, 7, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/04/30 10:52:40.366241, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions' (ops 0x7f9b34147a00) >[2016/04/30 10:52:40.366257, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_SZ (1) > data : * > data: ARRAY(18) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x6d (109) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x4e (78) > [13] : 0x00 (0) > [14] : 0x54 (84) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > data_size : * > data_size : 0x00000012 (18) > data_length : * > data_length : 0x00000012 (18) > result : WERR_OK >[2016/04/30 10:52:40.366368, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.366382, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.366395, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0010 (16) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] 14 00 02 00 01 00 00 00 18 00 02 00 12 00 00 00 ........ ........ > [0010] 00 00 00 00 12 00 00 00 4C 00 61 00 6E 00 6D 00 ........ L.a.n.m. > [0020] 61 00 6E 00 4E 00 54 00 00 00 00 00 1C 00 02 00 a.n.N.T. ........ > [0030] 12 00 00 00 20 00 02 00 12 00 00 00 00 00 00 00 .... ... ........ >[2016/04/30 10:52:40.366576, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.366606, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.366617, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 64 bytes >[2016/04/30 10:52:40.366624, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 112 >[2016/04/30 10:52:40.366659, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 112 bytes. There is no more data outstanding >[2016/04/30 10:52:40.366669, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 112 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.366678, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 112 status NT_STATUS_OK >[2016/04/30 10:52:40.366686, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:112] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.366696, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/779/127 >[2016/04/30 10:52:40.367293, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.367314, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 779 (position 779) from bitmap >[2016/04/30 10:52:40.367324, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 779 >[2016/04/30 10:52:40.367335, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.367345, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.367485, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.367543, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.367553, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 779, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.367562, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1123123194 >[2016/04/30 10:52:40.367571, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.367579, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.367627, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.367638, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.367668, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.367677, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.367685, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.367692, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.367701, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.367709, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.367721, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.367732, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.367743, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.367753, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.367761, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.367892, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.367947, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.367956, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.367964, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2016/04/30 10:52:40.367973, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[5].fn == 0x7f9b33e04880 >[2016/04/30 10:52:40.367982, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.368169, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 57 58 72 ....2... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.368189, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 57 58 72 ....2... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.368206, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/04/30 10:52:40.368212, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (2->1) >[2016/04/30 10:52:40.368217, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/30 10:52:40.368239, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.368249, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.368258, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.368346, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.368368, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.368376, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.368381, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.368405, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.368412, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.368418, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.368424, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.368430, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/780/127 >[2016/04/30 10:52:40.368865, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.368890, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 780 (position 780) from bitmap >[2016/04/30 10:52:40.368897, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 780 >[2016/04/30 10:52:40.368904, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.368911, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.369001, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.369038, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.369045, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 780, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.369051, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] winreg, fnum 1123123194 >[2016/04/30 10:52:40.369057, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 80 >[2016/04/30 10:52:40.369062, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 80 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 80 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.369093, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 80 >[2016/04/30 10:52:40.369099, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.369119, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.369125, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.369130, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.369135, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:473(dcerpc_check_auth) > Requested Privacy. >[2016/04/30 10:52:40.369140, 6, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/rpc/dcerpc_util.c:173(dcerpc_pull_auth_trailer) > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 12 >[2016/04/30 10:52:40.369145, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_parse] ../source3/librpc/rpc/dcerpc_helpers.c:533(dcerpc_check_auth) > GENSEC auth >[2016/04/30 10:52:40.369151, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:371(ntlmssp_unseal_packet) > ntlmssp_unseal_packet: seal >[2016/04/30 10:52:40.369157, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:255(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2016/04/30 10:52:40.369165, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.369174, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (1000, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.369179, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.369264, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 1000 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.369300, 5, pid=39178, effective(1000, 1015), real(1000, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(1000,1000), gid=(0,1015) >[2016/04/30 10:52:40.369306, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested winreg rpc service >[2016/04/30 10:52:40.369311, 4, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: WINREG_CLOSEKEY >[2016/04/30 10:52:40.369317, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[5].fn == 0x7f9b33e04880 >[2016/04/30 10:52:40.369322, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-2457-58720a990000 >[2016/04/30 10:52:40.369342, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 57 58 72 ....1... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.369361, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 57 58 72 ....1... ....$WXr > [0010] 0A 99 00 00 .... >[2016/04/30 10:52:40.369381, 6, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/04/30 10:52:40.369387, 10, pid=39178, effective(1000, 1015), real(1000, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (1->0) >[2016/04/30 10:52:40.369400, 1, pid=39178, effective(1000, 1015), real(1000, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/04/30 10:52:40.369423, 5, pid=39178, effective(1000, 1015), real(1000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called winreg successfully >[2016/04/30 10:52:40.369433, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.369442, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0010 (16) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2016/04/30 10:52:40.369530, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_NTLMSSP (10) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000000 (0) > credentials : DATA_BLOB length=0 >[2016/04/30 10:52:40.369549, 10, pid=39178, effective(0, 1015), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:287(ntlmssp_seal_packet) > ntlmssp_seal_data: seal >[2016/04/30 10:52:40.369556, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/04/30 10:52:40.369561, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 80 >[2016/04/30 10:52:40.369587, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 80 bytes. There is no more data outstanding >[2016/04/30 10:52:40.369594, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 80 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.369601, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 80 status NT_STATUS_OK >[2016/04/30 10:52:40.369606, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:80] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.369612, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/781/127 >[2016/04/30 10:52:40.370063, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.370088, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 781 (position 781) from bitmap >[2016/04/30 10:52:40.370094, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 781 >[2016/04/30 10:52:40.370102, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.370108, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.370194, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.370235, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.370243, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_close.c:227(smbd_smb2_close) > smbd_smb2_close: winreg - fnum 1123123194 >[2016/04/30 10:52:40.370250, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.370255, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.370262, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 69D9A458 >[2016/04/30 10:52:40.370268, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353db800 >[2016/04/30 10:52:40.370277, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 69D9A458 >[2016/04/30 10:52:40.370282, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.370287, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.370299, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2016/04/30 10:52:40.370313, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 1123123194 (1 used) >[2016/04/30 10:52:40.370320, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:144 >[2016/04/30 10:52:40.370326, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/782/127 >[2016/04/30 10:52:40.371143, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.371174, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 782 (position 782) from bitmap >[2016/04/30 10:52:40.371180, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 782 >[2016/04/30 10:52:40.371186, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.371192, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.371280, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.371316, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.371323, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_create.c:501(smbd_smb2_create_send) > smbd_smb2_create: name[wkssvc] >[2016/04/30 10:52:40.371330, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.371335, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.371341, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 9B5E34D2 >[2016/04/30 10:52:40.371347, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353a3ee0 >[2016/04/30 10:52:40.371353, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:587(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/04/30 10:52:40.371364, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:706(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '9B5E34D2' stored >[2016/04/30 10:52:40.371370, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x000000000000990a (39178) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0xee090ec3329c23cf (-1294487186361801777) > open_global_id : 0x9b5e34d2 (2606642386) > open_persistent_id : 0x000000009b5e34d2 (2606642386) > open_volatile_id : 0x00000000ffb9191f (4290320671) > open_owner : S-1-5-21-1193122258-3968554332-1479395916-1000 > open_time : Sat Apr 30 10:52:40 2016 CEST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 >[2016/04/30 10:52:40.371441, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 9B5E34D2 >[2016/04/30 10:52:40.371446, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.371451, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.371457, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smbXsrv_open.c:880(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x9b5e34d2) stored >[2016/04/30 10:52:40.371462, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0xffb9191f (4290320671) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x000000000000990a (39178) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0xee090ec3329c23cf (-1294487186361801777) > open_global_id : 0x9b5e34d2 (2606642386) > open_persistent_id : 0x000000009b5e34d2 (2606642386) > open_volatile_id : 0x00000000ffb9191f (4290320671) > open_owner : S-1-5-21-1193122258-3968554332-1479395916-1000 > open_time : Sat Apr 30 10:52:40 2016 CEST > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > status : NT_STATUS_OK > idle_time : Sat Apr 30 10:52:40 2016 CEST > compat : NULL >[2016/04/30 10:52:40.371548, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 4290320671 (2 used) >[2016/04/30 10:52:40.371554, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) > file_name_hash: /tmp/wkssvc hash 0x2b4dd005 >[2016/04/30 10:52:40.371563, 4, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) > Create of internal pipe wkssvc requested >[2016/04/30 10:52:40.371598, 8, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/dosmode.c:583(dos_mode) > dos_mode: wkssvc >[2016/04/30 10:52:40.371609, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_create.c:1303(smbd_smb2_create_send) > smbd_smb2_create_send: wkssvc - fnum 4290320671 >[2016/04/30 10:52:40.371616, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:364 >[2016/04/30 10:52:40.371623, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/783/127 >[2016/04/30 10:52:40.372041, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.372054, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 783 (position 783) from bitmap >[2016/04/30 10:52:40.372061, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 783 >[2016/04/30 10:52:40.372068, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.372075, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.372161, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.372198, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.372205, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 783, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.372215, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: wkssvc - fnum 4290320671 >[2016/04/30 10:52:40.372222, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.372229, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.372235, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/784/127 >[2016/04/30 10:52:40.372633, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.372658, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 784 (position 784) from bitmap >[2016/04/30 10:52:40.372665, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 784 >[2016/04/30 10:52:40.372672, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.372679, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.372765, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.372805, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.372813, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 784, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.372818, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: wkssvc - fnum 4290320671 >[2016/04/30 10:52:40.372825, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.372832, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.372838, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/785/127 >[2016/04/30 10:52:40.373240, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.373265, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 785 (position 785) from bitmap >[2016/04/30 10:52:40.373271, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 785 >[2016/04/30 10:52:40.373279, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.373286, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.373371, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.373413, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.373420, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 785, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.373425, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_getinfo.c:272(smbd_smb2_getinfo_send) > smbd_smb2_getinfo_send: wkssvc - fnum 4290320671 >[2016/04/30 10:52:40.373432, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2789(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_getinfo.c:154 >[2016/04/30 10:52:40.373439, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2837 >[2016/04/30 10:52:40.373445, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/786/127 >[2016/04/30 10:52:40.373862, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.373887, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 786 (position 786) from bitmap >[2016/04/30 10:52:40.373893, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 786 >[2016/04/30 10:52:40.373901, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.373907, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.373997, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.374034, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.374041, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 786, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.374046, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_write.c:290(smbd_smb2_write_send) > smbd_smb2_write: wkssvc - fnum 4290320671 >[2016/04/30 10:52:40.374052, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 116 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 116 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.374084, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:164 >[2016/04/30 10:52:40.374092, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/787/127 >[2016/04/30 10:52:40.374117, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.374124, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 11 >[2016/04/30 10:52:40.374130, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) > api_pipe_bind_req: wkssvc -> wkssvc rpc service >[2016/04/30 10:52:40.374135, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) > api_pipe_bind_req: make response. 