smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=18497 smt_wct=0 smb_bcc=0 [2005/08/22 05:12:56, 6] lib/util_sock.c:write_socket(449) write_socket(25,39) [2005/08/22 05:12:56, 6] lib/util_sock.c:write_socket(452) write_socket(25,39) wrote 39 [2005/08/22 05:13:37, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 18 [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn INTERFACE_VERSION [2005/08/22 05:13:37, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [17582]: request interface version [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/08/22 05:13:37, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [17582]: request location of privileged pipe [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(569) client_write: need to write 35 extra data bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 35 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(558) client_write: client_write: complete response written. [2005/08/22 05:13:37, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 24 [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/08/22 05:13:37, 5] nsswitch/winbindd.c:winbind_client_read(475) read failed on sock 18, pid 17582: EOF [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn ENDPWENT [2005/08/22 05:13:37, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375) [17582]: endpwent [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/08/22 05:13:37, 5] nsswitch/winbindd.c:winbind_client_read(475) read failed on sock 24, pid 17582: EOF [2005/08/22 05:13:37, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 18 [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn INTERFACE_VERSION [2005/08/22 05:13:37, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [17585]: request interface version [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/08/22 05:13:37, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [17585]: request location of privileged pipe [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(569) client_write: need to write 35 extra data bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 35 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(558) client_write: client_write: complete response written. [2005/08/22 05:13:37, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 24 [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/08/22 05:13:37, 5] nsswitch/winbindd.c:winbind_client_read(475) read failed on sock 18, pid 17585: EOF [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn ENDPWENT [2005/08/22 05:13:37, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375) [17585]: endpwent [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/08/22 05:13:37, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/08/22 05:13:37, 5] nsswitch/winbindd.c:winbind_client_read(475) read failed on sock 24, pid 17585: EOF [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/22 05:13:56, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/08/22 05:13:56, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/08/22 05:13:56, 5] smbd/uid.c:change_to_root_user(295) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/08/22 05:13:56, 6] param/loadparm.c:lp_file_list_changed(2722) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 19 12:36:28 2005 [2005/08/22 05:13:56, 4] printing/printing.c:print_cache_expired(1025) print_cache_expired: cache expired for queue Apple (last_qscan_time = 1124687530, time now = 1124687636, qcachetime = 0) [2005/08/22 05:13:56, 10] printing/printing.c:print_queue_update(1426) print_queue_update: Sending message -> printer = Apple, type = 8, lpq command = [Apple] [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:push_sec_ctx(255) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/22 05:13:56, 3] smbd/uid.c:push_conn_ctx(364) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/22 05:13:56, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/08/22 05:13:56, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:pop_sec_ctx(385) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/22 05:13:56, 4] printing/printing.c:print_cache_expired(1025) print_cache_expired: cache expired for queue Apollo1 (last_qscan_time = 1124687529, time now = 1124687636, qcachetime = 0) [2005/08/22 05:13:56, 10] printing/printing.c:print_queue_update(1426) print_queue_update: Sending message -> printer = Apollo1, type = 8, lpq command = [Apollo1] [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:push_sec_ctx(255) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/22 05:13:56, 3] smbd/uid.c:push_conn_ctx(364) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/22 05:13:56, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/08/22 05:13:56, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/08/22 05:13:56, 3] smbd/sec_ctx.c:pop_sec_ctx(385) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/22 