The Samba-Bugzilla – Attachment 14933 Details for
Bug 13745
print command %J substitution
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Logleve 10 Log
smb.log (text/x-log), 878.60 KB, created by
Heinrich Mislik
on 2019-03-15 13:25:37 UTC
(
hide
)
Description:
Logleve 10 Log
Filename:
MIME Type:
Creator:
Heinrich Mislik
Created:
2019-03-15 13:25:37 UTC
Size:
878.60 KB
patch
obsolete
>[2019/03/15 14:20:13.630308, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:3868(lp_load_ex) > lp_load_ex: refreshing parameters >[2019/03/15 14:20:13.630332, 5, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1344(free_param_opts) > Freeing parametrics: >[2019/03/15 14:20:13.630372, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:547(init_globals) > Initialising global parameters >[2019/03/15 14:20:13.630394, 2, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:319(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >[2019/03/15 14:20:13.630433, 5, pid=11834, effective(10005, 202), real(10005, 202)] ../lib/util/debug.c:746(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 >[2019/03/15 14:20:13.630608, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2782(lp_do_section) > Processing section "[global]" > doing parameter state directory = /tmp > doing parameter cache directory = /tmp > doing parameter lock directory = /tmp > doing parameter pid directory = /tmp > doing parameter private dir = /tmp > doing parameter ncalrpc dir = /tmp > doing parameter smb ports = 1445 1139 > doing parameter log file = /tmp/samba > doing parameter netbios name = soneserver >[2019/03/15 14:20:13.630710, 2, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2799(lp_do_section) > Processing section "[someprinter]" >[2019/03/15 14:20:13.630738, 8, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1460(add_a_service) > add_a_service: Creating snum = 0 for someprinter >[2019/03/15 14:20:13.630755, 10, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1501(hash_a_service) > hash_a_service: creating servicehash >[2019/03/15 14:20:13.630790, 10, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1510(hash_a_service) > hash_a_service: hashing index 0 for service name someprinter > doing parameter printable = yes > doing parameter readonly = no > doing parameter path = /tmp > doing parameter printing = lprng > doing parameter print command = echo 1>&2 Jobtitle = %J >[2019/03/15 14:20:13.630892, 4, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:3910(lp_load_ex) > pm_process() returned Yes >[2019/03/15 14:20:13.630918, 7, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:4229(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2019/03/15 14:20:13.630946, 8, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1460(add_a_service) > add_a_service: Creating snum = 1 for IPC$ >[2019/03/15 14:20:13.630962, 10, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1510(hash_a_service) > hash_a_service: hashing index 1 for service name IPC$ >[2019/03/15 14:20:13.630980, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1617(lp_add_ipc) > adding IPC service >[2019/03/15 14:20:13.631012, 6, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:13.631258, 2, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/lib/interface.c:345(add_interface) > added interface eth0 ip=2001:62a:4:1:250:56ff:fea4:5f7b bcast= netmask=ffff:ffff:ffff:ffff:: >[2019/03/15 14:20:13.631291, 2, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/lib/interface.c:345(add_interface) > added interface eth0 ip=131.130.1.38 bcast=131.130.1.255 netmask=255.255.255.0 >[2019/03/15 14:20:13.631338, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/smbd/server.c:1808(main) > loaded services >[2019/03/15 14:20:13.631360, 5, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/lib/util_names.c:152(init_names) > Netbios name list:- > my_netbios_names[0]="SONESERVER" >[2019/03/15 14:20:13.632812, 5, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 4 - private_data=(nil) >[2019/03/15 14:20:13.632840, 5, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 7 - private_data=(nil) >[2019/03/15 14:20:13.632913, 1, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/profile/profile.c:51(set_profile_level) > INFO: Profiling turned OFF from pid 11834 >[2019/03/15 14:20:13.632936, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/smbd/server.c:1828(main) > Standard input is not a socket, assuming -D option >[2019/03/15 14:20:13.632951, 3, pid=11834, effective(10005, 202), real(10005, 202)] ../source3/smbd/server.c:1840(main) > Becoming a daemon. >[2019/03/15 14:20:13.633609, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:13.633875, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:79(messaging_dgm_ref) > messaging_dgm_ref: messaging_dgm_init returned Success >[2019/03/15 14:20:13.633983, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:108(messaging_dgm_ref) > messaging_dgm_ref: unique = 3012015293305119694 >[2019/03/15 14:20:13.634132, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:155(make_pdb_method_name) > Attempting to find a passdb backend to match tdbsam (tdbsam) >[2019/03/15 14:20:13.634163, 2, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:161(make_pdb_method_name) > No builtin backend found, trying to load plugin >[2019/03/15 14:20:13.634199, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/modules.c:160(load_module_absolute_path) > load_module_absolute_path: Probing module '/usr/lib64/samba/pdb/tdbsam.so' >[2019/03/15 14:20:13.636252, 3, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module '/usr/lib64/samba/pdb/tdbsam.so' loaded >[2019/03/15 14:20:13.636288, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb) > Attempting to register passdb backend tdbsam >[2019/03/15 14:20:13.636316, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb) > Successfully added passdb backend 'tdbsam' >[2019/03/15 14:20:13.636334, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:176(make_pdb_method_name) > Found pdb backend tdbsam >[2019/03/15 14:20:13.636378, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:187(make_pdb_method_name) > pdb backend tdbsam has a valid init >[2019/03/15 14:20:13.636666, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_version_global.tdb >[2019/03/15 14:20:13.636694, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_version_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:13.636716, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 736D62587372765F7665 >[2019/03/15 14:20:13.636742, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6043b80 >[2019/03/15 14:20:13.636872, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 736D62587372765F7665 >[2019/03/15 14:20:13.636893, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_version_global.tdb >[2019/03/15 14:20:13.636912, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_version.c:250(smbXsrv_version_global_init) > smbXsrv_version_global_init >[2019/03/15 14:20:13.636927, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_version.c:251(smbXsrv_version_global_init) >[2019/03/15 14:20:13.636938, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_version_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_version_globalU(case 0) > info0 : * > info0: struct smbXsrv_version_global0 > db_rec : NULL > num_nodes : 0x00000001 (1) > nodes: ARRAY(1) > nodes: struct smbXsrv_version_node0 > server_id: struct server_id > pid : 0x0000000000002e3c (11836) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x29ccd3f36f7ee3ce (3012015293305119694) > min_version : SMBXSRV_VERSION_0 (0) > max_version : SMBXSRV_VERSION_0 (0) > current_version : SMBXSRV_VERSION_0 (0) >[2019/03/15 14:20:13.639165, 3, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/util_procid.c:54(pid_to_procid) > pid_to_procid: messaging_dgm_get_unique failed: No such file or directory >[2019/03/15 14:20:13.639395, 10, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:13.639617, 10, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:79(messaging_dgm_ref) > messaging_dgm_ref: messaging_dgm_init returned Success >[2019/03/15 14:20:13.639672, 10, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:108(messaging_dgm_ref) > messaging_dgm_ref: unique = 14149426187881846669 >[2019/03/15 14:20:13.639794, 5, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 794 - private_data=0x5602b6045a40 >[2019/03/15 14:20:13.639827, 5, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 795 - private_data=0x5602b6045a40 >[2019/03/15 14:20:13.639846, 5, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 796 - private_data=0x5602b6045a40 >[2019/03/15 14:20:13.639973, 10, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:13.640085, 10, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm.c:1430(messaging_dgm_send) > messaging_dgm_send: Sending message to 11836 >[2019/03/15 14:20:13.640184, 10, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:79(messaging_dgm_ref) > messaging_dgm_ref: messaging_dgm_init returned Success >[2019/03/15 14:20:13.640258, 10, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:108(messaging_dgm_ref) > messaging_dgm_ref: unique = 21980733027363518 >[2019/03/15 14:20:13.640328, 5, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 13 - private_data=0x5602b60458b0 >[2019/03/15 14:20:13.640367, 5, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 788 - private_data=0x5602b60458b0 >[2019/03/15 14:20:13.640392, 5, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 785 - private_data=(nil) >[2019/03/15 14:20:13.640463, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/server.c:593(cleanupd_init) > cleanupd_init: Started cleanupd pid=11838 >[2019/03/15 14:20:13.640569, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 789 - private_data=0x5602b6046000 >[2019/03/15 14:20:13.640670, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:770(regdb_init) > regdb_init: registry db openend. refcount reset (1) >[2019/03/15 14:20:13.640727, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:70(reghook_cache_init) > reghook_cache_init: new tree with default ops 0x7f414bf90000 for key [] >[2019/03/15 14:20:13.640975, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2019/03/15 14:20:13.641031, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] >[2019/03/15 14:20:13.641064, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:13.641103, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] >[2019/03/15 14:20:13.641128, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.641167, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2019/03/15 14:20:13.641195, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.641219, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.641254, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2019/03/15 14:20:13.641283, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.641322, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de214c0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] >[2019/03/15 14:20:13.641346, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641370, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree >[2019/03/15 14:20:13.641392, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.641413, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:13.641435, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641460, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree >[2019/03/15 14:20:13.641481, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.641501, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2019/03/15 14:20:13.641523, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641546, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree >[2019/03/15 14:20:13.641568, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.641594, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation] >[2019/03/15 14:20:13.641617, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641645, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation] to tree >[2019/03/15 14:20:13.641667, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.641688, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de21520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2019/03/15 14:20:13.641709, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641744, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree >[2019/03/15 14:20:13.641791, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.641817, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414bf903c0 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2019/03/15 14:20:13.641839, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641869, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2019/03/15 14:20:13.641891, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.641914, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de21580 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2019/03/15 14:20:13.641937, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.641962, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree >[2019/03/15 14:20:13.641987, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.642010, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de215e0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2019/03/15 14:20:13.642033, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.642057, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree >[2019/03/15 14:20:13.642080, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.642102, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de21640 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >[2019/03/15 14:20:13.642125, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.642150, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree >[2019/03/15 14:20:13.642172, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.642199, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de216a0 for key [\HKPT] >[2019/03/15 14:20:13.642221, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.642244, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKPT] to tree >[2019/03/15 14:20:13.642266, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.642294, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:13.642320, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.642346, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree >[2019/03/15 14:20:13.642370, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.642396, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f414de21760 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2019/03/15 14:20:13.642423, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2019/03/15 14:20:13.642449, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree >[2019/03/15 14:20:13.642473, 8, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2019/03/15 14:20:13.642498, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (1->0) >[2019/03/15 14:20:13.642676, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:1084(auth3_session_info_create) > Could not convert SID S-1-5-18 to gid, ignoring it >[2019/03/15 14:20:13.642719, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (1): > SID[ 0]: S-1-5-18 > Privileges (0xFFFFFFFFFFFFFFFF): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2019/03/15 14:20:13.642917, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 10005 > Primary group is 202 and contains 1 supplementary groups > Group[ 0]: 202 >[2019/03/15 14:20:13.642972, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user nobody >[2019/03/15 14:20:13.642997, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2019/03/15 14:20:13.643446, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2019/03/15 14:20:13.643509, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user SONESERVER\nobody >[2019/03/15 14:20:13.643535, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is soneserver\nobody >[2019/03/15 14:20:13.643717, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:128(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is SONESERVER\nobody >[2019/03/15 14:20:13.643809, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:141(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is SONESERVER\NOBODY >[2019/03/15 14:20:13.643858, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:153(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in soneserver\nobody >[2019/03/15 14:20:13.643875, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [SONESERVER\nobody]! >[2019/03/15 14:20:13.643890, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user nobody >[2019/03/15 14:20:13.643905, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2019/03/15 14:20:13.643922, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2019/03/15 14:20:13.643949, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:319(create_local_nt_token_from_info3) > Create local NT token for nobody >[2019/03/15 14:20:13.643968, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user nobody >[2019/03/15 14:20:13.643983, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2019/03/15 14:20:13.643999, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2019/03/15 14:20:13.644029, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) > sys_getgrouplist: user [nobody] >[2019/03/15 14:20:13.644224, 5, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:72(gencache_init) > Opening cache file at /tmp/gencache.tdb >[2019/03/15 14:20:13.644277, 5, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:100(gencache_init) > Opening cache file at /tmp/gencache_notrans.tdb >[2019/03/15 14:20:13.644960, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 99 -> sid S-1-22-2-99 >[2019/03/15 14:20:13.644998, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645021, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645041, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645056, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.645071, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.645113, 3, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:681(finalize_local_nt_token) > Failed to fetch domain sid for WORKGROUP >[2019/03/15 14:20:13.645145, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645263, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645292, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645312, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645331, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.645351, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.645402, 10, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1562(pdb_default_sid_to_id) > Could not find map for sid S-1-5-32-544 >[2019/03/15 14:20:13.645459, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/pdb_util.c:158(create_builtin_administrators) > create_builtin_administrators: Failed to create Administrators >[2019/03/15 14:20:13.645494, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645531, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645555, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645576, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645596, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.645616, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.645657, 10, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1562(pdb_default_sid_to_id) > Could not find map for sid S-1-5-32-545 >[2019/03/15 14:20:13.645686, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/pdb_util.c:128(create_builtin_users) > create_builtin_users: Failed to create Users >[2019/03/15 14:20:13.645714, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645741, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645765, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.645801, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.645823, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.645848, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.645963, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.646049, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1617874422-3509600710-549232689-501] >[2019/03/15 14:20:13.646083, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1617874422-3509600710-549232689-514] >[2019/03/15 14:20:13.646115, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-99] >[2019/03/15 14:20:13.646147, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:176(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2019/03/15 14:20:13.646182, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2019/03/15 14:20:13.646214, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-32-546] >[2019/03/15 14:20:13.646267, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-501]: value=[99:U] >[2019/03/15 14:20:13.646294, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-501]: id=[99], endptr=[:U] >[2019/03/15 14:20:13.646327, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-514] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656013 seconds in the past) >[2019/03/15 14:20:13.646441, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:640(gencache_stabilize) > Could not get allrecord lock on gencache_notrans.tdb: Locking error >[2019/03/15 14:20:13.646493, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-1-0] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656013 seconds in the past) >[2019/03/15 14:20:13.646562, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:640(gencache_stabilize) > Could not get allrecord lock on gencache_notrans.tdb: Locking error >[2019/03/15 14:20:13.646594, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-2] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656013 seconds in the past) >[2019/03/15 14:20:13.646650, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:640(gencache_stabilize) > Could not get allrecord lock on gencache_notrans.tdb: Locking error >[2019/03/15 14:20:13.646679, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-32-546] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656013 seconds in the past) >[2019/03/15 14:20:13.646732, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:640(gencache_stabilize) > Could not get allrecord lock on gencache_notrans.tdb: Locking error >[2019/03/15 14:20:13.646790, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1395(sids_to_unixids) > wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE >[2019/03/15 14:20:13.646815, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.646833, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.646848, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.646863, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.646878, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.646904, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 514. >[2019/03/15 14:20:13.646925, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:13.646942, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.646957, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:13.646971, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.646986, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647058, 4, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_tdb.c:558(tdbsam_open) > tdbsam_open: successfully opened /tmp/passdb.tdb >[2019/03/15 14:20:13.647088, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. >[2019/03/15 14:20:13.647119, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647137, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1824(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2019/03/15 14:20:13.647152, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1534(pdb_default_sid_to_id) > SID S-1-5-21-1617874422-3509600710-549232689-514 belongs to our domain, but there is no corresponding object in the database. >[2019/03/15 14:20:13.647175, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647192, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-21-1617874422-3509600710-549232689-514 >[2019/03/15 14:20:13.647212, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647228, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647247, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647262, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.647276, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647301, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 514. >[2019/03/15 14:20:13.647318, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:13.647335, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647349, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:13.647363, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.647378, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647406, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. >[2019/03/15 14:20:13.647432, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647449, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1824(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2019/03/15 14:20:13.647463, 5, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1534(pdb_default_sid_to_id) > SID S-1-5-21-1617874422-3509600710-549232689-514 belongs to our domain, but there is no corresponding object in the database. >[2019/03/15 14:20:13.647485, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647501, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-21-1617874422-3509600710-549232689-514 >[2019/03/15 14:20:13.647518, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647535, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647549, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647564, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.647578, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647607, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647627, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-1-0 >[2019/03/15 14:20:13.647644, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647660, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647675, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647689, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.647703, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647732, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647748, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-1-0 >[2019/03/15 14:20:13.647765, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647795, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647810, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647824, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.647838, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647868, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647884, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-2 >[2019/03/15 14:20:13.647901, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647917, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.647932, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.647946, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.647960, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.647988, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648005, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-2 >[2019/03/15 14:20:13.648025, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648041, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648056, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648070, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.648102, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.648147, 10, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1562(pdb_default_sid_to_id) > Could not find map for sid S-1-5-32-546 >[2019/03/15 14:20:13.648175, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648191, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-32-546 >[2019/03/15 14:20:13.648208, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648225, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648240, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648254, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.648268, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.648297, 10, pid=11836, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1562(pdb_default_sid_to_id) > Could not find map for sid S-1-5-32-546 >[2019/03/15 14:20:13.648318, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648334, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-32-546 >[2019/03/15 14:20:13.648350, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-5-21-1617874422-3509600710-549232689-514 to gid, ignoring it >[2019/03/15 14:20:13.648367, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2019/03/15 14:20:13.648382, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2019/03/15 14:20:13.648397, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-5-32-546 to gid, ignoring it >[2019/03/15 14:20:13.648414, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1617874422-3509600710-549232689-501 > SID[ 1]: S-1-5-21-1617874422-3509600710-549232689-514 > SID[ 2]: S-1-22-2-99 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-99 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:13.648475, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 99 > Primary group is 99 and contains 1 supplementary groups > Group[ 0]: 99 >[2019/03/15 14:20:13.648504, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user nobody >[2019/03/15 14:20:13.648520, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2019/03/15 14:20:13.648537, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2019/03/15 14:20:13.648578, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-7] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656013 seconds in the past) >[2019/03/15 14:20:13.648648, 10, pid=11836, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:640(gencache_stabilize) > Could not get allrecord lock on gencache_notrans.tdb: Locking error >[2019/03/15 14:20:13.648679, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1395(sids_to_unixids) > wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE >[2019/03/15 14:20:13.648697, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648714, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648729, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648743, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.648758, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.648798, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648815, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-7 >[2019/03/15 14:20:13.648833, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648849, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648864, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648878, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.648893, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.648921, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648941, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-7 >[2019/03/15 14:20:13.648958, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.648975, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.648989, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649004, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.649018, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.649046, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649062, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-1-0 >[2019/03/15 14:20:13.649079, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649096, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649110, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649125, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.649139, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.649167, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649183, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-1-0 >[2019/03/15 14:20:13.649200, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649216, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649231, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649245, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.649260, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.649288, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649304, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-2 >[2019/03/15 14:20:13.649324, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649341, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649355, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.649370, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.649384, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.649412, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.649428, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-2 >[2019/03/15 14:20:13.649481, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:1084(auth3_session_info_create) > Could not convert SID S-1-5-7 to gid, ignoring it >[2019/03/15 14:20:13.649500, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:1084(auth3_session_info_create) > Could not convert SID S-1-1-0 to gid, ignoring it >[2019/03/15 14:20:13.649516, 10, pid=11836, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:1084(auth3_session_info_create) > Could not convert SID S-1-5-2 to gid, ignoring it >[2019/03/15 14:20:13.649544, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) > sys_getgrouplist: user [nobody] >[2019/03/15 14:20:13.649661, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (5): > SID[ 0]: S-1-5-7 > SID[ 1]: S-1-1-0 > SID[ 2]: S-1-5-2 > SID[ 3]: S-1-22-1-99 > SID[ 4]: S-1-22-2-99 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:13.649709, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 99 > Primary group is 99 and contains 1 supplementary groups > Group[ 0]: 99 >[2019/03/15 14:20:13.649745, 3, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/util.c:1441(set_maxfiles) > set_maxfiles: setrlimit for RLIMIT_NOFILE for 16424 max files failed with error Operation not permitted >[2019/03/15 14:20:13.649778, 1, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/files.c:218(file_init_global) > file_init_global: Information only: requested 16384 open files, 4056 are available. >[2019/03/15 14:20:13.650158, 3, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg) > Initialise the svcctl registry keys if needed. >[2019/03/15 14:20:13.650185, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.650203, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.650218, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.650233, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.650248, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.650328, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.650356, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:887(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2019/03/15 14:20:13.650504, 4, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:220(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2019/03/15 14:20:13.650534, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2019/03/15 14:20:13.650550, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2019/03/15 14:20:13.650620, 4, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2019/03/15 14:20:13.650678, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:13.650762, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2019/03/15 14:20:13.650800, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (1->2) >[2019/03/15 14:20:13.650829, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2019/03/15 14:20:13.650855, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2019/03/15 14:20:13.650873, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.650888, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM] >[2019/03/15 14:20:13.650943, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.650983, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > result : WERR_OK >[2019/03/15 14:20:13.651108, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > keyname: struct winreg_String > name_len : 0x0044 (68) > name_size : 0x0044 (68) > name : * > name : 'SYSTEM\CurrentControlSet\Services' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:13.651249, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.651300, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.651324, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (2->3) >[2019/03/15 14:20:13.651342, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.651357, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.651373, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.651387, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.651415, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.651442, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.651467, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.651490, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.651514, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.651533, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.651575, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.651599, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.651621, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.651642, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.651665, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.651685, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.651727, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.651750, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.651794, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.651848, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > result : WERR_OK >[2019/03/15 14:20:13.651970, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2019/03/15 14:20:13.652074, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.652132, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.652156, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.652192, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:2090(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.652232, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000007 (7) > max_subkeylen : * > max_subkeylen : 0x0000001c (28) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.652452, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.652619, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.652671, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.652698, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001a (26) > size : 0x001e (30) > name : * > name : 'LanmanServer' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.652888, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.653066, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.653120, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.653148, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Eventlog' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.653322, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.653499, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.653554, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.653581, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000c (12) > size : 0x001e (30) > name : * > name : 'Tcpip' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.653749, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.653929, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.653982, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.654011, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Netlogon' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.654179, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.654341, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.654393, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.654417, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0010 (16) > size : 0x001e (30) > name : * > name : 'Spooler' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.654573, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.654739, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.654811, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.654840, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001e (30) > size : 0x001e (30) > name : * > name : 'RemoteRegistry' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.655024, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2019/03/15 14:20:13.655206, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.655268, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:422(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.655294, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000a (10) > size : 0x001e (30) > name : * > name : 'WINS' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.655485, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0054 (84) > name_size : 0x0054 (84) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2019/03/15 14:20:13.655738, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.655826, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' >[2019/03/15 14:20:13.655853, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.655884, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.655908, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.655931, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.655954, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.655975, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.655997, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.656017, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.656054, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.656077, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.656099, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.656122, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.656143, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.656165, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.656186, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.656220, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.656245, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.656266, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.656289, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.656312, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.656333, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.656367, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.656388, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.656431, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.656455, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2019/03/15 14:20:13.656478, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.656505, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.656530, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.656556, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.656578, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.656614, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.656644, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.656695, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.656851, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.657022, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.657085, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] >[2019/03/15 14:20:13.657114, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.657138, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.657163, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.657196, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2019/03/15 14:20:13.657222, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2019/03/15 14:20:13.657244, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.657266, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2019/03/15 14:20:13.657289, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[28] >[2019/03/15 14:20:13.657311, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2019/03/15 14:20:13.657333, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[106] >[2019/03/15 14:20:13.657356, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.657429, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.657589, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.657640, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] >[2019/03/15 14:20:13.657665, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.657691, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.657756, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.657922, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.657975, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] >[2019/03/15 14:20:13.657999, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.658023, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.658106, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2019/03/15 14:20:13.658374, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.658408, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] >[2019/03/15 14:20:13.658425, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.658443, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.658528, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(28) > [0] : 0x50 (80) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x53 (83) > [13] : 0x00 (0) > [14] : 0x70 (112) > [15] : 0x00 (0) > [16] : 0x6f (111) > [17] : 0x00 (0) > [18] : 0x6f (111) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > size : 0x0000001c (28) >[2019/03/15 14:20:13.658902, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.658956, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] >[2019/03/15 14:20:13.658984, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.659010, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.659083, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2019/03/15 14:20:13.659489, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.659523, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] >[2019/03/15 14:20:13.659541, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.659558, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.659607, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(106) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x66 (102) > [35] : 0x00 (0) > [36] : 0x6f (111) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x20 (32) > [41] : 0x00 (0) > [42] : 0x73 (115) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x6f (111) > [47] : 0x00 (0) > [48] : 0x6f (111) > [49] : 0x00 (0) > [50] : 0x6c (108) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x6e (110) > [55] : 0x00 (0) > [56] : 0x67 (103) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x66 (102) > [61] : 0x00 (0) > [62] : 0x69 (105) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x65 (101) > [67] : 0x00 (0) > [68] : 0x73 (115) > [69] : 0x00 (0) > [70] : 0x20 (32) > [71] : 0x00 (0) > [72] : 0x74 (116) > [73] : 0x00 (0) > [74] : 0x6f (111) > [75] : 0x00 (0) > [76] : 0x20 (32) > [77] : 0x00 (0) > [78] : 0x70 (112) > [79] : 0x00 (0) > [80] : 0x72 (114) > [81] : 0x00 (0) > [82] : 0x69 (105) > [83] : 0x00 (0) > [84] : 0x6e (110) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x64 (100) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x76 (118) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x73 (115) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > size : 0x0000006a (106) >[2019/03/15 14:20:13.660257, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.660292, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] >[2019/03/15 14:20:13.660309, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.660327, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.660384, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.660435, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.660467, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.660497, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.660513, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.660529, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.660596, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0066 (102) > name_size : 0x0066 (102) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2019/03/15 14:20:13.660775, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.660809, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' >[2019/03/15 14:20:13.660831, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.660848, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.660863, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.660879, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.660896, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.660911, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.660926, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.660941, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.660967, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.660983, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.660998, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.661014, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.661029, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.661045, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.661059, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.661087, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.661104, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.661119, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.661135, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.661150, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.661168, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.661184, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.661199, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.661227, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.661244, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.661259, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2019/03/15 14:20:13.661275, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.661291, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.661305, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.661322, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.661336, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2019/03/15 14:20:13.661358, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.661374, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2019/03/15 14:20:13.661389, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.661405, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2019/03/15 14:20:13.661420, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2019/03/15 14:20:13.661436, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.661450, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2019/03/15 14:20:13.661471, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.661491, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.661523, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.661613, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2019/03/15 14:20:13.662530, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.662588, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] >[2019/03/15 14:20:13.662615, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.662637, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.662660, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2019/03/15 14:20:13.662692, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2019/03/15 14:20:13.662718, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.662794, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.662867, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.662918, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.662967, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.662990, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.663013, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.663121, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2019/03/15 14:20:13.663385, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.663436, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' >[2019/03/15 14:20:13.663463, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.663489, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.663514, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.663538, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.663563, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.663586, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.663615, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.663637, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.663675, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.663701, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.663723, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.663747, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.663781, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.663806, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.663828, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.663867, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.663893, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.663919, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.663936, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.663953, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.663968, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.663984, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.663998, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.664034, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.664051, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2019/03/15 14:20:13.664067, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.664087, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.664102, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.664119, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.664133, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.664162, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.664179, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.664211, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.664294, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.664402, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.664434, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] >[2019/03/15 14:20:13.664451, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.664466, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.664486, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.664507, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2019/03/15 14:20:13.664525, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2019/03/15 14:20:13.664541, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.664557, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2019/03/15 14:20:13.664578, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[20] >[2019/03/15 14:20:13.664601, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2019/03/15 14:20:13.664618, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[164] >[2019/03/15 14:20:13.664635, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.664683, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.664803, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.664836, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] >[2019/03/15 14:20:13.664853, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.664875, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.664919, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.665024, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.665055, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] >[2019/03/15 14:20:13.665071, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.665094, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.665137, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2019/03/15 14:20:13.665342, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.665373, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] >[2019/03/15 14:20:13.665390, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.665406, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.665451, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(20) > [0] : 0x4e (78) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x20 (32) > [7] : 0x00 (0) > [8] : 0x4c (76) > [9] : 0x00 (0) > [10] : 0x6f (111) > [11] : 0x00 (0) > [12] : 0x67 (103) > [13] : 0x00 (0) > [14] : 0x6f (111) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : 0x00000014 (20) >[2019/03/15 14:20:13.665668, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.665730, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] >[2019/03/15 14:20:13.665755, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.665794, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.665863, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2019/03/15 14:20:13.666402, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.666456, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] >[2019/03/15 14:20:13.666481, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.666506, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.666579, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(164) > [0] : 0x46 (70) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6c (108) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x73 (115) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x76 (118) > [17] : 0x00 (0) > [18] : 0x69 (105) > [19] : 0x00 (0) > [20] : 0x63 (99) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x20 (32) > [25] : 0x00 (0) > [26] : 0x70 (112) > [27] : 0x00 (0) > [28] : 0x72 (114) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x69 (105) > [35] : 0x00 (0) > [36] : 0x64 (100) > [37] : 0x00 (0) > [38] : 0x69 (105) > [39] : 0x00 (0) > [40] : 0x6e (110) > [41] : 0x00 (0) > [42] : 0x67 (103) > [43] : 0x00 (0) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x61 (97) > [47] : 0x00 (0) > [48] : 0x63 (99) > [49] : 0x00 (0) > [50] : 0x63 (99) > [51] : 0x00 (0) > [52] : 0x65 (101) > [53] : 0x00 (0) > [54] : 0x73 (115) > [55] : 0x00 (0) > [56] : 0x73 (115) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x74 (116) > [61] : 0x00 (0) > [62] : 0x6f (111) > [63] : 0x00 (0) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x70 (112) > [67] : 0x00 (0) > [68] : 0x6f (111) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x69 (105) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x79 (121) > [77] : 0x00 (0) > [78] : 0x20 (32) > [79] : 0x00 (0) > [80] : 0x61 (97) > [81] : 0x00 (0) > [82] : 0x6e (110) > [83] : 0x00 (0) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x70 (112) > [89] : 0x00 (0) > [90] : 0x72 (114) > [91] : 0x00 (0) > [92] : 0x6f (111) > [93] : 0x00 (0) > [94] : 0x66 (102) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6c (108) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x64 (100) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x74 (116) > [109] : 0x00 (0) > [110] : 0x61 (97) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x28 (40) > [115] : 0x00 (0) > [116] : 0x6e (110) > [117] : 0x00 (0) > [118] : 0x6f (111) > [119] : 0x00 (0) > [120] : 0x74 (116) > [121] : 0x00 (0) > [122] : 0x72 (114) > [123] : 0x00 (0) > [124] : 0x65 (101) > [125] : 0x00 (0) > [126] : 0x6d (109) > [127] : 0x00 (0) > [128] : 0x6f (111) > [129] : 0x00 (0) > [130] : 0x74 (116) > [131] : 0x00 (0) > [132] : 0x65 (101) > [133] : 0x00 (0) > [134] : 0x6c (108) > [135] : 0x00 (0) > [136] : 0x79 (121) > [137] : 0x00 (0) > [138] : 0x20 (32) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x61 (97) > [143] : 0x00 (0) > [144] : 0x6e (110) > [145] : 0x00 (0) > [146] : 0x61 (97) > [147] : 0x00 (0) > [148] : 0x67 (103) > [149] : 0x00 (0) > [150] : 0x65 (101) > [151] : 0x00 (0) > [152] : 0x61 (97) > [153] : 0x00 (0) > [154] : 0x62 (98) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x65 (101) > [159] : 0x00 (0) > [160] : 0x29 (41) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > size : 0x000000a4 (164) >[2019/03/15 14:20:13.667907, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.667964, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] >[2019/03/15 14:20:13.667989, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.668015, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.668094, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.668160, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.668210, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.668260, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.668284, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.668306, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.668400, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0068 (104) > name_size : 0x0068 (104) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2019/03/15 14:20:13.668649, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.668700, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' >[2019/03/15 14:20:13.668730, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.668755, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.668790, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.668815, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.668843, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.668866, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.668891, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.668912, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.668942, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.668958, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.668980, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.668997, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.669012, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.669028, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.669042, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.669066, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.669083, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.669098, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.669113, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.669129, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.669144, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.669160, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.669174, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.669203, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.669220, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.669235, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2019/03/15 14:20:13.669250, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.669266, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.669281, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.669300, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.669334, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2019/03/15 14:20:13.669379, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.669406, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2019/03/15 14:20:13.669429, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.669452, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2019/03/15 14:20:13.669474, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2019/03/15 14:20:13.669498, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.669517, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2019/03/15 14:20:13.669547, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.669570, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.669620, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.669741, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2019/03/15 14:20:13.670758, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.670859, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] >[2019/03/15 14:20:13.670890, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.670916, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.670942, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2019/03/15 14:20:13.670977, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2019/03/15 