761 >[2016/04/30 10:52:40.374140, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for wkssvc context_id=0 >[2016/04/30 10:52:40.374145, 3, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: wkssvc -> wkssvc rpc service >[2016/04/30 10:52:40.374150, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe wkssvc >[2016/04/30 10:52:40.374155, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe wkssvc >[2016/04/30 10:52:40.374165, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\wkssvc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2016/04/30 10:52:40.374262, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 0 bytes >[2016/04/30 10:52:40.374267, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 68 >[2016/04/30 10:52:40.374634, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.374660, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 787 (position 787) from bitmap >[2016/04/30 10:52:40.374666, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 787 >[2016/04/30 10:52:40.374674, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.374680, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.374771, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.374809, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.374816, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 787, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.374821, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_read.c:463(smbd_smb2_read_send) > smbd_smb2_read: wkssvc - fnum 4290320671 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 1 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.374859, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2016/04/30 10:52:40.374867, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:164 >[2016/04/30 10:52:40.374874, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/788/127 >[2016/04/30 10:52:40.375219, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.375227, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 788 (position 788) from bitmap >[2016/04/30 10:52:40.375232, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 788 >[2016/04/30 10:52:40.375239, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.375245, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.375334, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.375370, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.375376, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:1908(smbd_smb2_request_verify_creditcharge) > mid 788, CreditCharge: 1, NeededCharge: 1 >[2016/04/30 10:52:40.375381, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x0011c017] wkssvc, fnum 4290320671 >[2016/04/30 10:52:40.375387, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:61(smb2_ioctl_named_pipe) > smbd_smb2_ioctl_send: np_write_send of size 64 >[2016/04/30 10:52:40.375392, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 64 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 56 > req->in.vector[4].iov_len = 64 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:40.375421, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:119(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: received 64 >[2016/04/30 10:52:40.375428, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:140(smbd_smb2_ioctl_pipe_write_done) > smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 >[2016/04/30 10:52:40.375446, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/04/30 10:52:40.375452, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/04/30 10:52:40.375457, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/04/30 10:52:40.375464, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 1015) : sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.375473, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 1 >[2016/04/30 10:52:40.375479, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.375563, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.375597, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.375603, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested wkssvc rpc service >[2016/04/30 10:52:40.375607, 4, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO >[2016/04/30 10:52:40.375613, 6, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[0].fn == 0x7f9b33cb6bb0 >[2016/04/30 10:52:40.375620, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > in: struct wkssvc_NetWkstaGetInfo > server_name : * > server_name : '\\SERWER2' > level : 0x00000064 (100) >[2016/04/30 10:52:40.375637, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo > out: struct wkssvc_NetWkstaGetInfo > info : * > info : union wkssvc_NetWkstaInfo(case 100) > info100 : * > info100: struct wkssvc_NetWkstaInfo100 > platform_id : PLATFORM_ID_NT (500) > server_name : * > server_name : 'SERWER2' > domain_name : * > domain_name : 'TRASKOSTAL' > version_major : 0x00000006 (6) > version_minor : 0x00000001 (1) > result : WERR_OK >[2016/04/30 10:52:40.375680, 5, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called wkssvc successfully >[2016/04/30 10:52:40.375689, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.375696, 1, pid=39178, effective(0, 1015), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0078 (120) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000060 (96) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=96 > [0000] 64 00 00 00 04 00 02 00 F4 01 00 00 08 00 02 00 d....... ........ > [0010] 0C 00 02 00 06 00 00 00 01 00 00 00 08 00 00 00 ........ ........ > [0020] 00 00 00 00 08 00 00 00 53 00 45 00 52 00 57 00 ........ S.E.R.W. > [0030] 45 00 52 00 32 00 00 00 0B 00 00 00 00 00 00 00 E.R.2... ........ > [0040] 0B 00 00 00 54 00 52 00 41 00 53 00 4B 00 4F 00 ....T.R. A.S.K.O. > [0050] 53 00 54 00 41 00 4C 00 00 00 00 00 00 00 00 00 S.T.A.L. ........ >[2016/04/30 10:52:40.375838, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 96 bytes >[2016/04/30 10:52:40.375843, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 120 >[2016/04/30 10:52:40.375865, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 120 bytes. There is no more data outstanding >[2016/04/30 10:52:40.375871, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:169(smbd_smb2_ioctl_pipe_read_done) > smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 120 is_data_outstanding = 0, status = NT_STATUS_OK >[2016/04/30 10:52:40.375878, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 120 status NT_STATUS_OK >[2016/04/30 10:52:40.375883, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:120] at ../source3/smbd/smb2_ioctl.c:358 >[2016/04/30 10:52:40.375889, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/789/127 >[2016/04/30 10:52:40.376427, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:40.376462, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 789 (position 789) from bitmap >[2016/04/30 10:52:40.376467, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 789 >[2016/04/30 10:52:40.376474, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:40.376480, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:40.376565, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:40.376601, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:40.376608, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_close.c:227(smbd_smb2_close) > smbd_smb2_close: wkssvc - fnum 4290320671 >[2016/04/30 10:52:40.376615, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.376620, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:40.376627, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 9B5E34D2 >[2016/04/30 10:52:40.376637, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353d72d0 >[2016/04/30 10:52:40.376647, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 9B5E34D2 >[2016/04/30 10:52:40.376652, 5, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/04/30 