05:13:56, 10] lib/messages.c:message_dispatch(446) message_dispatch: processing message of type 2103. [2005/08/22 05:13:56, 5] printing/printing.c:print_queue_update_with_lock(1216) print_queue_update_with_lock: printer share = Apple [2005/08/22 05:13:56, 4] printing/printing.c:print_cache_expired(1025) print_cache_expired: cache expired for queue Apple (last_qscan_time = 1124687530, time now = 1124687636, qcachetime = 0) [2005/08/22 05:13:56, 5] printing/printing.c:set_updating_pid(864) set_updating_pid: updating lpq cache for print share Apple [2005/08/22 05:13:56, 5] printing/printing.c:print_queue_update_internal(1075) print_queue_update_internal: printer = Apple, type = 8, lpq command = [Apple] [2005/08/22 05:13:56, 5] printing/print_cups.c:cups_queue_get(723) cups_queue_get(Apple, 0xbffff4f4, 0xbffff3e0) [2005/08/22 05:13:56, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2005/08/22 05:13:56, 3] printing/printing.c:print_queue_update_internal(1094) print_queue_update_internal: 0 jobs in queue for Apple [2005/08/22 05:13:56, 10] printing/printing.c:print_queue_update_internal(1159) print_queue_update_internal: printer Apple INFO/total_jobs = 0 [2005/08/22 05:13:56, 5] printing/printing.c:set_updating_pid(864) set_updating_pid: not updating lpq cache for print share Apple [2005/08/22 05:13:56, 10] lib/messages.c:message_dispatch(441) message_dispatch: received msg_type=2103 src_pid=16294 [2005/08/22 05:13:56, 10] lib/messages.c:message_dispatch(446) message_dispatch: processing message of type 2103. [2005/08/22 05:13:56, 5] printing/printing.c:print_queue_update_with_lock(1216) print_queue_update_with_lock: printer share = Apollo1 [2005/08/22 05:13:56, 4] printing/printing.c:print_cache_expired(1025) print_cache_expired: cache expired for queue Apollo1 (last_qscan_time = 1124687529, time now = 1124687636, qcachetime = 0) [2005/08/22 05:13:56, 5] printing/printing.c:set_updating_pid(864) set_updating_pid: updating lpq cache for print share Apollo1 [2005/08/22 05:13:56, 5] printing/printing.c:print_queue_update_internal(1075) print_queue_update_internal: printer = Apollo1, type = 8, lpq command = [Apollo1] [2005/08/22 05:13:56, 5] printing/print_cups.c:cups_queue_get(723) cups_queue_get(Apollo1, 0xbffff4f4, 0xbffff3e0) [2005/08/22 05:13:56, 10] printing/print_cups.c:cups_server(51) cups server left to default localhost [2005/08/22 05:13:56, 3] printing/printing.c:print_queue_update_internal(1094) print_queue_update_internal: 0 jobs in queue for Apollo1 [2005/08/22 05:13:56, 10] printing/printing.c:print_queue_update_internal(1159) print_queue_update_internal: printer Apollo1 INFO/total_jobs = 0 [2005/08/22 05:13:56, 5] printing/printing.c:set_updating_pid(864) set_updating_pid: not updating lpq cache for print share Apollo1 [2005/08/22 05:14:18, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 324 [2005/08/22 05:14:18, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x144 [2005/08/22 05:14:18, 3] smbd/process.c:process_smb(1091) Transaction 293 of length 328 [2005/08/22 05:14:18, 5] lib/util.c:show_msg(464) [2005/08/22 05:14:18, 5] lib/util.c:show_msg(467) size=324 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=200 smb_uid=100 smb_mid=18561 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 240 (0xF0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 240 (0xF0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30328 (0x7678) smb_bcc=257 [2005/08/22 05:14:18, 10] lib/util.c:dump_data(1995) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 F0 00 00 00 42 00 00 ........ .....B.. [020] 00 D8 00 00 00 00 00 45 00 00 00 02 00 20 00 00 .......E ..... .. [030] 00 00 00 00 00 20 00 00 00 5C 00 5C 00 6F 00 64 ..... .. .\.\.o.d [040] 00 69 00 2D 00 6D 00 67 00 74 00 2D 00 63 00 65 .i.-.m.g .t.-.c.e [050] 00 31 00 2E 00 6C 00 61 00 62 00 32 00 30 00 30 .1...l.a .b.2.0.0 [060] 00 33 00 64 00 6F 00 6D 00 61 00 69 00 6E 00 2E .3.d.o.m .a.i.n.. [070] 00 63 00 6F 00 6D 00 00 00 00 00 00 00 00 00 00 .c.o.m.. ........ [080] 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [090] 00 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 ........ ........ [0A0] 00 CE 0E 00 00 03 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 0D 00 00 00 00 00 00 00 0D 00 00 00 5C 00 5C ........ .....\.\ [0C0] 00 42 00 58 00 42 00 2D 00 32 00 30 00 30 00 33 .B.X.B.- .2.0.0.3 [0D0] 00 44 00 43 00 00 00 00 00 0E 00 00 00 00 00 00 .D.C.... ........ [0E0] 00 0E 00 00 00 41 00 64 00 6D 00 69 00 6E 00 69 .....A.d .m.i.n.i [0F0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [100] 00 . [2005/08/22 05:14:18, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 16294) conn 0x83c3548 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(158) fetch sid from uid cache 0 -> S-1-5-21-1426079282-3730378279-3702951429-1000 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 0 -> S-1-5-21-1426079282-3730378279-3702951429-1001 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 0 -> S-1-5-21-1426079282-3730378279-3702951429-1001 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 1 -> S-1-5-21-1426079282-3730378279-3702951429-1003 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 2 -> S-1-5-21-1426079282-3730378279-3702951429-1005 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 3 -> S-1-5-21-1426079282-3730378279-3702951429-1007 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 4 -> S-1-5-21-1426079282-3730378279-3702951429-1009 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 6 -> S-1-5-21-1426079282-3730378279-3702951429-1013 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 10 -> S-1-5-21-1426079282-3730378279-3702951429-1021 [2005/08/22 05:14:18, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 31 -> S-1-5-21-1426079282-3730378279-3702951429-1063 [2005/08/22 05:14:18, 10] auth/auth_util.c:debug_nt_user_token(489) NT user token of user S-1-5-21-1426079282-3730378279-3702951429-1000 contains 12 SIDs SID[ 0]: S-1-5-21-1426079282-3730378279-3702951429-1000 SID[ 1]: S-1-5-21-1426079282-3730378279-3702951429-1001 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1426079282-3730378279-3702951429-1003 SID[ 6]: S-1-5-21-1426079282-3730378279-3702951429-1005 SID[ 7]: S-1-5-21-1426079282-3730378279-3702951429-1007 SID[ 8]: S-1-5-21-1426079282-3730378279-3702951429-1009 SID[ 9]: S-1-5-21-1426079282-3730378279-3702951429-1013 SID[ 10]: S-1-5-21-1426079282-3730378279-3702951429-1021 SID[ 11]: S-1-5-21-1426079282-3730378279-3702951429-1063 SE_PRIV 0x0 0x0 0x0 0x0 [2005/08/22 05:14:18, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/22 05:14:18, 5] auth/auth_util.c:debug_nt_user_token(489) NT user token of user S-1-5-21-1426079282-3730378279-3702951429-1000 contains 12 SIDs SID[ 0]: S-1-5-21-1426079282-3730378279-3702951429-1000 SID[ 1]: S-1-5-21-1426079282-3730378279-3702951429-1001 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1426079282-3730378279-3702951429-1003 SID[ 6]: S-1-5-21-1426079282-3730378279-3702951429-1005 SID[ 7]: S-1-5-21-1426079282-3730378279-3702951429-1007 SID[ 8]: S-1-5-21-1426079282-3730378279-3702951429-1009 SID[ 9]: S-1-5-21-1426079282-3730378279-3702951429-1013 SID[ 10]: S-1-5-21-1426079282-3730378279-3702951429-1021 SID[ 11]: S-1-5-21-1426079282-3730378279-3702951429-1063 SE_PRIV 0x0 0x0 0x0 0x0 [2005/08/22 05:14:18, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 8 supplementary groups Group[ 0]: 0 Group[ 1]: 1 Group[ 2]: 2 Group[ 3]: 3 Group[ 4]: 4 Group[ 5]: 6 Group[ 6]: 10 Group[ 7]: 31 [2005/08/22 05:14:18, 5] smbd/uid.c:change_to_user(280) change_to_user uid=(0,0) gid=(0,0) [2005/08/22 05:14:18, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=240 params=0 setup=2 [2005/08/22 05:14:18, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/08/22 05:14:18, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/08/22 05:14:18, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/08/22 05:14:18, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7678 [2005/08/22 05:14:18, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1171) pipe name spoolss pnum=7678 (pipes_open=1) [2005/08/22 05:14:18, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 7678) [2005/08/22 05:14:18, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83da0a8 max_trans_reply: 1024 [2005/08/22 05:14:18, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7678 name: spoolss open: Yes len: 240 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 240 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(775) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 240 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 240, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 224 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(775) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 224 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 00f0 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000042 [2005/08/22 05:14:18, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 224 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(775) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 224, incoming data = 224 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 alloc_hint: 000000d8 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0004 context_id: 0000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0006 opnum : 0045 [2005/08/22 05:14:18, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/08/22 05:14:18, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) Requested \PIPE\spoolss [2005/08/22 05:14:18, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2005/08/22 05:14:18, 6] rpc_server/srv_pipe.c:api_rpcTNP(1556) api_rpc_cmds[1].fn == 0x8140080 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_q_open_printer_ex [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 printername_ptr: 00020000 [2005/08/22 05:14:18, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 uni_max_len: 00000020 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0008 offset : 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c uni_str_len: 00000020 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) 0010 buffer : \.