14:20:13.671014, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.671086, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.671155, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.671209, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.671261, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.671285, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.671308, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.671414, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0062 (98) > name_size : 0x0062 (98) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2019/03/15 14:20:13.671646, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.671681, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' >[2019/03/15 14:20:13.671699, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.671715, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.671730, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.671746, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.671763, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.671791, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.671808, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.671822, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.671848, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.671864, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.671880, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.671896, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.671911, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.671927, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.671941, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.671976, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.671995, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.672015, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.672031, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.672047, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.672062, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.672079, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.672093, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.672122, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.672139, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2019/03/15 14:20:13.672154, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.672170, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.672185, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.672201, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.672215, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.672237, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.672254, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.672286, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.672369, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.672479, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.672512, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] >[2019/03/15 14:20:13.672528, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.672544, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.672560, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.672581, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2019/03/15 14:20:13.672598, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2019/03/15 14:20:13.672614, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.672629, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2019/03/15 14:20:13.672645, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[48] >[2019/03/15 14:20:13.672661, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2019/03/15 14:20:13.672677, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[126] >[2019/03/15 14:20:13.672693, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.672742, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.672859, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.672892, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] >[2019/03/15 14:20:13.672908, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.672925, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.672967, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.673071, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.673109, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] >[2019/03/15 14:20:13.673130, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.673147, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.673191, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2019/03/15 14:20:13.673391, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.673422, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] >[2019/03/15 14:20:13.673439, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.673455, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.673499, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(48) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x6f (111) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x20 (32) > [13] : 0x00 (0) > [14] : 0x52 (82) > [15] : 0x00 (0) > [16] : 0x65 (101) > [17] : 0x00 (0) > [18] : 0x67 (103) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x74 (116) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x79 (121) > [29] : 0x00 (0) > [30] : 0x20 (32) > [31] : 0x00 (0) > [32] : 0x53 (83) > [33] : 0x00 (0) > [34] : 0x65 (101) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x76 (118) > [39] : 0x00 (0) > [40] : 0x69 (105) > [41] : 0x00 (0) > [42] : 0x63 (99) > [43] : 0x00 (0) > [44] : 0x65 (101) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > size : 0x00000030 (48) >[2019/03/15 14:20:13.673825, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.673857, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] >[2019/03/15 14:20:13.673878, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.673896, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.673939, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2019/03/15 14:20:13.674301, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.674333, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] >[2019/03/15 14:20:13.674349, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.674365, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.674412, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(126) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x72 (114) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x6d (109) > [59] : 0x00 (0) > [60] : 0x6f (111) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x65 (101) > [65] : 0x00 (0) > [66] : 0x20 (32) > [67] : 0x00 (0) > [68] : 0x61 (97) > [69] : 0x00 (0) > [70] : 0x63 (99) > [71] : 0x00 (0) > [72] : 0x63 (99) > [73] : 0x00 (0) > [74] : 0x65 (101) > [75] : 0x00 (0) > [76] : 0x73 (115) > [77] : 0x00 (0) > [78] : 0x73 (115) > [79] : 0x00 (0) > [80] : 0x20 (32) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x6f (111) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x74 (116) > [89] : 0x00 (0) > [90] : 0x68 (104) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x20 (32) > [95] : 0x00 (0) > [96] : 0x53 (83) > [97] : 0x00 (0) > [98] : 0x61 (97) > [99] : 0x00 (0) > [100] : 0x6d (109) > [101] : 0x00 (0) > [102] : 0x62 (98) > [103] : 0x00 (0) > [104] : 0x61 (97) > [105] : 0x00 (0) > [106] : 0x20 (32) > [107] : 0x00 (0) > [108] : 0x72 (114) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x67 (103) > [113] : 0x00 (0) > [114] : 0x69 (105) > [115] : 0x00 (0) > [116] : 0x73 (115) > [117] : 0x00 (0) > [118] : 0x74 (116) > [119] : 0x00 (0) > [120] : 0x72 (114) > [121] : 0x00 (0) > [122] : 0x79 (121) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > size : 0x0000007e (126) >[2019/03/15 14:20:13.675326, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.675381, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] >[2019/03/15 14:20:13.675409, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.675435, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.675503, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.675566, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.675616, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.675673, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.675698, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.675722, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.675838, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0074 (116) > name_size : 0x0074 (116) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2019/03/15 14:20:13.676093, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.676150, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' >[2019/03/15 14:20:13.676180, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.676207, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.676233, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.676265, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.676295, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.676319, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.676346, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.676368, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.676407, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.676431, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.676454, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.676479, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.676502, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.676526, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.676547, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.676584, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.676611, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.676634, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.676657, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.676684, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.676702, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.676718, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.676733, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.676784, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.676804, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.676820, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2019/03/15 14:20:13.676835, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.676852, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.676874, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.676897, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.676912, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2019/03/15 14:20:13.676936, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.676952, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2019/03/15 14:20:13.676968, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.676984, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2019/03/15 14:20:13.676999, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2019/03/15 14:20:13.677015, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.677029, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2019/03/15 14:20:13.677049, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.677066, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.677098, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.677191, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2019/03/15 14:20:13.678111, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.678166, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] >[2019/03/15 14:20:13.678191, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.678214, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.678239, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2019/03/15 14:20:13.678274, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2019/03/15 14:20:13.678301, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.678374, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.678448, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.678505, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.678556, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.678581, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.678607, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.678684, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x004e (78) > name_size : 0x004e (78) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2019/03/15 14:20:13.678871, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.678904, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' >[2019/03/15 14:20:13.678922, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.678938, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.678953, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.678969, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.678986, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.679001, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.679016, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.679030, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.679056, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.679077, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.679101, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.679125, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.679141, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.679157, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.679172, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.679197, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.679214, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.679229, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.679244, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.679260, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.679275, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.679290, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.679304, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.679332, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.679348, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2019/03/15 14:20:13.679364, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.679380, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.679394, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.679410, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.679429, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.679451, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.679467, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.679499, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.679579, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.679710, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.679744, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] >[2019/03/15 14:20:13.679762, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.679789, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.679805, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.679827, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2019/03/15 14:20:13.679850, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2019/03/15 14:20:13.679866, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.679882, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2019/03/15 14:20:13.679897, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[74] >[2019/03/15 14:20:13.679913, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2019/03/15 14:20:13.679929, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[178] >[2019/03/15 14:20:13.679946, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.679995, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.680109, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.680157, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] >[2019/03/15 14:20:13.680176, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.680193, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.680241, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2019/03/15 14:20:13.680352, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.680393, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] >[2019/03/15 14:20:13.680415, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.680436, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.680493, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2019/03/15 14:20:13.680699, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.680731, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] >[2019/03/15 14:20:13.680747, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.680764, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.680826, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(74) > [0] : 0x57 (87) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x64 (100) > [7] : 0x00 (0) > [8] : 0x6f (111) > [9] : 0x00 (0) > [10] : 0x77 (119) > [11] : 0x00 (0) > [12] : 0x73 (115) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x49 (73) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x6e (110) > [27] : 0x00 (0) > [28] : 0x65 (101) > [29] : 0x00 (0) > [30] : 0x74 (116) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x4e (78) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x6d (109) > [39] : 0x00 (0) > [40] : 0x65 (101) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x53 (83) > [45] : 0x00 (0) > [46] : 0x65 (101) > [47] : 0x00 (0) > [48] : 0x72 (114) > [49] : 0x00 (0) > [50] : 0x76 (118) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x63 (99) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x28 (40) > [61] : 0x00 (0) > [62] : 0x57 (87) > [63] : 0x00 (0) > [64] : 0x49 (73) > [65] : 0x00 (0) > [66] : 0x4e (78) > [67] : 0x00 (0) > [68] : 0x53 (83) > [69] : 0x00 (0) > [70] : 0x29 (41) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > size : 0x0000004a (74) >[2019/03/15 14:20:13.681274, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.681307, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] >[2019/03/15 14:20:13.681323, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.681340, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.681382, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2019/03/15 14:20:13.681777, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.681815, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] >[2019/03/15 14:20:13.681833, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.681850, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.681896, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(178) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x61 (97) > [55] : 0x00 (0) > [56] : 0x20 (32) > [57] : 0x00 (0) > [58] : 0x4e (78) > [59] : 0x00 (0) > [60] : 0x65 (101) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x42 (66) > [65] : 0x00 (0) > [66] : 0x49 (73) > [67] : 0x00 (0) > [68] : 0x4f (79) > [69] : 0x00 (0) > [70] : 0x53 (83) > [71] : 0x00 (0) > [72] : 0x20 (32) > [73] : 0x00 (0) > [74] : 0x70 (112) > [75] : 0x00 (0) > [76] : 0x6f (111) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x6e (110) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2d (45) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x6f (111) > [89] : 0x00 (0) > [90] : 0x2d (45) > [91] : 0x00 (0) > [92] : 0x70 (112) > [93] : 0x00 (0) > [94] : 0x6f (111) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6e (110) > [99] : 0x00 (0) > [100] : 0x74 (116) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x6e (110) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x6d (109) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x73 (115) > [115] : 0x00 (0) > [116] : 0x65 (101) > [117] : 0x00 (0) > [118] : 0x72 (114) > [119] : 0x00 (0) > [120] : 0x76 (118) > [121] : 0x00 (0) > [122] : 0x65 (101) > [123] : 0x00 (0) > [124] : 0x72 (114) > [125] : 0x00 (0) > [126] : 0x28 (40) > [127] : 0x00 (0) > [128] : 0x6e (110) > [129] : 0x00 (0) > [130] : 0x6f (111) > [131] : 0x00 (0) > [132] : 0x74 (116) > [133] : 0x00 (0) > [134] : 0x20 (32) > [135] : 0x00 (0) > [136] : 0x72 (114) > [137] : 0x00 (0) > [138] : 0x65 (101) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x6f (111) > [143] : 0x00 (0) > [144] : 0x74 (116) > [145] : 0x00 (0) > [146] : 0x65 (101) > [147] : 0x00 (0) > [148] : 0x6c (108) > [149] : 0x00 (0) > [150] : 0x79 (121) > [151] : 0x00 (0) > [152] : 0x20 (32) > [153] : 0x00 (0) > [154] : 0x6d (109) > [155] : 0x00 (0) > [156] : 0x61 (97) > [157] : 0x00 (0) > [158] : 0x6e (110) > [159] : 0x00 (0) > [160] : 0x61 (97) > [161] : 0x00 (0) > [162] : 0x67 (103) > [163] : 0x00 (0) > [164] : 0x65 (101) > [165] : 0x00 (0) > [166] : 0x61 (97) > [167] : 0x00 (0) > [168] : 0x62 (98) > [169] : 0x00 (0) > [170] : 0x6c (108) > [171] : 0x00 (0) > [172] : 0x65 (101) > [173] : 0x00 (0) > [174] : 0x29 (41) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > size : 0x000000b2 (178) >[2019/03/15 14:20:13.682842, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.682878, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] >[2019/03/15 14:20:13.682894, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.682911, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.682955, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.683002, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.683057, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.683107, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.683131, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.683149, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.683251, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0060 (96) > name_size : 0x0060 (96) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2019/03/15 14:20:13.683505, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.683559, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' >[2019/03/15 14:20:13.683583, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.683605, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.683626, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.683648, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.683670, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.683690, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.683710, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.683728, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.683764, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.683805, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.683828, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.683850, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.683871, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.683893, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.683919, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.683961, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.683986, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.684007, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.684028, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.684051, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.684072, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.684104, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.684124, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.684167, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.684192, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 2 >[2019/03/15 14:20:13.684214, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2019/03/15 14:20:13.684236, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.684258, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.684279, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.684302, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.684321, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2019/03/15 14:20:13.684353, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.684377, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2019/03/15 14:20:13.684402, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.684424, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2019/03/15 14:20:13.684447, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2019/03/15 14:20:13.684472, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.684494, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2019/03/15 14:20:13.684529, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.684558, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.684615, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-8b5c-8da63c2e0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2019/03/15 14:20:13.684754, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-8b5c-8da63c2e0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2019/03/15 14:20:13.685581, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.685618, 8, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] >[2019/03/15 14:20:13.685636, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) > tdb(/tmp/registry.tdb): tdb_transaction_start: nesting 1 >[2019/03/15 14:20:13.685652, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.685668, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2019/03/15 14:20:13.685690, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2019/03/15 14:20:13.685708, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2019/03/15 14:20:13.685756, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.685817, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.685850, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.685880, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.685896, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.685915, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.686003, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.686060, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.686093, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.686130, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.686152, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (3->2) >[2019/03/15 14:20:13.686168, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.686229, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (2->1) >[2019/03/15 14:20:13.686253, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (1->0) >[2019/03/15 14:20:13.686290, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2019/03/15 14:20:13.686356, 3, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) > Initialise the eventlog registry keys if needed. >[2019/03/15 14:20:13.686394, 4, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:220(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2019/03/15 14:20:13.686413, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2019/03/15 14:20:13.686428, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2019/03/15 14:20:13.686470, 4, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2019/03/15 14:20:13.686499, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:13.686568, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2019/03/15 14:20:13.686592, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.686610, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.686626, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:13.686641, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:13.686656, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:13.686733, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:13.686752, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:887(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2019/03/15 14:20:13.686781, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2019/03/15 14:20:13.686798, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2019/03/15 14:20:13.686813, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.686832, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM] >[2019/03/15 14:20:13.686869, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.686902, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-8b5c-8da63c2e0000 > result : WERR_OK >[2019/03/15 14:20:13.686973, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-8b5c-8da63c2e0000 > keyname: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Eventlog' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:13.687112, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.687145, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2019/03/15 14:20:13.687161, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (1->2) >[2019/03/15 14:20:13.687177, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2019/03/15 14:20:13.687192, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2019/03/15 14:20:13.687207, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.687221, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM] >[2019/03/15 14:20:13.687255, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2019/03/15 14:20:13.687272, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (2->3) >[2019/03/15 14:20:13.687288, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.687302, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.687318, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.687332, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet] >[2019/03/15 14:20:13.687372, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2019/03/15 14:20:13.687394, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:13.687411, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.687425, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.687442, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.687456, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2019/03/15 14:20:13.687490, 7, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Eventlog] >[2019/03/15 14:20:13.687507, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:13.687522, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.687537, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.687553, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:13.687567, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.687593, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:13.687609, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:13.687629, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (3->2) >[2019/03/15 14:20:13.687645, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.687677, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-8b5c-8da63c2e0000 > result : WERR_OK >[2019/03/15 14:20:13.687746, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-8b5c-8da63c2e0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2019/03/15 14:20:13.687827, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.687861, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7f414bf90000) >[2019/03/15 14:20:13.687877, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.687903, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2019/03/15 14:20:13.687921, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2019/03/15 14:20:13.687937, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:2090(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2019/03/15 14:20:13.687964, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000002 (2) > max_valnamelen : * > max_valnamelen : 0x0000001a (26) > max_valbufsize : * > max_valbufsize : 0x00000014 (20) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:13.688215, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-8b5c-8da63c2e0000 >[2019/03/15 14:20:13.688284, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.688337, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 8B 5C 8D A6 ........ .....