10:52:40.376657, 10, pid=39178, effective(0, 1015), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:40.376668, 10, pid=39178, effective(0, 1015), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection wkssvc >[2016/04/30 10:52:40.376678, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 4290320671 (1 used) >[2016/04/30 10:52:40.376685, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:144 >[2016/04/30 10:52:40.376691, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/790/127 >[2016/04/30 10:52:44.517888, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/lib/events.c:426(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(deadtime) (nil) called >[2016/04/30 10:52:44.517911, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/lib/events.c:437(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled >[2016/04/30 10:52:44.517920, 10, pid=39178, effective(0, 1015), real(0, 0)] ../source3/lib/events.c:426(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(housekeeping) (nil) called >[2016/04/30 10:52:44.517925, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/process.c:2812(housekeeping_fn) > housekeeping >[2016/04/30 10:52:44.517931, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:44.517937, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:44.517943, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:44.517966, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/04/30 10:52:44.517990, 6, pid=39178, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2224(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 30 10:03:39 2016 > >[2016/04/30 10:52:44.518005, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/lib/events.c:437(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled >[2016/04/30 10:52:52.321362, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3539(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2016/04/30 10:52:52.321404, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:654(smb2_validate_sequence_number) > smb2_validate_sequence_number: clearing id 790 (position 790) from bitmap >[2016/04/30 10:52:52.321423, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2018(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_TDIS] mid = 790 >[2016/04/30 10:52:52.321460, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 1015) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:52.321478, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (31): > SID[ 0]: S-1-5-21-1193122258-3968554332-1479395916-1000 > SID[ 1]: S-1-5-21-1193122258-3968554332-1479395916-1004 > SID[ 2]: S-1-5-21-1193122258-3968554332-1479395916-512 > SID[ 3]: S-1-5-21-1193122258-3968554332-1479395916-513 > SID[ 4]: S-1-5-21-1193122258-3968554332-1479395916-1078 > SID[ 5]: S-1-5-21-1193122258-3968554332-1479395916-1184 > SID[ 6]: S-1-5-21-1193122258-3968554332-1479395916-1197 > SID[ 7]: S-1-5-21-1193122258-3968554332-1479395916-1216 > SID[ 8]: S-1-22-2-4 > SID[ 9]: S-1-22-2-24 > SID[ 10]: S-1-22-2-27 > SID[ 11]: S-1-22-2-30 > SID[ 12]: S-1-22-2-46 > SID[ 13]: S-1-22-2-110 > SID[ 14]: S-1-22-2-111 > SID[ 15]: S-1-22-2-1000 > SID[ 16]: S-1-1-0 > SID[ 17]: S-1-5-2 > SID[ 18]: S-1-5-11 > SID[ 19]: S-1-5-32-544 > SID[ 20]: S-1-5-32-545 > SID[ 21]: S-1-22-1-1000 > SID[ 22]: S-1-22-2-1015 > SID[ 23]: S-1-22-2-1012 > SID[ 24]: S-1-22-2-1013 > SID[ 25]: S-1-22-2-1046 > SID[ 26]: S-1-22-2-1060 > SID[ 27]: S-1-22-2-1061 > SID[ 28]: S-1-22-2-1063 > SID[ 29]: S-1-22-2-10000 > SID[ 30]: S-1-22-2-10001 > Privileges (0x 1FF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeIncreaseQuotaPrivilege > Rights (0x 0): >[2016/04/30 10:52:52.321706, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 1015 and contains 17 supplementary groups > Group[ 0]: 1015 > Group[ 1]: 1012 > Group[ 2]: 1013 > Group[ 3]: 1046 > Group[ 4]: 1060 > Group[ 5]: 1061 > Group[ 6]: 1063 > Group[ 7]: 4 > Group[ 8]: 24 > Group[ 9]: 27 > Group[ 10]: 30 > Group[ 11]: 46 > Group[ 12]: 110 > Group[ 13]: 111 > Group[ 14]: 1000 > Group[ 15]: 10000 > Group[ 16]: 10001 >[2016/04/30 10:52:52.321808, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,1015) >[2016/04/30 10:52:52.321826, 4, pid=39178, effective(0, 1015), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:52.321839, 5, pid=39178, effective(0, 1015), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:52.321851, 5, pid=39178, effective(0, 1015), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:52.321872, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 4 > req->in.vector[4].iov_len = 0 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2016/04/30 10:52:52.321945, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:52.321959, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:52.321972, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:52.321998, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/04/30 10:52:52.322014, 5, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/04/30 10:52:52.322027, 10, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/04/30 10:52:52.322045, 10, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key B10F79CB >[2016/04/30 10:52:52.322065, 10, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x7f9b353cafe0 >[2016/04/30 10:52:52.322089, 10, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key B10F79CB >[2016/04/30 10:52:52.322102, 5, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/04/30 10:52:52.322114, 10, pid=39178, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/04/30 10:52:52.322132, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:52.322144, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:52.322155, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:52.322174, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/04/30 10:52:52.322187, 3, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1140(close_cnum) > ts78 (ipv4:10.10.10.78:54318) closed connection to service IPC$ >[2016/04/30 10:52:52.322209, 4, pid=39178, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) > vfs_ChDir to / >[2016/04/30 10:52:52.322235, 4, pid=39178, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) > vfs_ChDir got / >[2016/04/30 10:52:52.322249, 4, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/04/30 10:52:52.322261, 5, pid=39178, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/04/30 10:52:52.322272, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/04/30 10:52:52.322291, 5, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/04/30 10:52:52.322315, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2680(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[4] dyn[no:0] at ../source3/smbd/smb2_tcon.c:517 >[2016/04/30 10:52:52.322334, 10, pid=39178, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:906(smb2_set_operation_credit) > smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/791/127
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12050">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11865
:
12038
|
12039
| 12050 |
12051
|
12052