\.o.d.i.-.m.g.t.-.c.e.1...l.a.b.2.0.0.3.d.o.m.a.i.n...c.o.m... [2005/08/22 05:14:18, 6] rpc_parse/parse_prs.c:prs_debug(82) 000050 spoolss_io_printer_default [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0050 datatype_ptr: 00000000 [2005/08/22 05:14:18, 7] rpc_parse/parse_prs.c:prs_debug(82) 000054 smb_io_unistr2 - NULL datatype [2005/08/22 05:14:18, 7] rpc_parse/parse_prs.c:prs_debug(82) 000054 spoolss_io_devmode_cont [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0054 size: 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0058 devmode_ptr: 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 005c access_required: 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0060 user_switch: 00000001 [2005/08/22 05:14:18, 6] rpc_parse/parse_prs.c:prs_debug(82) 000064 spool_io_user_level [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0064 level: 00000001 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0068 ptr: 00020004 [2005/08/22 05:14:18, 7] rpc_parse/parse_prs.c:prs_debug(82) 00006c [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 006c size: 0000001c [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0070 client_name_ptr: 00020008 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0074 user_name_ptr: 0002000c [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0078 build: 00000ece [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 007c major: 00000003 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0080 minor: 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0084 processor: 00000000 [2005/08/22 05:14:18, 8] rpc_parse/parse_prs.c:prs_debug(82) 000088 smb_io_unistr2 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0088 uni_max_len: 0000000d [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 008c offset : 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0090 uni_str_len: 0000000d [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) 0094 buffer : \.\.B.X.B.-.2.0.0.3.D.C... [2005/08/22 05:14:18, 8] rpc_parse/parse_prs.c:prs_debug(82) 0000b0 smb_io_unistr2 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 00b0 uni_max_len: 0000000e [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 00b4 offset : 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 00b8 uni_str_len: 0000000e [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) 00bc buffer : A.d.m.i.n.i.s.t.r.a.t.o.r... checking name: \\odi-mgt-ce1.lab2003domain.com [2005/08/22 05:14:18, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(607) open_printer_hnd: name [\\odi-mgt-ce1.lab2003domain.com] [2005/08/22 05:14:18, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[4] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 2A 5F 09 43 ........ ....*_.C [010] A6 3F 00 00 .?.. [2005/08/22 05:14:18, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(469) Setting printer type=\\odi-mgt-ce1.lab2003domain.com Printer is a print server [2005/08/22 05:14:18, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(505) Setting printer name=\\odi-mgt-ce1.lab2003domain.com (len=31) [2005/08/22 05:14:18, 8] lib/util.c:is_myname(1815) is_myname("odi-mgt-ce1.lab2003domain.com") returns 0 [2005/08/22 05:14:18, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(642) 4 printer handles active [2005/08/22 05:14:18, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 2A 5F 09 43 ........ ....*_.C [010] A6 3F 00 00 .?.. [2005/08/22 05:14:18, 4] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1733) Setting print server access = SERVER_ACCESS_ENUMERATE [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_r_open_printer_ex [2005/08/22 05:14:18, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd printer handle [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: 0000000d [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 0000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 0000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: 2a 5f 09 43 a6 3f 00 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_werror(701) 0014 status code: WERR_OK [2005/08/22 05:14:18, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) api_rpcTNP: called spoolss successfully [2005/08/22 05:14:18, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 118 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 224 [2005/08/22 05:14:18, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7678 name: spoolss len: 1024 [2005/08/22 05:14:18, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(980) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 02 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0030 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000042 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 alloc_hint: 00000018 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 context_id: 0000 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0016 cancel_ct : 00 [2005/08/22 05:14:18, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0017 reserved : 00 [2005/08/22 05:14:18, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..48] [2005/08/22 05:14:18, 5] lib/util.c:show_msg(464) [2005/08/22 05:14:18, 5] lib/util.c:show_msg(467) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=200 smb_uid=100 smb_mid=18561 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/08/22 05:14:18, 10] lib/util.c:dump_data(1995) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 42 00 00 ........ .0...B.. [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [020] 00 00 00 00 00 2A 5F 09 43 A6 3F 00 00 00 00 00 .....*_. C.?..... [030] 00 . [2005/08/22 05:14:18, 6] lib/util_sock.c:write_socket(449) write_socket(25,108) [2005/08/22 05:14:18, 6] lib/util_sock.c:write_socket(452) write_socket(25,108) wrote 108 [2005/08/22 05:14:19, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 202 [2005/08/22 05:14:19, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0xca [2005/08/22 05:14:19, 3] smbd/process.c:process_smb(1091) Transaction 294 of length 206 [2005/08/22 05:14:19, 5] lib/util.c:show_msg(464) [2005/08/22 05:14:19, 5] lib/util.c:show_msg(467) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=200 smb_uid=100 smb_mid=18625 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 118 (0x76) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 118 (0x76) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30328 (0x7678) smb_bcc=135 [2005/08/22 05:14:19, 10] lib/util.c:dump_data(1995) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 76 00 00 00 43 00 00 ........ .v...C.. [020] 00 5E 00 00 00 00 00 1E 00 00 00 00 00 0D 00 00 .^...... ........ [030] 00 00 00 00 00 2A 5F 09 43 A6 3F 00 00 01 00 00 .....*_. C.?..... [040] 00 01 00 00 00 00 00 02 00 00 00 00 00 04 00 02 ........ ........ [050] 00 20 03 00 00 20 03 00 00 64 00 00 00 64 00 00 . ... .. .d...d.. [060] 00 C8 00 00 00 C8 00 00 00 09 00 00 00 00 00 00 ........ ........ [070] 00 09 00 00 00 63 00 6F 00 6F 00 6C 00 66 00 6F .....c.o .o.l.f.o [080] 00 72 00 6D 00 00 00 .r.m... [2005/08/22 05:14:19, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 16294) conn 0x83c3548 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(158) fetch sid from uid cache 0 -> S-1-5-21-1426079282-3730378279-3702951429-1000 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 0 -> S-1-5-21-1426079282-3730378279-3702951429-1001 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 0 -> S-1-5-21-1426079282-3730378279-3702951429-1001 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 1 -> S-1-5-21-1426079282-3730378279-3702951429-1003 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 2 -> S-1-5-21-1426079282-3730378279-3702951429-1005 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 3 -> S-1-5-21-1426079282-3730378279-3702951429-1007 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 4 -> S-1-5-21-1426079282-3730378279-3702951429-1009 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 6 -> S-1-5-21-1426079282-3730378279-3702951429-1013 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 10 -> S-1-5-21-1426079282-3730378279-3702951429-1021 [2005/08/22 05:14:19, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(232) fetch sid from gid cache 31 -> S-1-5-21-1426079282-3730378279-3702951429-1063 [2005/08/22 05:14:19, 10] auth/auth_util.c:debug_nt_user_token(489) NT user token of user S-1-5-21-1426079282-3730378279-3702951429-1000 contains 12 SIDs SID[ 0]: S-1-5-21-1426079282-3730378279-3702951429-1000 SID[ 1]: S-1-5-21-1426079282-3730378279-3702951429-1001 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1426079282-3730378279-3702951429-1003 SID[ 6]: S-1-5-21-1426079282-3730378279-3702951429-1005 SID[ 7]: S-1-5-21-1426079282-3730378279-3702951429-1007 SID[ 8]: S-1-5-21-1426079282-3730378279-3702951429-1009 SID[ 9]: S-1-5-21-1426079282-3730378279-3702951429-1013 SID[ 10]: S-1-5-21-1426079282-3730378279-3702951429-1021 SID[ 11]: S-1-5-21-1426079282-3730378279-3702951429-1063 SE_PRIV 0x0 0x0 0x0 0x0 [2005/08/22 05:14:19, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/22 05:14:19, 5] auth/auth_util.c:debug_nt_user_token(489) NT user token of user S-1-5-21-1426079282-3730378279-3702951429-1000 contains 12 SIDs SID[ 0]: S-1-5-21-1426079282-3730378279-3702951429-1000 SID[ 1]: S-1-5-21-1426079282-3730378279-3702951429-1001 