\.. > [0010] 3C 2E 00 00 <... >[2019/03/15 14:20:13.688386, 6, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:13.688408, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (2->1) >[2019/03/15 14:20:13.688430, 1, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:13.688508, 10, pid=11836, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (1->0) >[2019/03/15 14:20:13.688543, 10, pid=11836, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2019/03/15 14:20:13.688607, 0, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/become_daemon.c:138(daemon_ready) > daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections >[2019/03/15 14:20:13.689251, 7, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:4229(lp_servicenumber) > lp_servicenumber: couldn't find print$ >[2019/03/15 14:20:13.689290, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/printing/nt_printing.c:92(print_driver_directories_init) > No print$ share has been configured. >[2019/03/15 14:20:13.689342, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 515 - private_data=(nil) >[2019/03/15 14:20:13.689375, 3, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/printing/queue_process.c:327(start_background_queue) > start_background_queue: Starting background LPQ thread >[2019/03/15 14:20:13.690780, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/util_sock.c:410(open_socket_in) > bind succeeded on port 1445 >[2019/03/15 14:20:13.690829, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 >[2019/03/15 14:20:13.690741, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/queue_process.c:363(start_background_queue) > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > start_background_queue: background LPQ thread started > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.690980, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.691151, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/util_sock.c:410(open_socket_in) > bind succeeded on port 1139 >[2019/03/15 14:20:13.691184, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 >[2019/03/15 14:20:13.691224, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > TCP_KEEPIDLE = 7200 > msg_dgm_ref_destructor: refs=(nil) > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.691349, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 >[2019/03/15 14:20:13.691447, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:79(messaging_dgm_ref) > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > messaging_dgm_ref: messaging_dgm_init returned Success >[2019/03/15 14:20:13.691521, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:108(messaging_dgm_ref) >[2019/03/15 14:20:13.691525, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/util_sock.c:410(open_socket_in) > messaging_dgm_ref: unique = 12009780511520966565 > bind succeeded on port 1445 >[2019/03/15 14:20:13.691557, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.691686, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/util_event.c:99(event_add_idle) >[2019/03/15 14:20:13.691696, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > event_add_idle: idle_evt(print_queue_housekeeping) 0x5602b6054a30 > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 >[2019/03/15 14:20:13.691733, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > TCP_KEEPCNT = 9 > Registering messaging pointer for type 33 - private_data=0x5602b60550a0 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 >[2019/03/15 14:20:13.691764, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > SO_REUSEPORT = 1 > Registering messaging pointer for type 517 - private_data=(nil) > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 >[2019/03/15 14:20:13.691807, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:725(messaging_deregister) > SO_RCVTIMEO = 0 > Deregistering messaging pointer for type 515 - private_data=(nil) > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.691835, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 515 - private_data=(nil) >[2019/03/15 14:20:13.691858, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/util_sock.c:410(open_socket_in) > bind succeeded on port 1139 >[2019/03/15 14:20:13.691879, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) >[2019/03/15 14:20:13.691873, 3, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/pcap.c:140(pcap_cache_reload) > Socket options: > SO_KEEPALIVE = 1 > reloading printcap cache > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 >[2019/03/15 14:20:13.691917, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:456(cups_pcap_load_async) > IPTOS_LOWDELAY = 0 > cups_pcap_load_async: asynchronously loading cups printers > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.691991, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:13.692096, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 13 - private_data=(nil) >[2019/03/15 14:20:13.692115, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 33 - private_data=0x5602b603cbe0 >[2019/03/15 14:20:13.692130, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 783 - private_data=(nil) >[2019/03/15 14:20:13.692145, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 1 - private_data=(nil) >[2019/03/15 14:20:13.692161, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:693(messaging_register) > Overriding messaging pointer for type 1 - private_data=(nil) >[2019/03/15 14:20:13.692176, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 770 - private_data=(nil) >[2019/03/15 14:20:13.692196, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 790 - private_data=(nil) >[2019/03/15 14:20:13.692211, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 791 - private_data=(nil) >[2019/03/15 14:20:13.692226, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 15 - private_data=(nil) >[2019/03/15 14:20:13.692240, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 16 - private_data=(nil) >[2019/03/15 14:20:13.692255, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 799 - private_data=(nil) >[2019/03/15 14:20:13.692871, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:473(cups_pcap_load_async) > cups_pcap_load_async: child pid = 11840 >[2019/03/15 14:20:13.692957, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:594(cups_cache_reload) > cups_cache_reload: async read on fd 16 >[2019/03/15 14:20:13.692998, 3, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2019/03/15 14:20:13.693042, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/queue_process.c:417(start_background_queue) > start_background_queue: background LPQ thread waiting for messages >[2019/03/15 14:20:13.693434, 10, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:13.693727, 10, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:79(messaging_dgm_ref) > messaging_dgm_ref: messaging_dgm_init returned Success >[2019/03/15 14:20:13.693810, 10, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:108(messaging_dgm_ref) > messaging_dgm_ref: unique = 8171500987801664945 >[2019/03/15 14:20:13.693853, 5, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:325(cups_cache_reload_async) > reloading cups printcap cache >[2019/03/15 14:20:13.694479, 10, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:137(cups_connect) > connecting to cups server localhost:631 >[2019/03/15 14:20:13.694621, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/avahi_register.c:234(avahi_client_callback) > avahi_client_callback: AVAHI_CLIENT_CONNECTING >[2019/03/15 14:20:13.694690, 1, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) > Failed to fetch record! >[2019/03/15 14:20:13.694729, 2, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/server.c:1381(smbd_parent_loop) > waiting for connections >[2019/03/15 14:20:13.694852, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:400(messaging_recv_cb) > messaging_recv_cb: Received message 0x31f len 0 (num_fds:0) from 11837 >[2019/03/15 14:20:13.694934, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm.c:1430(messaging_dgm_send) > messaging_dgm_send: Sending message to 11838 >[2019/03/15 14:20:13.694993, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm.c:1430(messaging_dgm_send) > messaging_dgm_send: Sending message to 11837 >[2019/03/15 14:20:13.695058, 10, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:400(messaging_recv_cb) > messaging_recv_cb: Received message 0x31f len 0 (num_fds:0) from 11836 >[2019/03/15 14:20:13.695136, 10, pid=11837, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:400(messaging_recv_cb) > messaging_recv_cb: Received message 0x31f len 0 (num_fds:0) from 11836 >[2019/03/15 14:20:13.697945, 3, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:158(cups_connect) > Unable to connect to CUPS server localhost:631 - Transport endpoint is not connected >[2019/03/15 14:20:13.698028, 10, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:178(send_pcap_blob) > successfully sent blob of len 12 >[2019/03/15 14:20:13.698086, 10, pid=11840, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:13.698904, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:520(cups_async_callback) > cups_async_callback: callback received for printer data. fd = 16 >[2019/03/15 14:20:13.698951, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:203(recv_pcap_blob) > successfully recvd blob of len 12 >[2019/03/15 14:20:13.699003, 3, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_cups.c:536(cups_async_callback) > failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL >[2019/03/15 14:20:13.699060, 2, pid=11839, effective(10005, 202), real(10005, 202), class=tevent] ../lib/util/tevent_debug.c:66(samba_tevent_debug) > samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x5602b604f8c0] mpx_fde[(nil)] fd[16] - disabling >[2019/03/15 14:20:13.699110, 6, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/queue_process.c:264(bq_sig_chld_handler) > Bq child process 11840 terminated with 0 >[2019/03/15 14:20:16.450068, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:16.450396, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:79(messaging_dgm_ref) > messaging_dgm_ref: messaging_dgm_init returned Success >[2019/03/15 14:20:16.450457, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:108(messaging_dgm_ref) > messaging_dgm_ref: unique = 4398748257310346907 >[2019/03/15 14:20:16.450742, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_client.c:534(smbXsrv_client_create) >[2019/03/15 14:20:16.450764, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_client.c:542(smbXsrv_client_create) > smbXsrv_client_create: client_guid[00000000-0000-0000-0000-000000000000] stored >[2019/03/15 14:20:16.450831, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &client_blob: struct smbXsrv_clientB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_clientU(case 0) > info0 : * > info0: struct smbXsrv_client > table : * > ev_ctx : * > msg_ctx : * > global : * > global: struct smbXsrv_client_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : NULL > remote_address : NULL > remote_name : NULL > initial_connect_time : Fri Mar 15 14:20:16 2019 CET > client_guid : 00000000-0000-0000-0000-000000000000 > stored : 0x00 (0) > sconn : NULL > session_table : NULL > last_session_id : 0x0000000000000000 (0) > tcon_table : NULL > open_table : NULL > connections : NULL > server_multi_channel_enabled: 0x00 (0) >[2019/03/15 14:20:16.451190, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 46080 > SO_RCVBUF = 369280 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:16.451325, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/util_net.c:1055(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 1 > SO_SNDBUF = 46080 > SO_RCVBUF = 369280 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >[2019/03/15 14:20:16.451542, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/access.c:365(allow_access) > Allowed connection from 131.130.2.200 (131.130.2.200) >[2019/03/15 14:20:16.451563, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/process.c:3840(smbd_add_connection) > Connection allowed from ipv4:131.130.2.200:57546 to ipv4:131.130.1.38:1139 >[2019/03/15 14:20:16.451669, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:16.451728, 3, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/smbd/oplock.c:1340(init_oplocks) > init_oplocks: initializing messages. >[2019/03/15 14:20:16.451752, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 774 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.451795, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 778 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.451823, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 770 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.451842, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 787 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.451859, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 779 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.451879, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 15 - private_data=(nil) >[2019/03/15 14:20:16.451897, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:693(messaging_register) > Overriding messaging pointer for type 15 - private_data=(nil) >[2019/03/15 14:20:16.451914, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:725(messaging_deregister) > Deregistering messaging pointer for type 16 - private_data=(nil) >[2019/03/15 14:20:16.451943, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 16 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.451968, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:725(messaging_deregister) > Deregistering messaging pointer for type 33 - private_data=0x5602b603cbe0 >[2019/03/15 14:20:16.451991, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 33 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.452013, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:725(messaging_deregister) > Deregistering messaging pointer for type 790 - private_data=(nil) >[2019/03/15 14:20:16.452036, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 790 - private_data=0x5602b6053400 >[2019/03/15 14:20:16.452058, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:725(messaging_deregister) > Deregistering messaging pointer for type 791 - private_data=(nil) >[2019/03/15 14:20:16.452082, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:725(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2019/03/15 14:20:16.452114, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:678(messaging_register) > Registering messaging pointer for type 1 - private_data=(nil) >[2019/03/15 14:20:16.452145, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util_event.c:99(event_add_idle) > event_add_idle: idle_evt(keepalive) 0x5602b6058820 >[2019/03/15 14:20:16.452175, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util_event.c:99(event_add_idle) > event_add_idle: idle_evt(deadtime) 0x5602b6058a70 >[2019/03/15 14:20:16.452197, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util_event.c:99(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0x5602b6058cc0 >[2019/03/15 14:20:16.452509, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 212 >[2019/03/15 14:20:16.452545, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/process.c:1956(process_smb) > got message type 0x0 of len 0xd4 >[2019/03/15 14:20:16.452567, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/process.c:1958(process_smb) > Transaction 0 of length 216 (0 toread) >[2019/03/15 14:20:16.452601, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util.c:184(show_msg) >[2019/03/15 14:20:16.452626, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util.c:194(show_msg) > size=212 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51267 > smb_tid=0 > smb_pid=65534 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=177 >[2019/03/15 14:20:16.452696, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/util.c:514(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 02 53 4D 42 20 NT LM 0. 12..SMB > [00A0] 32 2E 30 30 32 00 02 53 4D 42 20 32 2E 3F 3F 3F 2.002..S MB 2.??? > [00B0] 00 . >[2019/03/15 14:20:16.452882, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBnegprot (pid 11844) conn 0x0 >[2019/03/15 14:20:16.452916, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.452943, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.452968, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.453007, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.453985, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2019/03/15 14:20:16.454015, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2019/03/15 14:20:16.454034, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2019/03/15 14:20:16.454052, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [LANMAN1.0] >[2019/03/15 14:20:16.454070, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [LM1.2X002] >[2019/03/15 14:20:16.454087, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2019/03/15 14:20:16.454105, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [LANMAN2.1] >[2019/03/15 14:20:16.454122, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [Samba] >[2019/03/15 14:20:16.454140, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2019/03/15 14:20:16.454158, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [NT LM 0.12] >[2019/03/15 14:20:16.454175, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [SMB 2.002] >[2019/03/15 14:20:16.454193, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:628(reply_negprot) > Requested protocol [SMB 2.???] >[2019/03/15 14:20:16.454215, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/util.c:1210(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2019/03/15 14:20:16.454253, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:16.454305, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:16.454343, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3537(smbd_smb2_process_negprot) > smbd_smb2_first_negprot: packet length 102 >[2019/03/15 14:20:16.454379, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 0 (position 0) from bitmap >[2019/03/15 14:20:16.454415, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_NEGPROT] mid = 0 >[2019/03/15 14:20:16.454438, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.454455, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.454472, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.454500, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.454561, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:16.454601, 3, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot) > Selected protocol SMB2_FF >[2019/03/15 14:20:16.454647, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:524(make_auth3_context_for_ntlm) > Making default auth method list for server role = 'standalone server', encrypt passwords = yes >[2019/03/15 14:20:16.454684, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:48(smb_register_auth) > Attempting to register auth backend guest >[2019/03/15 14:20:16.454711, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:60(smb_register_auth) > Successfully added auth method 'guest' >[2019/03/15 14:20:16.454729, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam >[2019/03/15 14:20:16.454747, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam' >[2019/03/15 14:20:16.454763, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_ignoredomain >[2019/03/15 14:20:16.454795, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' >[2019/03/15 14:20:16.454812, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_netlogon3 >[2019/03/15 14:20:16.454830, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_netlogon3' >[2019/03/15 14:20:16.454850, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:48(smb_register_auth) > Attempting to register auth backend winbind >[2019/03/15 14:20:16.454868, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:60(smb_register_auth) > Successfully added auth method 'winbind' >[2019/03/15 14:20:16.454885, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:400(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2019/03/15 14:20:16.454903, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:425(load_auth_module) > load_auth_module: auth method guest has a valid init >[2019/03/15 14:20:16.454928, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:400(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam_ignoredomain >[2019/03/15 14:20:16.454957, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:425(load_auth_module) > load_auth_module: auth method sam_ignoredomain has a valid init >[2019/03/15 14:20:16.456134, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_spnego' registered >[2019/03/15 14:20:16.456168, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_krb5' registered >[2019/03/15 14:20:16.456193, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_krb5_sasl' registered >[2019/03/15 14:20:16.456225, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'spnego' registered >[2019/03/15 14:20:16.456261, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'schannel' registered >[2019/03/15 14:20:16.456294, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'naclrpc_as_system' registered >[2019/03/15 14:20:16.456329, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'sasl-EXTERNAL' registered >[2019/03/15 14:20:16.456358, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'ntlmssp' registered >[2019/03/15 14:20:16.456389, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'ntlmssp_resume_ccache' registered >[2019/03/15 14:20:16.456420, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_basic' registered >[2019/03/15 14:20:16.456445, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_ntlm' registered >[2019/03/15 14:20:16.456468, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_negotiate' registered >[2019/03/15 14:20:16.456573, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) > Starting GENSEC mechanism spnego >[2019/03/15 14:20:16.456639, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) > Starting GENSEC submechanism ntlmssp >[2019/03/15 14:20:16.456685, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) > gensec_update_send: spnego[0x5602b60541d0]: subreq: 0x5602b60649f0 >[2019/03/15 14:20:16.456724, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) > gensec_update_done: spnego[0x5602b60541d0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5602b60649f0/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5602b6064b80)] timer[(nil)] finish[../auth/gensec/spnego.c:2070] >[2019/03/15 14:20:16.456786, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[64] dyn[yes:74] at ../source3/smbd/smb2_negprot.c:620 >[2019/03/15 14:20:16.456818, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/1/1 >[2019/03/15 14:20:16.456871, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:761(reply_negprot) > Selected protocol SMB 2.??? >[2019/03/15 14:20:16.456893, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/negprot.c:763(reply_negprot) > negprot index=11 >[2019/03/15 14:20:16.457592, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.457624, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 1 (position 1) from bitmap >[2019/03/15 14:20:16.457643, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_NEGPROT] mid = 1 >[2019/03/15 14:20:16.457660, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.457676, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.457691, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.457717, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.457747, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.457778, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.457796, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.457810, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.457825, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.457886, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[RA/ce7d6988-99c5-42e2-ac03-cb5f86cd080a] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656016 seconds in the past) >[2019/03/15 14:20:16.458022, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:640(gencache_stabilize) > Could not get allrecord lock on gencache_notrans.tdb: Locking error >[2019/03/15 14:20:16.458042, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[RA/ce7d6988-99c5-42e2-ac03-cb5f86cd080a] and timeout=[Fri Mar 22 14:20:16 2019 CET] (604800 seconds ahead) >[2019/03/15 14:20:16.460759, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.460818, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:16.460859, 3, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot) > Selected protocol SMB3_11 >[2019/03/15 14:20:16.460876, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:524(make_auth3_context_for_ntlm) > Making default auth method list for server role = 'standalone server', encrypt passwords = yes >[2019/03/15 14:20:16.460894, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:400(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2019/03/15 14:20:16.460911, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:425(load_auth_module) > load_auth_module: auth method guest has a valid init >[2019/03/15 14:20:16.460926, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:400(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam_ignoredomain >[2019/03/15 14:20:16.460941, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:425(load_auth_module) > load_auth_module: auth method sam_ignoredomain has a valid init >[2019/03/15 14:20:16.460991, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) > Starting GENSEC mechanism spnego >[2019/03/15 14:20:16.461023, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) > Starting GENSEC submechanism ntlmssp >[2019/03/15 14:20:16.461060, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) > gensec_update_send: spnego[0x5602b6059ea0]: subreq: 0x5602b6064500 >[2019/03/15 14:20:16.461081, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) > gensec_update_done: spnego[0x5602b6059ea0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5602b6064500/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5602b6064690)] timer[(nil)] finish[../auth/gensec/spnego.c:2070] >[2019/03/15 14:20:16.461138, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[64] dyn[yes:140] at ../source3/smbd/smb2_negprot.c:662 >[2019/03/15 14:20:16.461159, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 31, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/2/1 >[2019/03/15 14:20:16.462300, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.462324, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 2 (position 2) from bitmap >[2019/03/15 14:20:16.462341, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_SESSSETUP] mid = 2 >[2019/03/15 14:20:16.462357, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.462373, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.462387, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.462417, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.462449, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.462470, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.462494, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.462523, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6067910 >[2019/03/15 14:20:16.462655, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:944(smbXsrv_session_global_store) >[2019/03/15 14:20:16.462673, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:946(smbXsrv_session_global_store) > smbXsrv_session_global_store: key 'F28A8A36' stored >[2019/03/15 14:20:16.462690, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) >[2019/03/15 14:20:16.462929, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.462950, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.462967, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1319(smbXsrv_session_create) >[2019/03/15 14:20:16.462980, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1327(smbXsrv_session_create) > smbXsrv_session_create: global_id (0xf28a8a36) stored >[2019/03/15 14:20:16.462995, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0xf28a8a36 (4069165622) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) > status : NT_STATUS_MORE_PROCESSING_REQUIRED > idle_time : Fri Mar 15 14:20:16 2019 CET > nonce_high_random : 0x0000000000000000 (0) > nonce_high_max : 0x0000000000000000 (0) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : NULL > tcon_table : * > pending_auth : NULL >[2019/03/15 14:20:16.463288, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:524(make_auth3_context_for_ntlm) > Making default auth method list for server role = 'standalone server', encrypt passwords = yes >[2019/03/15 14:20:16.463306, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:400(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2019/03/15 14:20:16.463322, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:425(load_auth_module) > load_auth_module: auth method guest has a valid init >[2019/03/15 14:20:16.463336, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:400(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam_ignoredomain >[2019/03/15 14:20:16.463351, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:425(load_auth_module) > load_auth_module: auth method sam_ignoredomain has a valid init >[2019/03/15 14:20:16.463403, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) > Starting GENSEC mechanism spnego >[2019/03/15 14:20:16.463423, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.463438, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.463455, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.463472, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b60688e0 >[2019/03/15 14:20:16.463494, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:944(smbXsrv_session_global_store) >[2019/03/15 14:20:16.463505, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:946(smbXsrv_session_global_store) > smbXsrv_session_global_store: key 'F28A8A36' stored >[2019/03/15 14:20:16.463521, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000002 (2) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) >[2019/03/15 14:20:16.463727, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.463744, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.463760, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1414(smbXsrv_session_update) >[2019/03/15 14:20:16.463781, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1422(smbXsrv_session_update) > smbXsrv_session_update: global_id (0xf28a8a36) stored >[2019/03/15 14:20:16.463797, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0xf28a8a36 (4069165622) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) > status : NT_STATUS_MORE_PROCESSING_REQUIRED > idle_time : Fri Mar 15 14:20:16 2019 CET > nonce_high_random : 0x0000000000000000 (0) > nonce_high_max : 0x0000000000000000 (0) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : NULL > tcon_table : * > pending_auth : * > pending_auth: struct smbXsrv_session_auth0 > prev : * > next : NULL > session : * > connection : * > gensec : * > preauth : * > in_flags : 0x00 (0) > in_security_mode : 0x01 (1) > creation_time : Fri Mar 15 14:20:16 2019 CET > idle_time : Fri Mar 15 14:20:16 2019 CET >[2019/03/15 14:20:16.464144, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.464162, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.464178, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.464192, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.464207, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.464265, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) > Starting GENSEC submechanism ntlmssp >[2019/03/15 14:20:16.464310, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2019/03/15 14:20:16.464380, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x62088215 (1644724757) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > WorkstationLen : 0x0000 (0) > WorkstationMaxLen : 0x0000 (0) > Workstation : * > Workstation : '' > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) > ProductBuild : 0x0000 (0) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >[2019/03/15 14:20:16.464663, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0014 (20) > TargetNameMaxLen : 0x0014 (20) > TargetName : * > TargetName : 'SONESERVER' > NegotiateFlags : 0x628a8215 (1653244437) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 1: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : f573d123dce2e338 > Reserved : 0000000000000000 > TargetInfoLen : 0x0092 (146) > TargetInfoMaxLen : 0x0092 (146) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000006 (6) > pair: ARRAY(6) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'SONESERVER' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SONESERVER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'cc.univie.ac.at' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002c (44) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'someserver.cc.univie.ac.at' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : Fri Mar 15 14:20:16 2019 CET > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) > ProductBuild : 0x0000 (0) > Reserved : 000000 > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) >[2019/03/15 14:20:16.465063, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) > gensec_update_send: ntlmssp[0x5602b606a7b0]: subreq: 0x5602b6068ae0 >[2019/03/15 14:20:16.465080, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) > gensec_update_send: spnego[0x5602b60682f0]: subreq: 0x5602b606a010 >[2019/03/15 14:20:16.465102, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 24 > req->in.vector[4].iov_len = 74 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2019/03/15 14:20:16.465172, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) > gensec_update_done: ntlmssp[0x5602b606a7b0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5602b6068ae0/../auth/ntlmssp/ntlmssp.c:181]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x5602b6068c70)] timer[(nil)] finish[../auth/ntlmssp/ntlmssp.c:215] >[2019/03/15 14:20:16.465204, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) > gensec_update_done: spnego[0x5602b60682f0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5602b606a010/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5602b606a1a0)] timer[(nil)] finish[../auth/gensec/spnego.c:2070] >[2019/03/15 14:20:16.465230, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.465248, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.465263, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.465278, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.465292, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.465321, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.465342, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_MORE_PROCESSING_REQUIRED] body[8] dyn[yes:253] at ../source3/smbd/smb2_sesssetup.c:174 >[2019/03/15 14:20:16.465360, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8192, charge 1, granted 1, current possible/max 512/512, total granted/max/low/range 1/8192/3/1 >[2019/03/15 14:20:16.466107, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.466131, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 3 (position 3) from bitmap >[2019/03/15 14:20:16.466148, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_SESSSETUP] mid = 3 >[2019/03/15 14:20:16.466165, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.466180, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.466198, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.466214, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b60641f0 >[2019/03/15 14:20:16.466237, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:944(smbXsrv_session_global_store) >[2019/03/15 14:20:16.466249, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:946(smbXsrv_session_global_store) > smbXsrv_session_global_store: key 'F28A8A36' stored >[2019/03/15 14:20:16.466264, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000003 (3) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) >[2019/03/15 14:20:16.466477, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.466494, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.466510, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1414(smbXsrv_session_update) >[2019/03/15 14:20:16.466520, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1422(smbXsrv_session_update) > smbXsrv_session_update: global_id (0xf28a8a36) stored >[2019/03/15 14:20:16.466535, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0xf28a8a36 (4069165622) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) > status : NT_STATUS_MORE_PROCESSING_REQUIRED > idle_time : Fri Mar 15 14:20:16 2019 CET > nonce_high_random : 0x0000000000000000 (0) > nonce_high_max : 0x0000000000000000 (0) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : NULL > tcon_table : * > pending_auth : * > pending_auth: struct smbXsrv_session_auth0 > prev : * > next : NULL > session : * > connection : * > gensec : * > preauth : * > in_flags : 0x00 (0) > in_security_mode : 0x01 (1) > creation_time : Fri Mar 15 14:20:16 2019 CET > idle_time : Fri Mar 15 14:20:16 2019 CET >[2019/03/15 14:20:16.466893, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.466909, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.466923, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.466948, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.466968, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.466983, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.467004, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.467020, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606b820 >[2019/03/15 14:20:16.467042, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:944(smbXsrv_session_global_store) >[2019/03/15 14:20:16.467054, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:946(smbXsrv_session_global_store) > smbXsrv_session_global_store: key 'F28A8A36' stored >[2019/03/15 14:20:16.467069, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000004 (4) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) >[2019/03/15 14:20:16.467269, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.467285, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.467302, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1414(smbXsrv_session_update) >[2019/03/15 14:20:16.467313, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1422(smbXsrv_session_update) > smbXsrv_session_update: global_id (0xf28a8a36) stored >[2019/03/15 14:20:16.467331, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0xf28a8a36 (4069165622) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : NTTIME(0) > auth_session_info_seqnum : 0x00000000 (0) > auth_session_info : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000000 (0) > connection : * > encryption_cipher : 0x0000 (0) > status : NT_STATUS_MORE_PROCESSING_REQUIRED > idle_time : Fri Mar 15 14:20:16 2019 CET > nonce_high_random : 0x0000000000000000 (0) > nonce_high_max : 0x0000000000000000 (0) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : NULL > tcon_table : * > pending_auth : * > pending_auth: struct smbXsrv_session_auth0 > prev : * > next : NULL > session : * > connection : * > gensec : * > preauth : * > in_flags : 0x00 (0) > in_security_mode : 0x01 (1) > creation_time : Fri Mar 15 14:20:16 2019 CET > idle_time : Fri Mar 15 14:20:16 2019 CET >[2019/03/15 14:20:16.467677, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.467694, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.467709, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.467724, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.467738, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.467807, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE_with_len(case 24) > v1: struct LM_RESPONSE > Response : 000000000000000000000000000000000000000000000000 > NtChallengeResponseLen : 0x0134 (308) > NtChallengeResponseMaxLen: 0x0134 (308) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE_with_len(case 308) > v2: struct NTLMv2_RESPONSE > Response : 5d354e5dc2296187302e0cf18284ac53 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Fri Mar 15 14:20:16 2019 CET > ChallengeFromClient : 6770035b336e643a > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x0000000a (10) > pair: ARRAY(10) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'SONESERVER' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SONESERVER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'cc.univie.ac.at' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002c (44) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'someserver.cc.univie.ac.at' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : Fri Mar 15 14:20:16 2019 CET > pair: struct AV_PAIR > AvId : MsvAvFlags (0x6) > AvLen : 0x0004 (4) > Value : union ntlmssp_AvValue(case 0x6) > AvFlags : 0x00000002 (2) > 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT > 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE > 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE > pair: struct AV_PAIR > AvId : MsvAvSingleHost (0x8) > AvLen : 0x0030 (48) > Value : union ntlmssp_AvValue(case 0x8) > AvSingleHost: struct ntlmssp_SingleHostData > Size : 0x00000030 (48) > Z4 : 0x00000000 (0) > token_info: struct LSAP_TOKEN_INFO_INTEGRITY > Flags : 0x00000000 (0) > TokenIL : 0x00000000 (0) > MachineId : 36433f97fbad969ea2357f8204921628b713b273d76eef5a1ceecc4705e86090 > remaining : DATA_BLOB length=0 > pair: struct AV_PAIR > AvId : MsvChannelBindings (0xA) > AvLen : 0x0010 (16) > Value : union ntlmssp_AvValue(case 0xA) > ChannelBindings : 00000000000000000000000000000000 > pair: struct AV_PAIR > AvId : MsvAvTargetName (0x9) > AvLen : 0x0022 (34) > Value : union ntlmssp_AvValue(case 0x9) > AvTargetName : 'cifs/131.130.1.38' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x000e (14) > DomainNameMaxLen : 0x000e (14) > DomainName : * > DomainName : 'MYGROUP' > UserNameLen : 0x0004 (4) > UserNameMaxLen : 0x0004 (4) > UserName : * > UserName : 'mi' > WorkstationLen : 0x0014 (20) > WorkstationMaxLen : 0x0014 (20) > Workstation : * > Workstation : 'SOMESERVER' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] 8F 60 57 35 86 64 5B 59 D8 A2 F0 15 66 B3 71 B4 .`W5.d[Y ....f.q. > NegotiateFlags : 0x62088215 (1644724757) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) > ProductBuild : 0x0000 (0) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >[2019/03/15 14:20:16.468557, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth) > Got user=[mi] domain=[MYGROUP] workstation=[SOMESERVER] len1=24 len2=308 >[2019/03/15 14:20:16.468586, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_server.c:583(ntlmssp_server_preauth) >[2019/03/15 14:20:16.468598, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &v2_resp: struct NTLMv2_RESPONSE > Response : 5d354e5dc2296187302e0cf18284ac53 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Fri Mar 15 14:20:16 2019 CET > ChallengeFromClient : 6770035b336e643a > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x0000000a (10) > pair: ARRAY(10) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'SONESERVER' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0014 (20) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SONESERVER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001e (30) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'cc.univie.ac.at' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002c (44) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'someserver.cc.univie.ac.at' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union ntlmssp_AvValue(case 0x7) > AvTimestamp : Fri Mar 15 14:20:16 2019 CET > pair: struct AV_PAIR > AvId : MsvAvFlags (0x6) > AvLen : 0x0004 (4) > Value : union ntlmssp_AvValue(case 0x6) > AvFlags : 0x00000002 (2) > 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT > 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE > 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE > pair: struct AV_PAIR > AvId : MsvAvSingleHost (0x8) > AvLen : 0x0030 (48) > Value : union ntlmssp_AvValue(case 0x8) > AvSingleHost: struct ntlmssp_SingleHostData > Size : 0x00000030 (48) > Z4 : 0x00000000 (0) > token_info: struct LSAP_TOKEN_INFO_INTEGRITY > Flags : 0x00000000 (0) > TokenIL : 0x00000000 (0) > MachineId : 36433f97fbad969ea2357f8204921628b713b273d76eef5a1ceecc4705e86090 > remaining : DATA_BLOB length=0 > pair: struct AV_PAIR > AvId : MsvChannelBindings (0xA) > AvLen : 0x0010 (16) > Value : union ntlmssp_AvValue(case 0xA) > ChannelBindings : 00000000000000000000000000000000 > pair: struct AV_PAIR > AvId : MsvAvTargetName (0x9) > AvLen : 0x0022 (34) > Value : union ntlmssp_AvValue(case 0x9) > AvTargetName : 'cifs/131.130.1.38' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) >[2019/03/15 14:20:16.469013, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:3868(lp_load_ex) > lp_load_ex: refreshing parameters >[2019/03/15 14:20:16.469033, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1344(free_param_opts) > Freeing parametrics: >[2019/03/15 14:20:16.469085, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:547(init_globals) > Initialising global parameters >[2019/03/15 14:20:16.469111, 2, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:319(max_open_files) > rlimit_max: increasing rlimit_max (4096) to minimum Windows limit (16384) >[2019/03/15 14:20:16.469162, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/debug.c:746(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 >[2019/03/15 14:20:16.469334, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2782(lp_do_section) > Processing section "[global]" > doing parameter state directory = /tmp > doing parameter cache directory = /tmp > doing parameter lock directory = /tmp > doing parameter pid directory = /tmp > doing parameter private dir = /tmp > doing parameter ncalrpc dir = /tmp > doing parameter smb ports = 1445 1139 > doing parameter log file = /tmp/samba > doing parameter netbios name = soneserver >[2019/03/15 14:20:16.469435, 2, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2799(lp_do_section) > Processing section "[someprinter]" > doing parameter printable = yes > doing parameter readonly = no > doing parameter path = /tmp > doing parameter printing = lprng > doing parameter print command = echo 1>&2 Jobtitle = %J >[2019/03/15 14:20:16.469523, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:3910(lp_load_ex) > pm_process() returned Yes >[2019/03/15 14:20:16.469550, 7, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:4229(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2019/03/15 14:20:16.469568, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:1617(lp_add_ipc) > adding IPC service >[2019/03/15 14:20:16.469604, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:122(make_user_info_map) > Mapping user [MYGROUP]\[mi] from workstation [SOMESERVER] >[2019/03/15 14:20:16.469627, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/user_info.c:64(make_user_info) > attempting to make a user_info for mi (mi) >[2019/03/15 14:20:16.469645, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/user_info.c:72(make_user_info) > making strings for mi's user_info struct >[2019/03/15 14:20:16.469661, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/user_info.c:125(make_user_info) > making blobs for mi's user_info struct >[2019/03/15 14:20:16.469676, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/user_info.c:176(make_user_info) > made a user_info for mi (mi) >[2019/03/15 14:20:16.469691, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:189(auth_check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [MYGROUP]\[mi]@[SOMESERVER] with the new password interface >[2019/03/15 14:20:16.469707, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password) > check_ntlm_password: mapped user is: [MYGROUP]\[mi]@[SOMESERVER] >[2019/03/15 14:20:16.469722, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:202(auth_check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2019/03/15 14:20:16.469737, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:204(auth_check_ntlm_password) > challenge is: >[2019/03/15 14:20:16.469751, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/util.c:514(dump_data) > [0000] F5 73 D1 23 DC E2 E3 38 .s.#...8 >[2019/03/15 14:20:16.469785, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_builtin.c:41(check_guest_security) > Check auth for: [mi] >[2019/03/15 14:20:16.469801, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password) > auth_check_ntlm_password: guest had nothing to say >[2019/03/15 14:20:16.469830, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.469848, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.469863, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.469878, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.469893, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.469957, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username) > pdb_set_username: setting username mi, was >[2019/03/15 14:20:16.469977, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain) > pdb_set_domain: setting domain SONESERVER, was >[2019/03/15 14:20:16.469994, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username) > pdb_set_nt_username: setting nt username , was >[2019/03/15 14:20:16.470009, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname) > pdb_set_full_name: setting full name Heinrich Mislik, was >[2019/03/15 14:20:16.470026, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/substitute.c:435(automount_server) > Home server: soneserver >[2019/03/15 14:20:16.470049, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir) > pdb_set_homedir: setting home dir \\soneserver\mi, was >[2019/03/15 14:20:16.470065, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2019/03/15 14:20:16.470083, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2019/03/15 14:20:16.470098, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/substitute.c:435(automount_server) > Home server: soneserver >[2019/03/15 14:20:16.470114, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\soneserver\mi\profile, was >[2019/03/15 14:20:16.470130, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2019/03/15 14:20:16.470148, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470165, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470179, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470194, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.470208, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.470251, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2019/03/15 14:20:16.470274, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470299, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-1617874422-3509600710-549232689-1001 >[2019/03/15 14:20:16.470320, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1617874422-3509600710-549232689-1001 from rid 1001 >[2019/03/15 14:20:16.470350, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470367, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470381, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470396, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.470410, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.470438, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2019/03/15 14:20:16.470458, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470478, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user mi >[2019/03/15 14:20:16.470494, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is mi >[2019/03/15 14:20:16.470549, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [mi]! >[2019/03/15 14:20:16.470589, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 202 -> sid S-1-22-2-202 >[2019/03/15 14:20:16.470624, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for mi >[2019/03/15 14:20:16.470643, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470660, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470675, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470689, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.470703, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.470736, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2019/03/15 14:20:16.470756, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470789, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username) > pdb_set_username: setting username mi, was >[2019/03/15 14:20:16.470806, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain) > pdb_set_domain: setting domain SONESERVER, was >[2019/03/15 14:20:16.470821, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username) > pdb_set_nt_username: setting nt username , was >[2019/03/15 14:20:16.470835, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname) > pdb_set_full_name: setting full name Heinrich Mislik, was >[2019/03/15 14:20:16.470852, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/substitute.c:435(automount_server) > Home server: soneserver >[2019/03/15 14:20:16.470869, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir) > pdb_set_homedir: setting home dir \\soneserver\mi, was >[2019/03/15 14:20:16.470885, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2019/03/15 14:20:16.470900, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2019/03/15 14:20:16.470916, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/substitute.c:435(automount_server) > Home server: soneserver >[2019/03/15 14:20:16.470931, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\soneserver\mi\profile, was >[2019/03/15 14:20:16.470947, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2019/03/15 14:20:16.470964, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.470981, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.470995, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.471010, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.471024, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.471052, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2019/03/15 14:20:16.471072, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471089, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-1617874422-3509600710-549232689-1001 >[2019/03/15 14:20:16.471115, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1617874422-3509600710-549232689-1001 from rid 1001 >[2019/03/15 14:20:16.471139, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:557(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-1617874422-3509600710-549232689-513 >[2019/03/15 14:20:16.471163, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.471182, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/auth/ntlm_check.c:364(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [MYGROUP] >[2019/03/15 14:20:16.471221, 4, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/check_samsec.c:183(sam_account_ok) > sam_account_ok: Checking SMB password for user mi >[2019/03/15 14:20:16.471239, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/check_samsec.c:165(logon_hours_ok) > logon_hours_ok: user mi allowed to logon at this time (Fri Mar 15 13:20:16 2019 > ) >[2019/03/15 14:20:16.471259, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471276, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.471290, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471305, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.471319, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.471347, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2019/03/15 14:20:16.471367, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.471386, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471402, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.471417, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471431, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.471445, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.471471, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user mi >[2019/03/15 14:20:16.471486, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is mi >[2019/03/15 14:20:16.471502, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [mi]! >[2019/03/15 14:20:16.471527, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.471544, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471558, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.471573, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.471587, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.471614, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: minimum password age, val: 0 >[2019/03/15 14:20:16.471633, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471651, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.471667, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471681, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.471696, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.471710, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.471736, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2019/03/15 14:20:16.471755, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.471782, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user mi >[2019/03/15 14:20:16.471797, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is mi >[2019/03/15 14:20:16.471813, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [mi]! >[2019/03/15 14:20:16.471846, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) > sys_getgrouplist: user [mi] >[2019/03/15 14:20:16.471981, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 202 -> sid S-1-22-2-202 >[2019/03/15 14:20:16.472011, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 0 -> sid S-1-22-2-0 >[2019/03/15 14:20:16.472033, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 10 -> sid S-1-22-2-10 >[2019/03/15 14:20:16.472052, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/server_info_sam.c:122(make_server_info_sam) > make_server_info_sam: made server info for user mi -> mi >[2019/03/15 14:20:16.472073, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.472096, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:256(auth_check_ntlm_password) > auth_check_ntlm_password: sam_ignoredomain authentication for user [mi] succeeded >[2019/03/15 14:20:16.472115, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.472132, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.472146, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.472161, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.472175, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.472205, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.472221, 5, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:283(auth_check_ntlm_password) > check_ntlm_password: PAM Account for user [mi] succeeded >[2019/03/15 14:20:16.472258, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../auth/auth_log.c:760(log_authentication_event_human_readable) > Auth: [SMB2,(null)] user [MYGROUP]\[mi] at [Fri, 15 Mar 2019 14:20:16.472246 CET] with [NTLMv2] status [NT_STATUS_OK] workstation [SOMESERVER] remote host [ipv4:131.130.2.200:57546] became [SONESERVER]\[mi] [S-1-5-21-1617874422-3509600710-549232689-1001]. local host [ipv4:131.130.1.38:1139] >[2019/03/15 14:20:16.472283, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../auth/auth_log.c:591(log_no_json) > log_no_json: JSON auth logs not available unless compiled with jansson >[2019/03/15 14:20:16.472299, 2, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth.c:314(auth_check_ntlm_password) > check_ntlm_password: authentication for user [mi] -> [mi] -> [mi] succeeded >[2019/03/15 14:20:16.472315, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/auth_ntlmssp.c:224(auth3_check_password) > Got NT session key of length 16 >[2019/03/15 14:20:16.472332, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/auth_ntlmssp.c:231(auth3_check_password) > Got LM session key of length 8 >[2019/03/15 14:20:16.472348, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_server.c:978(ntlmssp_server_postauth) > ntlmssp_server_auth: Using unmodified nt session key. >[2019/03/15 14:20:16.472374, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_sign.c:512(ntlmssp_sign_reset) > NTLMSSP Sign/Seal - Initialising with flags: >[2019/03/15 14:20:16.472389, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2019/03/15 14:20:16.472445, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) > gensec_update_send: ntlmssp[0x5602b606a7b0]: subreq: 0x5602b6068e10 >[2019/03/15 14:20:16.472461, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) > gensec_update_send: spnego[0x5602b60682f0]: subreq: 0x5602b606a010 >[2019/03/15 14:20:16.472485, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 24 > req->in.vector[4].iov_len = 510 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2019/03/15 14:20:16.472563, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) > gensec_update_done: ntlmssp[0x5602b606a7b0]: NT_STATUS_OK tevent_req[0x5602b6068e10/../auth/ntlmssp/ntlmssp.c:181]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x5602b6068fa0)] timer[(nil)] finish[../auth/ntlmssp/ntlmssp.c:244] >[2019/03/15 14:20:16.472595, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_sign.c:258(ntlmssp_check_packet) > ntlmssp_check_packet: NTLMSSP signature OK ! >[2019/03/15 14:20:16.472631, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_sign.c:512(ntlmssp_sign_reset) > NTLMSSP Sign/Seal - Initialising with flags: >[2019/03/15 14:20:16.472656, 3, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2019/03/15 14:20:16.472719, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) > gensec_update_done: spnego[0x5602b60682f0]: NT_STATUS_OK tevent_req[0x5602b606a010/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5602b606a1a0)] timer[(nil)] finish[../auth/gensec/spnego.c:2070] >[2019/03/15 14:20:16.472739, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.472756, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.472782, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.472797, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.472812, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.472843, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.472871, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:319(create_local_nt_token_from_info3) > Create local NT token for mi >[2019/03/15 14:20:16.472903, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-1001] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656016 seconds in the past) >[2019/03/15 14:20:16.472963, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1493(sid_to_uid) > winbind failed to find a uid for sid S-1-5-21-1617874422-3509600710-549232689-1001 >[2019/03/15 14:20:16.472987, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.473004, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.473019, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.473033, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.473048, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.473080, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1001. >[2019/03/15 14:20:16.473100, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473116, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.473131, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473145, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.473160, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.473185, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.473202, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473216, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.473230, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.473245, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.473272, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: maximum password age, val: -1 >[2019/03/15 14:20:16.473292, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473311, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.473327, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473342, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.473356, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.473374, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.473401, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2019/03/15 14:20:16.473420, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473440, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username) > pdb_set_username: setting username mi, was >[2019/03/15 14:20:16.473456, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain) > pdb_set_domain: setting domain SONESERVER, was >[2019/03/15 14:20:16.473471, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username) > pdb_set_nt_username: setting nt username , was >[2019/03/15 14:20:16.473486, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname) > pdb_set_full_name: setting full name Heinrich Mislik, was >[2019/03/15 14:20:16.473503, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/substitute.c:435(automount_server) > Home server: soneserver >[2019/03/15 14:20:16.473521, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir) > pdb_set_homedir: setting home dir \\soneserver\mi, was >[2019/03/15 14:20:16.473536, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2019/03/15 14:20:16.473552, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2019/03/15 14:20:16.473567, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/substitute.c:435(automount_server) > Home server: soneserver >[2019/03/15 14:20:16.473583, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\soneserver\mi\profile, was >[2019/03/15 14:20:16.473599, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2019/03/15 14:20:16.473616, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.473633, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473647, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2019/03/15 14:20:16.473662, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.473676, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.473703, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/account_pol.c:362(account_policy_get) > account_policy_get: name: password history, val: 0 >[2019/03/15 14:20:16.473723, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.473743, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-1617874422-3509600710-549232689-1001 >[2019/03/15 14:20:16.473760, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1617874422-3509600710-549232689-1001 from rid 1001 >[2019/03/15 14:20:16.473792, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_get_set.c:557(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-1617874422-3509600710-549232689-513 >[2019/03/15 14:20:16.473815, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.473834, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user mi >[2019/03/15 14:20:16.473849, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is mi >[2019/03/15 14:20:16.473864, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [mi]! >[2019/03/15 14:20:16.473884, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-1001] and timeout=[Fri Mar 22 14:20:16 2019 CET] (604800 seconds ahead) >[2019/03/15 14:20:16.473918, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/UID2SID/10005] and timeout=[Fri Mar 22 14:20:16 2019 CET] (604800 seconds ahead) >[2019/03/15 14:20:16.473945, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474003, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/system_smbd.c:176(sys_getgrouplist) > sys_getgrouplist: user [mi] >[2019/03/15 14:20:16.474125, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 202 -> sid S-1-22-2-202 >[2019/03/15 14:20:16.474146, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 0 -> sid S-1-22-2-0 >[2019/03/15 14:20:16.474163, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1335(gid_to_sid) > gid 10 -> sid S-1-22-2-10 >[2019/03/15 14:20:16.474183, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474199, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474214, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474228, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.474243, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.474291, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:681(finalize_local_nt_token) > Failed to fetch domain sid for WORKGROUP >[2019/03/15 14:20:16.474312, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474344, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474361, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474375, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474390, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.474404, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.474439, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1562(pdb_default_sid_to_id) > Could not find map for sid S-1-5-32-544 >[2019/03/15 14:20:16.474468, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/pdb_util.c:158(create_builtin_administrators) > create_builtin_administrators: Failed to create Administrators >[2019/03/15 14:20:16.474490, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474514, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474530, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474545, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474559, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.474573, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.474601, 10, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1562(pdb_default_sid_to_id) > Could not find map for sid S-1-5-32-545 >[2019/03/15 14:20:16.474621, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/pdb_util.c:128(create_builtin_users) > create_builtin_users: Failed to create Users >[2019/03/15 14:20:16.474641, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474660, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474676, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474690, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.474704, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.474719, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.474822, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.474850, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1617874422-3509600710-549232689-1001] >[2019/03/15 14:20:16.474871, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-1617874422-3509600710-549232689-513] >[2019/03/15 14:20:16.474890, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-202] >[2019/03/15 14:20:16.474909, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2019/03/15 14:20:16.474928, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-10] >[2019/03/15 14:20:16.474948, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:176(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2019/03/15 14:20:16.474971, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2019/03/15 14:20:16.474991, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/privileges.c:98(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2019/03/15 14:20:16.475011, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-1001]: value=[10005:U] >[2019/03/15 14:20:16.475027, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key [IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-1001]: id=[10005], endptr=[:U] >[2019/03/15 14:20:16.475048, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-1617874422-3509600710-549232689-513] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656016 seconds in the past) >[2019/03/15 14:20:16.475080, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-1-0] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656016 seconds in the past) >[2019/03/15 14:20:16.475122, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-2] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656016 seconds in the past) >[2019/03/15 14:20:16.475159, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[IDMAP/SID2XID/S-1-5-11] and timeout=[Thu Jan 1 01:00:00 1970 CET] (-1552656016 seconds in the past) >[2019/03/15 14:20:16.475204, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1395(sids_to_unixids) > wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE >[2019/03/15 14:20:16.475232, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475255, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.475275, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475299, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.475319, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.475353, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 513. >[2019/03/15 14:20:16.475377, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.475398, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475418, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.475438, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.475460, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.475502, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201. >[2019/03/15 14:20:16.475534, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475551, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1824(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2019/03/15 14:20:16.475566, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1534(pdb_default_sid_to_id) > SID S-1-5-21-1617874422-3509600710-549232689-513 belongs to our domain, but there is no corresponding object in the database. >[2019/03/15 14:20:16.475588, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.475604, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-21-1617874422-3509600710-549232689-513 >[2019/03/15 14:20:16.475622, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475638, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.475653, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475667, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.475681, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.475705, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 513. >[2019/03/15 14:20:16.475723, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.475744, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475758, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2019/03/15 14:20:16.475785, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.475800, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.475829, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201. >[2019/03/15 14:20:16.475854, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475871, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1824(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2019/03/15 14:20:16.475886, 5, pid=11844, effective(10005, 202), real(10005, 202), class=passdb] ../source3/passdb/pdb_interface.c:1534(pdb_default_sid_to_id) > SID S-1-5-21-1617874422-3509600710-549232689-513 belongs to our domain, but there is no corresponding object in the database. >[2019/03/15 14:20:16.475907, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.475923, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-21-1617874422-3509600710-549232689-513 >[2019/03/15 14:20:16.475940, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475956, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.475971, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.475985, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.475999, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.476028, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476045, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-1-0 >[2019/03/15 14:20:16.476061, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476077, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476092, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476106, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.476120, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.476152, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476168, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-1-0 >[2019/03/15 14:20:16.476185, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476201, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476215, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476229, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.476243, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.476272, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476288, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-2 >[2019/03/15 14:20:16.476304, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476321, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476335, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476349, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.476363, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.476391, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476407, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-2 >[2019/03/15 14:20:16.476424, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476440, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476454, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476469, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.476483, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.476510, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476529, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-11 >[2019/03/15 14:20:16.476546, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476562, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476577, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.476591, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.476605, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.476634, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.476650, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/passdb/lookup_sid.c:1209(legacy_sid_to_unixid) > LEGACY: mapping failed for sid S-1-5-11 >[2019/03/15 14:20:16.476665, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-5-21-1617874422-3509600710-549232689-513 to gid, ignoring it >[2019/03/15 14:20:16.476685, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2019/03/15 14:20:16.476701, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2019/03/15 14:20:16.476716, 10, pid=11844, effective(10005, 202), real(10005, 202), class=auth] ../source3/auth/auth_util.c:608(create_local_token) > Could not convert SID S-1-5-11 to gid, ignoring it >[2019/03/15 14:20:16.476733, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-1617874422-3509600710-549232689-1001 > SID[ 1]: S-1-5-21-1617874422-3509600710-549232689-513 > SID[ 2]: S-1-22-2-202 > SID[ 3]: S-1-22-2-0 > SID[ 4]: S-1-22-2-10 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-22-1-10005 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:16.476807, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 10005 > Primary group is 202 and contains 3 supplementary groups > Group[ 0]: 202 > Group[ 1]: 0 > Group[ 2]: 10 >[2019/03/15 14:20:16.476853, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../auth/auth_log.c:860(log_successful_authz_event_human_readable) > Successful AuthZ: [SMB2,NTLMSSP] user [SONESERVER]\[mi] [S-1-5-21-1617874422-3509600710-549232689-1001] at [Fri, 15 Mar 2019 14:20:16.476844 CET] Remote host [ipv4:131.130.2.200:57546] local host [ipv4:131.130.1.38:1139] >[2019/03/15 14:20:16.476911, 7, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:4229(lp_servicenumber) > lp_servicenumber: couldn't find mi >[2019/03/15 14:20:16.476928, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user mi >[2019/03/15 14:20:16.476943, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is mi >[2019/03/15 14:20:16.476962, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals did find user [mi]! >[2019/03/15 14:20:16.476977, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'mi' using home directory: '/home/mi' >[2019/03/15 14:20:16.477003, 7, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:4229(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2019/03/15 14:20:16.477039, 6, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/param/loadparm.c:2332(lp_file_list_changed) > lp_file_list_changed() > file /home/mi/smb-x.conf -> /home/mi/smb-x.conf last mod_time: Fri Mar 15 14:15:09 2019 > >[2019/03/15 14:20:16.477088, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.477111, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.477130, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.477147, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606da40 >[2019/03/15 14:20:16.477197, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:944(smbXsrv_session_global_store) >[2019/03/15 14:20:16.477210, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:946(smbXsrv_session_global_store) > smbXsrv_session_global_store: key 'F28A8A36' stored >[2019/03/15 14:20:16.477226, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000005 (5) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : Fri Mar 15 14:20:16 2019 CET > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000009 (9) > sids: ARRAY(9) > sids : S-1-5-21-1617874422-3509600710-549232689-1001 > sids : S-1-5-21-1617874422-3509600710-549232689-513 > sids : S-1-22-2-202 > sids : S-1-22-2-0 > sids : S-1-22-2-10 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-11 > sids : S-1-22-1-10005 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000002715 (10005) > gid : 0x00000000000000ca (202) > ngroups : 0x00000003 (3) > groups: ARRAY(3) > groups : 0x00000000000000ca (202) > groups : 0x0000000000000000 (0) > groups : 0x000000000000000a (10) > info : * > info: struct auth_user_info > account_name : * > account_name : 'mi' > user_principal_name : NULL > user_principal_constructed: 0x00 (0) > domain_name : * > domain_name : 'SONESERVER' > dns_domain_name : NULL > full_name : * > full_name : 'Heinrich Mislik' > logon_script : * > logon_script : '' > profile_path : * > profile_path : '\\soneserver\mi\profile' > home_directory : * > home_directory : '\\soneserver\mi' > home_drive : * > home_drive : '' > logon_server : * > logon_server : 'SONESERVER' > last_logon : NTTIME(0) > last_logoff : Thu Sep 14 04:48:05 30828 CEST > acct_expiry : Thu Sep 14 04:48:05 30828 CEST > last_password_change : Fri Mar 15 14:20:01 2019 CET > allow_password_change : Fri Mar 15 14:20:01 2019 CET > force_password_change : Thu Sep 14 04:48:05 30828 CEST > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000010 (16) > authenticated : 0x01 (1) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'mi' > sanitized_username : * > sanitized_username : 'mi' > torture : NULL > credentials : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x0001 (1) >[2019/03/15 14:20:16.478053, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.478074, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.478094, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1414(smbXsrv_session_update) >[2019/03/15 14:20:16.478112, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1422(smbXsrv_session_update) > smbXsrv_session_update: global_id (0xf28a8a36) stored >[2019/03/15 14:20:16.478127, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0xf28a8a36 (4069165622) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : Fri Mar 15 14:20:16 2019 CET > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000009 (9) > sids: ARRAY(9) > sids : S-1-5-21-1617874422-3509600710-549232689-1001 > sids : S-1-5-21-1617874422-3509600710-549232689-513 > sids : S-1-22-2-202 > sids : S-1-22-2-0 > sids : S-1-22-2-10 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-11 > sids : S-1-22-1-10005 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000002715 (10005) > gid : 0x00000000000000ca (202) > ngroups : 0x00000003 (3) > groups: ARRAY(3) > groups : 0x00000000000000ca (202) > groups : 0x0000000000000000 (0) > groups : 0x000000000000000a (10) > info : * > info: struct auth_user_info > account_name : * > account_name : 'mi' > user_principal_name : NULL > user_principal_constructed: 0x00 (0) > domain_name : * > domain_name : 'SONESERVER' > dns_domain_name : NULL > full_name : * > full_name : 'Heinrich Mislik' > logon_script : * > logon_script : '' > profile_path : * > profile_path : '\\soneserver\mi\profile' > home_directory : * > home_directory : '\\soneserver\mi' > home_drive : * > home_drive : '' > logon_server : * > logon_server : 'SONESERVER' > last_logon : NTTIME(0) > last_logoff : Thu Sep 14 04:48:05 30828 CEST > acct_expiry : Thu Sep 14 04:48:05 30828 CEST > last_password_change : Fri Mar 15 14:20:01 2019 CET > allow_password_change : Fri Mar 15 14:20:01 2019 CET > force_password_change : Thu Sep 14 04:48:05 30828 CEST > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000010 (16) > authenticated : 0x01 (1) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'mi' > sanitized_username : * > sanitized_username : 'mi' > torture : NULL > credentials : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x0001 (1) > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > nonce_high_random : 0x54f4b3f29a82f04d (6121715648059076685) > nonce_high_max : 0x0000000000ffffff (16777215) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : * > tcon_table : * > pending_auth : NULL >[2019/03/15 14:20:16.479026, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[8] dyn[yes:29] at ../source3/smbd/smb2_sesssetup.c:174 >[2019/03/15 14:20:16.479047, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8192, charge 1, granted 33, current possible/max 512/512, total granted/max/low/range 33/8192/4/33 >[2019/03/15 14:20:16.479075, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu) > signed SMB2 message >[2019/03/15 14:20:16.479839, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.479864, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 4 (position 4) from bitmap >[2019/03/15 14:20:16.479881, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_TCON] mid = 4 >[2019/03/15 14:20:16.479903, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.479919, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.479936, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.479953, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6069670 >[2019/03/15 14:20:16.479981, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:944(smbXsrv_session_global_store) >[2019/03/15 14:20:16.479994, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:946(smbXsrv_session_global_store) > smbXsrv_session_global_store: key 'F28A8A36' stored >[2019/03/15 14:20:16.480009, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000006 (6) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : Fri Mar 15 14:20:16 2019 CET > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000009 (9) > sids: ARRAY(9) > sids : S-1-5-21-1617874422-3509600710-549232689-1001 > sids : S-1-5-21-1617874422-3509600710-549232689-513 > sids : S-1-22-2-202 > sids : S-1-22-2-0 > sids : S-1-22-2-10 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-11 > sids : S-1-22-1-10005 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000002715 (10005) > gid : 0x00000000000000ca (202) > ngroups : 0x00000003 (3) > groups: ARRAY(3) > groups : 0x00000000000000ca (202) > groups : 0x0000000000000000 (0) > groups : 0x000000000000000a (10) > info : * > info: struct auth_user_info > account_name : * > account_name : 'mi' > user_principal_name : NULL > user_principal_constructed: 0x00 (0) > domain_name : * > domain_name : 'SONESERVER' > dns_domain_name : NULL > full_name : * > full_name : 'Heinrich Mislik' > logon_script : * > logon_script : '' > profile_path : * > profile_path : '\\soneserver\mi\profile' > home_directory : * > home_directory : '\\soneserver\mi' > home_drive : * > home_drive : '' > logon_server : * > logon_server : 'SONESERVER' > last_logon : NTTIME(0) > last_logoff : Thu Sep 14 04:48:05 30828 CEST > acct_expiry : Thu Sep 14 04:48:05 30828 CEST > last_password_change : Fri Mar 15 14:20:01 2019 CET > allow_password_change : Fri Mar 15 14:20:01 2019 CET > force_password_change : Thu Sep 14 04:48:05 30828 CEST > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000010 (16) > authenticated : 0x01 (1) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'mi' > sanitized_username : * > sanitized_username : 'mi' > torture : NULL > credentials : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x06 (6) > 0: SMBXSRV_SIGNING_REQUIRED > 1: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x0001 (1) >[2019/03/15 14:20:16.480789, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.480807, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.480823, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1414(smbXsrv_session_update) >[2019/03/15 14:20:16.480834, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_session.c:1422(smbXsrv_session_update) > smbXsrv_session_update: global_id (0xf28a8a36) stored >[2019/03/15 14:20:16.480849, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0xf28a8a36 (4069165622) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0xf28a8a36 (4069165622) > session_wire_id : 0x00000000f28a8a36 (4069165622) > creation_time : Fri Mar 15 14:20:16 2019 CET > expiration_time : Thu Jan 1 01:00:00 1970 CET > auth_time : Fri Mar 15 14:20:16 2019 CET > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000009 (9) > sids: ARRAY(9) > sids : S-1-5-21-1617874422-3509600710-549232689-1001 > sids : S-1-5-21-1617874422-3509600710-549232689-513 > sids : S-1-22-2-202 > sids : S-1-22-2-0 > sids : S-1-22-2-10 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-11 > sids : S-1-22-1-10005 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000002715 (10005) > gid : 0x00000000000000ca (202) > ngroups : 0x00000003 (3) > groups: ARRAY(3) > groups : 0x00000000000000ca (202) > groups : 0x0000000000000000 (0) > groups : 0x000000000000000a (10) > info : * > info: struct auth_user_info > account_name : * > account_name : 'mi' > user_principal_name : NULL > user_principal_constructed: 0x00 (0) > domain_name : * > domain_name : 'SONESERVER' > dns_domain_name : NULL > full_name : * > full_name : 'Heinrich Mislik' > logon_script : * > logon_script : '' > profile_path : * > profile_path : '\\soneserver\mi\profile' > home_directory : * > home_directory : '\\soneserver\mi' > home_drive : * > home_drive : '' > logon_server : * > logon_server : 'SONESERVER' > last_logon : NTTIME(0) > last_logoff : Thu Sep 14 04:48:05 30828 CEST > acct_expiry : Thu Sep 14 04:48:05 30828 CEST > last_password_change : Fri Mar 15 14:20:01 2019 CET > allow_password_change : Fri Mar 15 14:20:01 2019 CET > force_password_change : Thu Sep 14 04:48:05 30828 CEST > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000010 (16) > authenticated : 0x01 (1) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'mi' > sanitized_username : * > sanitized_username : 'mi' > torture : NULL > credentials : NULL > connection_dialect : 0x0311 (785) > signing_flags : 0x06 (6) > 0: SMBXSRV_SIGNING_REQUIRED > 1: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > local_address : 'ipv4:131.130.1.38:1139' > remote_address : 'ipv4:131.130.2.200:57546' > remote_name : '131.130.2.200' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x0001 (1) > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > nonce_high_random : 0x54f4b3f29a82f04d (6121715648059076685) > nonce_high_max : 0x0000000000ffffff (16777215) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : * > tcon_table : * > pending_auth : NULL >[2019/03/15 14:20:16.481711, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.481727, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.481741, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.481780, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.481813, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_tcon.c:214(smbd_smb2_tree_connect) > smbd_smb2_tree_connect: path[\\131.130.1.38\IPC$] share[IPC$] >[2019/03/15 14:20:16.481845, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.481862, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.481878, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 58C6AECD >[2019/03/15 14:20:16.481907, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6068480 >[2019/03/15 14:20:16.481995, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:710(smbXsrv_tcon_global_store) >[2019/03/15 14:20:16.482013, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:712(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '58C6AECD' stored >[2019/03/15 14:20:16.482029, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x58c6aecd (1489415885) > tcon_wire_id : 0x58c6aecd (1489415885) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2019/03/15 14:20:16.482187, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 58C6AECD >[2019/03/15 14:20:16.482203, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.482219, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:832(smbXsrv_tcon_create) >[2019/03/15 14:20:16.482229, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:840(smbXsrv_tcon_create) > smbXsrv_tcon_create: global_id (0x58c6aecd) stored >[2019/03/15 14:20:16.482244, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x58c6aecd (1489415885) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x58c6aecd (1489415885) > tcon_wire_id : 0x58c6aecd (1489415885) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_INTERNAL_ERROR > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : NULL >[2019/03/15 14:20:16.482447, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/access.c:365(allow_access) > Allowed connection from 131.130.2.200 (131.130.2.200) >[2019/03/15 14:20:16.482470, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share IPC$ is ok for unix user mi >[2019/03/15 14:20:16.482513, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:69(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2019/03/15 14:20:16.482540, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2019/03/15 14:20:16.482561, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share IPC$ is ok for unix user mi >[2019/03/15 14:20:16.482577, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:266(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user mi >[2019/03/15 14:20:16.482614, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2019/03/15 14:20:16.482633, 3, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks >[2019/03/15 14:20:16.482654, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2019/03/15 14:20:16.482670, 5, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2019/03/15 14:20:16.482685, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2019/03/15 14:20:16.482700, 5, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2019/03/15 14:20:16.482715, 3, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2019/03/15 14:20:16.482730, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2019/03/15 14:20:16.482776, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:69(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2019/03/15 14:20:16.482797, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share IPC$ is ok for unix user mi >[2019/03/15 14:20:16.482813, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:266(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user mi >[2019/03/15 14:20:16.482835, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2019/03/15 14:20:16.482866, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.482884, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-1617874422-3509600710-549232689-1001 > SID[ 1]: S-1-5-21-1617874422-3509600710-549232689-513 > SID[ 2]: S-1-22-2-202 > SID[ 3]: S-1-22-2-0 > SID[ 4]: S-1-22-2-10 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-22-1-10005 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:16.482947, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 10005 > Primary group is 202 and contains 3 supplementary groups > Group[ 0]: 202 > Group[ 1]: 0 > Group[ 2]: 10 >[2019/03/15 14:20:16.482985, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(10005,10005), gid=(202,202) >[2019/03/15 14:20:16.483011, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.483026, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.483041, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.483064, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.483087, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:69(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2019/03/15 14:20:16.483119, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/modules/vfs_default.c:178(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp >[2019/03/15 14:20:16.483138, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:841(make_connection_snum) > someserver (ipv4:131.130.2.200:57546) connect to service IPC$ initially as user mi (uid=10005, gid=202) (pid 11844) >[2019/03/15 14:20:16.483165, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.483180, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.483197, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 58C6AECD >[2019/03/15 14:20:16.483213, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6068a90 >[2019/03/15 14:20:16.483233, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:710(smbXsrv_tcon_global_store) >[2019/03/15 14:20:16.483244, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:712(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '58C6AECD' stored >[2019/03/15 14:20:16.483259, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000002 (2) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x58c6aecd (1489415885) > tcon_wire_id : 0x58c6aecd (1489415885) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'IPC$' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2019/03/15 14:20:16.483406, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 58C6AECD >[2019/03/15 14:20:16.483422, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.483437, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:877(smbXsrv_tcon_update) >[2019/03/15 14:20:16.483448, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:885(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0x58c6aecd) stored >[2019/03/15 14:20:16.483462, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x58c6aecd (1489415885) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x58c6aecd (1489415885) > tcon_wire_id : 0x58c6aecd (1489415885) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'IPC$' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : * >[2019/03/15 14:20:16.483651, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[no:0] at ../source3/smbd/smb2_tcon.c:173 >[2019/03/15 14:20:16.483671, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8160, charge 1, granted 33, current possible/max 480/512, total granted/max/low/range 65/8192/5/65 >[2019/03/15 14:20:16.483689, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu) > signed SMB2 message >[2019/03/15 14:20:16.484296, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.484325, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 5 (position 5) from bitmap >[2019/03/15 14:20:16.484349, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 5 >[2019/03/15 14:20:16.484385, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.484410, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-1617874422-3509600710-549232689-1001 > SID[ 1]: S-1-5-21-1617874422-3509600710-549232689-513 > SID[ 2]: S-1-22-2-202 > SID[ 3]: S-1-22-2-0 > SID[ 4]: S-1-22-2-10 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-22-1-10005 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:16.484476, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 10005 > Primary group is 202 and contains 3 supplementary groups > Group[ 0]: 202 > Group[ 1]: 0 > Group[ 2]: 10 >[2019/03/15 14:20:16.484514, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(10005,10005), gid=(202,202) >[2019/03/15 14:20:16.484538, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:888(vfs_ChDir) > vfs_ChDir to /tmp >[2019/03/15 14:20:16.484577, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:946(vfs_ChDir) > vfs_ChDir got /tmp >[2019/03/15 14:20:16.484595, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.484610, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.484627, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 58C6AECD >[2019/03/15 14:20:16.484644, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606c980 >[2019/03/15 14:20:16.484665, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:710(smbXsrv_tcon_global_store) >[2019/03/15 14:20:16.484676, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:712(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '58C6AECD' stored >[2019/03/15 14:20:16.484691, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000003 (3) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x58c6aecd (1489415885) > tcon_wire_id : 0x58c6aecd (1489415885) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'IPC$' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2019/03/15 14:20:16.484854, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 58C6AECD >[2019/03/15 14:20:16.484870, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.484885, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:877(smbXsrv_tcon_update) >[2019/03/15 14:20:16.484896, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:885(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0x58c6aecd) stored >[2019/03/15 14:20:16.484910, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x58c6aecd (1489415885) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x58c6aecd (1489415885) > tcon_wire_id : 0x58c6aecd (1489415885) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'IPC$' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : * >[2019/03/15 14:20:16.485100, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:1997(smbd_smb2_request_verify_creditcharge) > smbd_smb2_request_verify_creditcharge: mid 5, CreditCharge: 1, NeededCharge: 1 >[2019/03/15 14:20:16.485118, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_ioctl.c:397(smbd_smb2_ioctl_send) > smbd_smb2_ioctl: ctl_code[0x00060194] <no handle>, fnum [fsp is NULL] >[2019/03/15 14:20:16.485148, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/modules/vfs_default.c:196(vfswrap_get_dfs_referrals) >[2019/03/15 14:20:16.485160, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > dfs_GetDFSReferral: struct dfs_GetDFSReferral > in: struct dfs_GetDFSReferral > req: struct dfs_GetDFSReferral_in > max_referral_level : 0x0003 (3) > servername : '\131.130.1.38\someprinter' >[2019/03/15 14:20:16.485216, 10, pid=11844, effective(10005, 202), real(10005, 202), class=msdfs] ../source3/smbd/msdfs.c:129(parse_dfs_path) > parse_dfs_path: temp = |131.130.1.38\someprinter| after trimming \'s >[2019/03/15 14:20:16.485234, 10, pid=11844, effective(10005, 202), real(10005, 202), class=msdfs] ../source3/smbd/msdfs.c:154(parse_dfs_path) > parse_dfs_path: hostname: 131.130.1.38 >[2019/03/15 14:20:16.485249, 10, pid=11844, effective(10005, 202), real(10005, 202), class=msdfs] ../source3/smbd/msdfs.c:196(parse_dfs_path) > parse_dfs_path: servicename: someprinter >[2019/03/15 14:20:16.485268, 3, pid=11844, effective(10005, 202), real(10005, 202), class=msdfs] ../source3/smbd/msdfs.c:1008(get_referred_path) > get_referred_path: |someprinter| in dfs path \131.130.1.38\someprinter is not a dfs root. >[2019/03/15 14:20:16.485289, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_ioctl.c:294(smbd_smb2_request_ioctl_done) > smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 0 status NT_STATUS_NOT_FOUND >[2019/03/15 14:20:16.485311, 3, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312 >[2019/03/15 14:20:16.485328, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_NOT_FOUND] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:3219 >[2019/03/15 14:20:16.485346, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8128, charge 1, granted 33, current possible/max 448/512, total granted/max/low/range 97/8192/6/97 >[2019/03/15 14:20:16.485881, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.485904, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 6 (position 6) from bitmap >[2019/03/15 14:20:16.485920, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_TDIS] mid = 6 >[2019/03/15 14:20:16.485937, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2019/03/15 14:20:16.485953, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.485968, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.485983, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.486013, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 4 > req->in.vector[4].iov_len = 0 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2019/03/15 14:20:16.486099, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.486116, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.486130, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.486154, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.486172, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.486187, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.486204, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 58C6AECD >[2019/03/15 14:20:16.486220, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6068a90 >[2019/03/15 14:20:16.486242, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 58C6AECD >[2019/03/15 14:20:16.486257, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.486277, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.486293, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.486307, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.486330, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.486348, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:1120(close_cnum) > someserver (ipv4:131.130.2.200:57546) closed connection to service IPC$ >[2019/03/15 14:20:16.486368, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:888(vfs_ChDir) > vfs_ChDir to / >[2019/03/15 14:20:16.486400, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:946(vfs_ChDir) > vfs_ChDir got / >[2019/03/15 14:20:16.486417, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.486432, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.486451, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.486474, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.486501, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[4] dyn[no:0] at ../source3/smbd/smb2_tcon.c:527 >[2019/03/15 14:20:16.486519, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8096, charge 1, granted 33, current possible/max 416/512, total granted/max/low/range 129/8192/7/129 >[2019/03/15 14:20:16.487043, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.487066, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 7 (position 7) from bitmap >[2019/03/15 14:20:16.487082, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_TCON] mid = 7 >[2019/03/15 14:20:16.487100, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.487115, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.487129, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.487153, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.487174, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_tcon.c:214(smbd_smb2_tree_connect) > smbd_smb2_tree_connect: path[\\131.130.1.38\someprinter] share[someprinter] >[2019/03/15 14:20:16.487199, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.487215, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.487232, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key E1C707E5 >[2019/03/15 14:20:16.487248, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606b370 >[2019/03/15 14:20:16.487270, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:710(smbXsrv_tcon_global_store) >[2019/03/15 14:20:16.487282, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:712(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key 'E1C707E5' stored >[2019/03/15 14:20:16.487297, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0xe1c707e5 (3787917285) > tcon_wire_id : 0xe1c707e5 (3787917285) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2019/03/15 14:20:16.487447, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key E1C707E5 >[2019/03/15 14:20:16.487463, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.487478, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:832(smbXsrv_tcon_create) >[2019/03/15 14:20:16.487489, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:840(smbXsrv_tcon_create) > smbXsrv_tcon_create: global_id (0xe1c707e5) stored >[2019/03/15 14:20:16.487504, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0xe1c707e5 (3787917285) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0xe1c707e5 (3787917285) > tcon_wire_id : 0xe1c707e5 (3787917285) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_INTERNAL_ERROR > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : NULL >[2019/03/15 14:20:16.487696, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/access.c:365(allow_access) > Allowed connection from 131.130.2.200 (131.130.2.200) >[2019/03/15 14:20:16.487717, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share someprinter is ok for unix user mi >[2019/03/15 14:20:16.487753, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:69(set_conn_connectpath) > set_conn_connectpath: service someprinter, connectpath = /tmp >[2019/03/15 14:20:16.487785, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/tmp' for service [someprinter] >[2019/03/15 14:20:16.487802, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share someprinter is ok for unix user mi >[2019/03/15 14:20:16.487818, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:266(is_share_read_only_for_token) > is_share_read_only_for_user: share someprinter is read-write for unix user mi >[2019/03/15 14:20:16.487843, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2019/03/15 14:20:16.487859, 3, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks >[2019/03/15 14:20:16.487874, 3, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2019/03/15 14:20:16.487890, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2019/03/15 14:20:16.487917, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:69(set_conn_connectpath) > set_conn_connectpath: service someprinter, connectpath = /tmp >[2019/03/15 14:20:16.487935, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share someprinter is ok for unix user mi >[2019/03/15 14:20:16.487951, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:266(is_share_read_only_for_token) > is_share_read_only_for_user: share someprinter is read-write for unix user mi >[2019/03/15 14:20:16.487972, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2019/03/15 14:20:16.488002, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.488020, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-1617874422-3509600710-549232689-1001 > SID[ 1]: S-1-5-21-1617874422-3509600710-549232689-513 > SID[ 2]: S-1-22-2-202 > SID[ 3]: S-1-22-2-0 > SID[ 4]: S-1-22-2-10 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-22-1-10005 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:16.488083, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 10005 > Primary group is 202 and contains 3 supplementary groups > Group[ 0]: 202 > Group[ 1]: 0 > Group[ 2]: 10 >[2019/03/15 14:20:16.488135, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(10005,10005), gid=(202,202) >[2019/03/15 14:20:16.488157, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.488172, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.488186, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.488209, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.488231, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:69(set_conn_connectpath) > set_conn_connectpath: service someprinter, connectpath = /tmp >[2019/03/15 14:20:16.488257, 10, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/modules/vfs_default.c:178(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share someprinter, directory /tmp >[2019/03/15 14:20:16.488274, 2, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:841(make_connection_snum) > someserver (ipv4:131.130.2.200:57546) connect to service someprinter initially as user mi (uid=10005, gid=202) (pid 11844) >[2019/03/15 14:20:16.488295, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.488311, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.488327, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key E1C707E5 >[2019/03/15 14:20:16.488343, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606aac0 >[2019/03/15 14:20:16.488363, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:710(smbXsrv_tcon_global_store) >[2019/03/15 14:20:16.488374, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:712(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key 'E1C707E5' stored >[2019/03/15 14:20:16.488390, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000002 (2) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0xe1c707e5 (3787917285) > tcon_wire_id : 0xe1c707e5 (3787917285) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'someprinter' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2019/03/15 14:20:16.488538, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key E1C707E5 >[2019/03/15 14:20:16.488554, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.488569, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:877(smbXsrv_tcon_update) >[2019/03/15 14:20:16.488580, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:885(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0xe1c707e5) stored >[2019/03/15 14:20:16.488594, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0xe1c707e5 (3787917285) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0xe1c707e5 (3787917285) > tcon_wire_id : 0xe1c707e5 (3787917285) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'someprinter' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : * >[2019/03/15 14:20:16.488790, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[no:0] at ../source3/smbd/smb2_tcon.c:173 >[2019/03/15 14:20:16.488807, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8064, charge 1, granted 33, current possible/max 384/512, total granted/max/low/range 161/8192/8/161 >[2019/03/15 14:20:16.488829, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu) > signed SMB2 message >[2019/03/15 14:20:16.489392, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.489413, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 8 (position 8) from bitmap >[2019/03/15 14:20:16.489430, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 8 >[2019/03/15 14:20:16.489448, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.489465, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-1617874422-3509600710-549232689-1001 > SID[ 1]: S-1-5-21-1617874422-3509600710-549232689-513 > SID[ 2]: S-1-22-2-202 > SID[ 3]: S-1-22-2-0 > SID[ 4]: S-1-22-2-10 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-22-1-10005 > Privileges (0x 0): > Rights (0x 0): >[2019/03/15 14:20:16.489529, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 10005 > Primary group is 202 and contains 3 supplementary groups > Group[ 0]: 202 > Group[ 1]: 0 > Group[ 2]: 10 >[2019/03/15 14:20:16.489567, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(10005,10005), gid=(202,202) >[2019/03/15 14:20:16.489586, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:888(vfs_ChDir) > vfs_ChDir to /tmp >[2019/03/15 14:20:16.489609, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:946(vfs_ChDir) > vfs_ChDir got /tmp >[2019/03/15 14:20:16.489625, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.489640, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.489657, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key E1C707E5 >[2019/03/15 14:20:16.489673, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b605d9e0 >[2019/03/15 14:20:16.489694, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:710(smbXsrv_tcon_global_store) >[2019/03/15 14:20:16.489705, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:712(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key 'E1C707E5' stored >[2019/03/15 14:20:16.489721, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000003 (3) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0xe1c707e5 (3787917285) > tcon_wire_id : 0xe1c707e5 (3787917285) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'someprinter' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2019/03/15 14:20:16.489882, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key E1C707E5 >[2019/03/15 14:20:16.489905, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.489920, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:877(smbXsrv_tcon_update) >[2019/03/15 14:20:16.489931, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_tcon.c:885(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0xe1c707e5) stored >[2019/03/15 14:20:16.489945, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0xe1c707e5 (3787917285) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0xe1c707e5 (3787917285) > tcon_wire_id : 0xe1c707e5 (3787917285) > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > creation_time : Fri Mar 15 14:20:16 2019 CET > share_name : 'someprinter' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0xf28a8a36 (4069165622) > signing_flags : 0x04 (4) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 1: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : * >[2019/03/15 14:20:16.490141, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_create.c:652(smbd_smb2_create_send) > smbd_smb2_create_send: name [origin_ips] >[2019/03/15 14:20:16.490173, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_open_global.tdb >[2019/03/15 14:20:16.490189, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.490205, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 86D5315A >[2019/03/15 14:20:16.490232, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606a3c0 >[2019/03/15 14:20:16.490248, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_open.c:625(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2019/03/15 14:20:16.490339, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_open.c:744(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '86D5315A' stored >[2019/03/15 14:20:16.490359, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > open_global_id : 0x86d5315a (2262118746) > open_persistent_id : 0x0000000086d5315a (2262118746) > open_volatile_id : 0x000000006d9aa283 (1838850691) > open_owner : S-1-5-21-1617874422-3509600710-549232689-1001 > open_time : Fri Mar 15 14:20:16 2019 CET > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : ce7d6988-99c5-42e2-ac03-cb5f86cd080a > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > channel_sequence : 0x0000 (0) > channel_generation : 0x0000000000000000 (0) >[2019/03/15 14:20:16.490519, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 86D5315A >[2019/03/15 14:20:16.490535, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_open_global.tdb >[2019/03/15 14:20:16.490550, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbXsrv_open.c:911(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x86d5315a) stored >[2019/03/15 14:20:16.490566, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:422(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x6d9aa283 (1838850691) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000002e44 (11844) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3d0b7e3c055a0e9b (4398748257310346907) > open_global_id : 0x86d5315a (2262118746) > open_persistent_id : 0x0000000086d5315a (2262118746) > open_volatile_id : 0x000000006d9aa283 (1838850691) > open_owner : S-1-5-21-1617874422-3509600710-549232689-1001 > open_time : Fri Mar 15 14:20:16 2019 CET > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : ce7d6988-99c5-42e2-ac03-cb5f86cd080a > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > channel_sequence : 0x0000 (0) > channel_generation : 0x0000000000000000 (0) > status : NT_STATUS_OK > idle_time : Fri Mar 15 14:20:16 2019 CET > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) > request_count : 0x0000000000000000 (0) > pre_request_count : 0x0000000000000000 (0) >[2019/03/15 14:20:16.490800, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 1838850691 (1 used) >[2019/03/15 14:20:16.490906, 5, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:1106(rpc_pipe_open_interface) > Connecting to spoolss pipe. >[2019/03/15 14:20:16.490958, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:220(make_internal_rpc_pipe_p) > Create pipe requested spoolss >[2019/03/15 14:20:16.490981, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2019/03/15 14:20:16.490997, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2019/03/15 14:20:16.491030, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_rpc_pipe_p) > Created internal pipe spoolss >[2019/03/15 14:20:16.491107, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > in: struct spoolss_OpenPrinter > printername : * > printername : 'someprinter' > datatype : * > datatype : 'RAW' > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ >[2019/03/15 14:20:16.491237, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.491256, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(4069165622) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.491271, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.491286, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.491301, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.491344, 1, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) > Failed to fetch record! >[2019/03/15 14:20:16.491360, 1, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/server_reload.c:69(delete_and_reload_printers) > pcap cache not loaded >[2019/03/15 14:20:16.491381, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 > checking name: someprinter >[2019/03/15 14:20:16.491403, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:705(open_printer_hnd) > open_printer_hnd: name [someprinter] >[2019/03/15 14:20:16.491424, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.491457, 3, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:477(set_printer_hnd_printertype) > Setting printer type=someprinter > Printer is a printer >[2019/03/15 14:20:16.491479, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:537(set_printer_hnd_name) > Setting printer name=someprinter (len=11) > searching for [someprinter] >[2019/03/15 14:20:16.491516, 10, pid=11844, effective(10005, 202), real(10005, 202), class=tdb] ../source3/lib/gencache.c:301(gencache_set_data_blob) > Adding cache entry with key=[PRINTERNAME/someprinter] and timeout=[Fri Mar 15 14:25:16 2019 CET] (300 seconds ahead) > set_printer_hnd_name: Printer found: someprinter -> someprinter >[2019/03/15 14:20:16.491545, 5, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:741(open_printer_hnd) > 1 printer handles active >[2019/03/15 14:20:16.491561, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.491596, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.491626, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:460(get_printer_snum) > short name:someprinter >[2019/03/15 14:20:16.491654, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/util/access.c:365(allow_access) > Allowed connection from 131.130.2.200 (131.130.2.200) >[2019/03/15 14:20:16.491713, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/share_access.c:219(user_ok_token) > user_ok_token: share someprinter is ok for unix user mi >[2019/03/15 14:20:16.491735, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1896(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2019/03/15 14:20:16.491778, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:220(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2019/03/15 14:20:16.491799, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2019/03/15 14:20:16.491815, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2019/03/15 14:20:16.491845, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2019/03/15 14:20:16.491913, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:16.491993, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2019/03/15 14:20:16.492023, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.492045, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(4069165622) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.492061, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.492075, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.492090, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.492168, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.492187, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:887(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2019/03/15 14:20:16.492211, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2019/03/15 14:20:16.492227, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2019/03/15 14:20:16.492244, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.492258, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM] >[2019/03/15 14:20:16.492302, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.492336, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.492438, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-8b5c-90a6442e0000 > keyname: struct winreg_String > name_len : 0x0090 (144) > name_size : 0x0090 (144) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:16.492579, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.492612, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2019/03/15 14:20:16.492628, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (1->2) >[2019/03/15 14:20:16.492645, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.492664, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.492680, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.492695, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.492728, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2019/03/15 14:20:16.492744, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (2->3) >[2019/03/15 14:20:16.492761, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.492789, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.492806, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.492820, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.492850, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2019/03/15 14:20:16.492866, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:16.492882, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.492897, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.492913, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.492927, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.492954, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2019/03/15 14:20:16.492970, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:16.492986, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.493001, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.493017, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.493035, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.493071, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2019/03/15 14:20:16.493087, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (5->6) >[2019/03/15 14:20:16.493103, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.493118, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.493135, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.493149, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.493181, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2019/03/15 14:20:16.493198, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (6->7) >[2019/03/15 14:20:16.493213, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.493228, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.493245, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.493259, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.493286, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [someprinter] >[2019/03/15 14:20:16.493302, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (7->8) >[2019/03/15 14:20:16.493318, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.493333, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.493350, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.493364, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.493401, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (8->7) >[2019/03/15 14:20:16.493418, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (7->6) >[2019/03/15 14:20:16.493433, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (6->5) >[2019/03/15 14:20:16.493448, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:16.493464, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:16.493479, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (3->2) >[2019/03/15 