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-1426079282-3730378279-3702951429-1003 SID[ 6]: S-1-5-21-1426079282-3730378279-3702951429-1005 SID[ 7]: S-1-5-21-1426079282-3730378279-3702951429-1007 SID[ 8]: S-1-5-21-1426079282-3730378279-3702951429-1009 SID[ 9]: S-1-5-21-1426079282-3730378279-3702951429-1013 SID[ 10]: S-1-5-21-1426079282-3730378279-3702951429-1021 SID[ 11]: S-1-5-21-1426079282-3730378279-3702951429-1063 SE_PRIV 0x0 0x0 0x0 0x0 [2005/08/22 05:14:19, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 8 supplementary groups Group[ 0]: 0 Group[ 1]: 1 Group[ 2]: 2 Group[ 3]: 3 Group[ 4]: 4 Group[ 5]: 6 Group[ 6]: 10 Group[ 7]: 31 [2005/08/22 05:14:19, 5] smbd/uid.c:change_to_user(280) change_to_user uid=(0,0) gid=(0,0) [2005/08/22 05:14:19, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=118 params=0 setup=2 [2005/08/22 05:14:19, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2005/08/22 05:14:19, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/08/22 05:14:19, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2005/08/22 05:14:19, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) search for pipe pnum=7678 [2005/08/22 05:14:19, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1171) pipe name spoolss pnum=7678 (pipes_open=1) [2005/08/22 05:14:19, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 7678) [2005/08/22 05:14:19, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83da0a8 max_trans_reply: 1024 [2005/08/22 05:14:19, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852) write_to_pipe: 7678 name: spoolss open: Yes len: 118 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 118 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(775) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 118 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(397) fill_rpc_header: data_to_copy = 118, len_needed_to_complete_hdr = 16, receive_len = 0 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 16 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 102 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(775) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 102 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0076 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000043 [2005/08/22 05:14:19, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(485) unmarshall_rpc_header: using little-endian RPC [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(514) unmarshall_rpc_header: type = 0, flags = 3 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 0 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874) write_to_pipe: data_left = 102 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(775) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 102, incoming data = 102 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 alloc_hint: 0000005e [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0004 context_id: 0000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0006 opnum : 001e [2005/08/22 05:14:19, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/08/22 05:14:19, 5] rpc_server/srv_pipe.c:api_pipe_request(1497) Requested \PIPE\spoolss [2005/08/22 05:14:19, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) api_rpcTNP: spoolss op 0x1e - api_rpcTNP: rpc command: SPOOLSS_ADDFORM [2005/08/22 05:14:19, 6] rpc_server/srv_pipe.c:api_rpcTNP(1556) api_rpc_cmds[33].fn == 0x8142e60 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_q_addform [2005/08/22 05:14:19, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd printer handle [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: 0000000d [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 0000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 0000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: 2a 5f 09 43 a6 3f 00 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0014 level: 00000001 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0018 level2: 00000001 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 001c useless_ptr: 00020000 [2005/08/22 05:14:19, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 spoolss_io_addform [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0020 flags: 00000000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0024 name_ptr: 00020004 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0028 size_x: 00000320 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 002c size_y: 00000320 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0030 left: 00000064 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0034 top: 00000064 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0038 right: 000000c8 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 003c bottom: 000000c8 [2005/08/22 05:14:19, 7] rpc_parse/parse_prs.c:prs_debug(82) 000040 smb_io_unistr2 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0040 uni_max_len: 00000009 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0044 offset : 00000000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0048 uni_str_len: 00000009 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814) 004c buffer : c.o.o.l.f.o.r.m... [2005/08/22 05:14:19, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 0D 00 00 00 00 00 00 00 2A 5F 09 43 ........ ....*_.C [010] A6 3F 00 00 .?.. [2005/08/22 05:14:19, 5] rpc_server/srv_spoolss_nt.c:_spoolss_addform(8175) spoolss_addform [2005/08/22 05:14:19, 2] rpc_server/srv_spoolss_nt.c:_spoolss_addform(8196) _spoolss_addform: denied by handle permissions. [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 spoolss_io_r_addform [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_werror(701) 0000 status: WERR_ACCESS_DENIED [2005/08/22 05:14:19, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) api_rpcTNP: called spoolss successfully [2005/08/22 05:14:19, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 18 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878) write_to_pipe: data_used = 102 [2005/08/22 05:14:19, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(909) read_from_pipe: 7678 name: spoolss len: 1024 [2005/08/22 05:14:19, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(980) read_from_pipe: spoolss: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 02 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 001c [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00000043 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 alloc_hint: 00000004 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 context_id: 0000 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0016 cancel_ct : 00 [2005/08/22 05:14:19, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0017 reserved : 00 [2005/08/22 05:14:19, 5] smbd/ipc.c:copy_trans_params_and_data(58) copy_trans_params_and_data: params[0..0] data[0..28] [2005/08/22 05:14:19, 5] lib/util.c:show_msg(464) [2005/08/22 05:14:19, 5] lib/util.c:show_msg(467) [2005/08/22 05:14:37, 5] nsswitch/winbindd_util.c:add_trusted_domains(202) scanning trusted domain list [2005/08/22 05:14:37, 10] nsswitch/winbindd_cache.c:trusted_domains(1393) trusted_domains: [Cached] - doing backend query for info for domain LAB2003DOMAIN [2005/08/22 05:14:37, 3] nsswitch/winbindd_rpc.c:trusted_domains(970) rpc: trusted_domains [2005/08/22 05:14:37, 5] rpc_parse/parse_lsa.c:init_q_enum_trust_dom(478) init_q_enum_trust_dom [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_enum_trust_dom [2005/08/22 05:14:37, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0000 data1: 00000000 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: b2229121 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: 8852 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: 4e98 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: be a5 4d 5a ba 6d 06 db [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0014 enum_context : 00000000 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0018 preferred_len: 00010000 [2005/08/22 05:14:37, 5] rpc_client/cli_pipe.c:create_rpc_request(852) create_rpc_request: opnum: 0xd data_len: 0x34 [2005/08/22 05:14:37, 10] rpc_client/cli_pipe.c:create_rpc_request(868) create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0000 major : 05 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0001 minor : 00 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0002 pkt_type : 00 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0003 flags : 03 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0004 pack_type0: 10 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0005 pack_type1: 00 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0006 pack_type2: 00 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint8(584) 0007 pack_type3: 00 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 frag_len : 0034 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a auth_len : 0000 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint32(642) 000c call_id : 00001be3 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0010 alloc_hint: 00000024 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0014 context_id: 0000 [2005/08/22 05:14:37, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0016 opnum : 000d [2005/08/22 05:14:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(421) rpc_api_pipe: fnum:4000 [2005/08/22 05:14:37, 5] lib/util.c:show_msg(464) [2005/08/22 05:14:37, 5] lib/util.c:show_msg(467) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=2048 smb_pid=18977 smb_uid=2048 smb_mid=1831 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16384 (0x4000) smb_bcc=67 [2005/08/22 05:14:37, 10] lib/util.c:dump_data(1995) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....