14:20:16.493495, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.493527, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.493585, 2, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/rpc_client/cli_winreg_spoolss.c:769(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter already exists >[2019/03/15 14:20:16.493630, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.493675, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.493707, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.493737, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.493752, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (2->1) >[2019/03/15 14:20:16.493783, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.493851, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.493893, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.493923, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.493953, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.493968, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (1->0) >[2019/03/15 14:20:16.493995, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.494049, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2019/03/15 14:20:16.494068, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > spoolss_OpenPrinter: struct spoolss_OpenPrinter > out: struct spoolss_OpenPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.494150, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > in: struct spoolss_StartDocPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-8b5c-90a6442e0000 > info_ctr : * > info_ctr: struct spoolss_DocumentInfoCtr > level : 0x00000001 (1) > info : union spoolss_DocumentInfo(case 1) > info1 : * > info1: struct spoolss_DocumentInfo1 > document_name : * > document_name : 'Remote Downlevel Document origin_ips' > output_file : * > output_file : '/tmp/smbprn.OrxuV0' > datatype : * > datatype : 'RAW' >[2019/03/15 14:20:16.494264, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.494296, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.494326, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:460(get_printer_snum) > short name:someprinter >[2019/03/15 14:20:16.494392, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:220(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2019/03/15 14:20:16.494412, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2019/03/15 14:20:16.494428, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2019/03/15 14:20:16.494460, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2019/03/15 14:20:16.494489, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:16.494558, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2019/03/15 14:20:16.494580, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) > push_sec_ctx(10005, 202) : sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.494597, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(4069165622) : conn_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.494612, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2019/03/15 14:20:16.494627, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.494642, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.494700, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:438(pop_sec_ctx) > pop_sec_ctx (10005, 202) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.494723, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:887(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2019/03/15 14:20:16.494750, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2019/03/15 14:20:16.494765, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2019/03/15 14:20:16.494801, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.494815, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM] >[2019/03/15 14:20:16.494859, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.494892, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.494963, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-8b5c-90a6442e0000 > keyname: struct winreg_String > name_len : 0x0090 (144) > name_size : 0x0090 (144) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:16.495097, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.495130, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2019/03/15 14:20:16.495146, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (1->2) >[2019/03/15 14:20:16.495167, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.495183, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.495198, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495212, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.495244, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2019/03/15 14:20:16.495260, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (2->3) >[2019/03/15 14:20:16.495276, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.495290, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.495306, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495320, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.495347, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2019/03/15 14:20:16.495363, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:16.495379, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.495393, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.495409, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495423, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.495450, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2019/03/15 14:20:16.495466, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:16.495481, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.495496, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.495515, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495530, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.495561, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2019/03/15 14:20:16.495577, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (5->6) >[2019/03/15 14:20:16.495593, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.495608, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.495624, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495638, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.495670, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2019/03/15 14:20:16.495687, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (6->7) >[2019/03/15 14:20:16.495703, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.495718, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.495735, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495749, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.495830, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [someprinter] >[2019/03/15 14:20:16.495862, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (7->8) >[2019/03/15 14:20:16.495881, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.495898, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.495917, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.495938, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.495977, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (8->7) >[2019/03/15 14:20:16.495995, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (7->6) >[2019/03/15 14:20:16.496010, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (6->5) >[2019/03/15 14:20:16.496026, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:16.496041, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:16.496056, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (3->2) >[2019/03/15 14:20:16.496072, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.496105, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.496192, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2019/03/15 14:20:16.496266, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.496302, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter' (ops 0x7f414bf90000) >[2019/03/15 14:20:16.496319, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.496354, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2019/03/15 14:20:16.496372, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Description] len[2] >[2019/03/15 14:20:16.496388, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Datatype] len[8] >[2019/03/15 14:20:16.496403, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Default Priority] len[4] >[2019/03/15 14:20:16.496419, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Port] len[38] >[2019/03/15 14:20:16.496434, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Name] len[24] >[2019/03/15 14:20:16.496450, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Print Processor] len[18] >[2019/03/15 14:20:16.496466, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Priority] len[4] >[2019/03/15 14:20:16.496482, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Security] len[176] >[2019/03/15 14:20:16.496498, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[9]: name[Share Name] len[24] >[2019/03/15 14:20:16.496514, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[10]: name[StartTime] len[4] >[2019/03/15 14:20:16.496530, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[11]: name[UntilTime] len[4] >[2019/03/15 14:20:16.496545, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[12]: name[ChangeID] len[4] >[2019/03/15 14:20:16.496561, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:2090(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.496589, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x0000000d (13) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000b0 (176) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2019/03/15 14:20:16.496755, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.496883, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.496915, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.496933, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2019/03/15 14:20:16.497086, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.497218, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.497251, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.497269, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2019/03/15 14:20:16.497390, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.497501, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.497532, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.497557, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2019/03/15 14:20:16.497703, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.497861, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.497895, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.497913, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2019/03/15 14:20:16.498052, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.498174, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.498206, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.498223, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2019/03/15 14:20:16.498515, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.498625, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.498657, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.498673, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x73 (115) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x70 (112) > [9] : 0x00 (0) > [10] : 0x72 (114) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x6e (110) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x72 (114) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2019/03/15 14:20:16.498908, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.499020, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.499052, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.499069, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2019/03/15 14:20:16.499265, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.499375, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.499406, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.499422, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2019/03/15 14:20:16.499553, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.499671, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.499714, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.499733, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x000000b0 (176) > result : WERR_OK >[2019/03/15 14:20:16.500695, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.500816, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.500848, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.500870, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x73 (115) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x70 (112) > [9] : 0x00 (0) > [10] : 0x72 (114) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x6e (110) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x72 (114) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2019/03/15 14:20:16.501097, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.501214, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.501245, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.501262, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2019/03/15 14:20:16.501391, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.501502, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.501533, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.501549, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2019/03/15 14:20:16.501677, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000b0 (176) > length : * > length : 0x00000000 (0) >[2019/03/15 14:20:16.501807, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.501839, 8, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.501856, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x17 (23) > [1] : 0xdd (221) > [2] : 0x03 (3) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2019/03/15 14:20:16.502011, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2019/03/15 14:20:16.502126, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.502158, 7, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.502174, 7, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2019/03/15 14:20:16.502191, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_FILE_NOT_FOUND >[2019/03/15 14:20:16.502211, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_FILE_NOT_FOUND >[2019/03/15 14:20:16.502303, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:16.502374, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2019/03/15 14:20:16.502390, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (2->3) >[2019/03/15 14:20:16.502407, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2019/03/15 14:20:16.502422, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2019/03/15 14:20:16.502437, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.502452, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM] >[2019/03/15 14:20:16.502485, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.502525, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.502635, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-8b5c-90a6442e0000 > keyname: struct winreg_String > name_len : 0x0090 (144) > name_size : 0x0090 (144) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2019/03/15 14:20:16.502839, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.502894, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2019/03/15 14:20:16.502916, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (3->4) >[2019/03/15 14:20:16.502939, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.502960, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.502981, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.503001, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE] >[2019/03/15 14:20:16.503048, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2019/03/15 14:20:16.503072, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (4->5) >[2019/03/15 14:20:16.503147, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.503176, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.503200, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.503221, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft] >[2019/03/15 14:20:16.503267, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2019/03/15 14:20:16.503291, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (5->6) >[2019/03/15 14:20:16.503313, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.503334, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.503356, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.503376, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2019/03/15 14:20:16.503415, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2019/03/15 14:20:16.503438, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (6->7) >[2019/03/15 14:20:16.503461, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.503481, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.503504, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.503524, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2019/03/15 14:20:16.503571, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2019/03/15 14:20:16.503595, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (7->8) >[2019/03/15 14:20:16.503623, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.503644, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.503668, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.503694, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414de21700 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2019/03/15 14:20:16.503737, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2019/03/15 14:20:16.503760, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (8->9) >[2019/03/15 14:20:16.503805, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.503827, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.503853, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.503876, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2019/03/15 14:20:16.503923, 7, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [someprinter] >[2019/03/15 14:20:16.503950, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:859(regdb_open) > regdb_open: incrementing refcount (9->10) >[2019/03/15 14:20:16.503975, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.503998, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.504025, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2019/03/15 14:20:16.504049, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0x7f414bf90000 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.504098, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (10->9) >[2019/03/15 14:20:16.504124, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (9->8) >[2019/03/15 14:20:16.504148, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (8->7) >[2019/03/15 14:20:16.504170, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (7->6) >[2019/03/15 14:20:16.504193, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (6->5) >[2019/03/15 14:20:16.504215, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (5->4) >[2019/03/15 14:20:16.504249, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.504303, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-8b5c-90a6442e0000 > result : WERR_OK >[2019/03/15 14:20:16.504410, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-8b5c-90a6442e0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2019/03/15 14:20:16.504532, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.504566, 7, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.504582, 7, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2019/03/15 14:20:16.504598, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter' (ops 0x7f414bf90000) >[2019/03/15 14:20:16.504614, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1907(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.504643, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2019/03/15 14:20:16.504661, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Description] len[2] >[2019/03/15 14:20:16.504677, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Datatype] len[8] >[2019/03/15 14:20:16.504698, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Default Priority] len[4] >[2019/03/15 14:20:16.504714, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Port] len[38] >[2019/03/15 14:20:16.504730, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Name] len[24] >[2019/03/15 14:20:16.504746, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Print Processor] len[18] >[2019/03/15 14:20:16.504761, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Priority] len[4] >[2019/03/15 14:20:16.504790, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Security] len[176] >[2019/03/15 14:20:16.504807, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[9]: name[Share Name] len[24] >[2019/03/15 14:20:16.504822, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[10]: name[StartTime] len[4] >[2019/03/15 14:20:16.504838, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[11]: name[UntilTime] len[4] >[2019/03/15 14:20:16.504854, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:1852(regdb_unpack_values) > regdb_unpack_values: value[12]: name[ChangeID] len[4] >[2019/03/15 14:20:16.504871, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2019/03/15 14:20:16.504954, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-8b5c-90a6442e0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x00000000 (0) >[2019/03/15 14:20:16.505067, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.505099, 7, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\someprinter] >[2019/03/15 14:20:16.505114, 7, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2019/03/15 14:20:16.505132, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(176) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x7c (124) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x18 (24) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x02 (2) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x20 (32) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x20 (32) > [101] : 0x02 (2) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x02 (2) > [106] : 0x18 (24) > [107] : 0x00 (0) > [108] : 0x0c (12) > [109] : 0x00 (0) > [110] : 0x0f (15) > [111] : 0x10 (16) > [112] : 0x01 (1) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x05 (5) > [120] : 0x20 (32) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x20 (32) > [125] : 0x02 (2) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x09 (9) > [130] : 0x18 (24) > [131] : 0x00 (0) > [132] : 0x0c (12) > [133] : 0x00 (0) > [134] : 0x0f (15) > [135] : 0x10 (16) > [136] : 0x01 (1) > [137] : 0x02 (2) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x05 (5) > [144] : 0x20 (32) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x26 (38) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x02 (2) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x26 (38) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > data_size : * > data_size : 0x000000b0 (176) > data_length : * > data_length : 0x000000b0 (176) > result : WERR_OK >[2019/03/15 14:20:16.506097, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.506150, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506183, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506213, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.506229, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (4->3) >[2019/03/15 14:20:16.506245, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.506306, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.506348, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506379, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506409, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.506424, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (3->2) >[2019/03/15 14:20:16.506439, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.506499, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.506544, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506575, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506605, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.506622, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (2->1) >[2019/03/15 14:20:16.506637, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.506696, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.506738, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506777, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.506809, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.506824, 10, pid=11844, effective(10005, 202), real(10005, 202), class=registry] ../source3/registry/reg_backend_db.c:904(regdb_close) > regdb_close: decrementing refcount (1->0) >[2019/03/15 14:20:16.506863, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.506920, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg >[2019/03/15 14:20:16.506967, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1373(print_cache_expired) > print_cache_expired: cache expired for queue someprinter (last_qscan_time = 1552655905, time now = 1552656016, qcachetime = 30) >[2019/03/15 14:20:16.507021, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1790(print_queue_update) > print_queue_update: Sending message -> printer = someprinter, type = 6, lpq command = [lpq -P'someprinter'] lprm command = [lprm -P'someprinter' 131_130_1_38] >[2019/03/15 14:20:16.507093, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm.c:1430(messaging_dgm_send) > messaging_dgm_send: Sending message to 11839 >[2019/03/15 14:20:16.507135, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:2836(print_job_start) > print_job_start: Queue someprinter number of jobs (1), max printjobs = 1000 >[2019/03/15 14:20:16.507165, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:2604(allocate_print_jobid) > allocate_print_jobid: Read jobid 5 from someprinter >[2019/03/15 14:20:16.507225, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:2768(print_job_spool_file) > print_job_spool_file:External spooling activated >[2019/03/15 14:20:16.507271, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x10 for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.507289, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x03 for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.507305, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0d for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.507321, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.507337, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x16 for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.507352, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x14 for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.507367, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:2668(add_to_jobs_added) > add_to_jobs_added: Added jobid 6 >[2019/03/15 14:20:16.507393, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > spoolss_StartDocPrinter: struct spoolss_StartDocPrinter > out: struct spoolss_StartDocPrinter > job_id : * > job_id : 0x00000006 (6) > result : WERR_OK >[2019/03/15 14:20:16.507463, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:79(pjobid_to_rap) > pjobid_to_rap: called. >[2019/03/15 14:20:16.507493, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:114(pjobid_to_rap) > pjobid_to_rap: created jobid 6 maps to RAP jobid 1 >[2019/03/15 14:20:16.507518, 8, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:667(dos_mode) > dos_mode: /tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.507543, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:70(dos_mode_debug_print) > dos_mode_debug_print: dos_mode_from_sbuf returning (0x0): "" >[2019/03/15 14:20:16.507560, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:70(dos_mode_debug_print) > dos_mode_debug_print: dos_mode returning (0x80): "" >[2019/03/15 14:20:16.507580, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_create.c:1507(smbd_smb2_create_finish) > smbd_smb2_create_finish: /tmp/smbprn.OrxuV0 - fnum 1838850691 >[2019/03/15 14:20:16.507609, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:367 >[2019/03/15 14:20:16.507628, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8032, charge 1, granted 33, current possible/max 352/512, total granted/max/low/range 193/8192/9/193 >[2019/03/15 14:20:16.507718, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:400(messaging_recv_cb) > messaging_recv_cb: Received message 0x205 len 70 (num_fds:0) from 11844 >[2019/03/15 14:20:16.507778, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1580(print_queue_update_with_lock) > print_queue_update_with_lock: printer share = someprinter >[2019/03/15 14:20:16.507894, 4, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1373(print_cache_expired) > print_cache_expired: cache expired for queue someprinter (last_qscan_time = 1552655905, time now = 1552656016, qcachetime = 30) >[2019/03/15 14:20:16.507940, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1205(set_updating_pid) > set_updating_pid: updating lpq cache for print share someprinter >[2019/03/15 14:20:16.507974, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1428(print_queue_update_internal) > print_queue_update_internal: printer = someprinter, type = 6, lpq command = [lpq -P'someprinter'] >[2019/03/15 14:20:16.508261, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/smbrun.c:58(setup_out_fd) > setup_out_fd: Created tmp file /tmp/smb.qsXef3 >[2019/03/15 14:20:16.508341, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.508365, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 9 (position 9) from bitmap >[2019/03/15 14:20:16.508382, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 9 >[2019/03/15 14:20:16.508402, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2019/03/15 14:20:16.508424, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:1997(smbd_smb2_request_verify_creditcharge) > smbd_smb2_request_verify_creditcharge: mid 9, CreditCharge: 1, NeededCharge: 1 >[2019/03/15 14:20:16.508441, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_write.c:293(smbd_smb2_write_send) > smbd_smb2_write: /tmp/smbprn.OrxuV0 - fnum 1838850691 >[2019/03/15 14:20:16.508470, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/brlock.c:2050(brl_get_locks_readonly) > seqnum=0, fsp->brlock_seqnum=0 >[2019/03/15 14:20:16.508511, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/posix.c:316(is_posix_locked) > is_posix_locked: File /tmp/smbprn.OrxuV0, offset = 0, count = 170, type = WRITE >[2019/03/15 14:20:16.508531, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/posix.c:170(posix_lock_in_range) > posix_lock_in_range: offset_out = 0, count_out = 170 >[2019/03/15 14:20:16.508547, 8, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/posix.c:263(posix_fcntl_getlock) > posix_fcntl_getlock 34 0 170 1 >[2019/03/15 14:20:16.508571, 8, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/lib/util.c:1044(fcntl_getlock) > fcntl_getlock fd=34 op=5 offset=0 count=170 type=1 >[2019/03/15 14:20:16.508604, 3, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/lib/util.c:1068(fcntl_getlock) > fcntl_getlock: fd 34 is returned info 2 pid 0 >[2019/03/15 14:20:16.508620, 8, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/posix.c:295(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2019/03/15 14:20:16.508635, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/brlock.c:1440(brl_locktest) > brl_locktest: posix start=0 len=170 unlocked for fnum 1838850691 file /tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.508655, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/locking.c:162(strict_lock_check_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=170 unlocked for fnum 1838850691 file /tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.508746, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/locking/brlock.c:2050(brl_get_locks_readonly) > seqnum=0, fsp->brlock_seqnum=0 >[2019/03/15 14:20:16.508778, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/smbd/oplock.c:1093(contend_level2_oplocks_begin_default) > num_read_oplocks = 0 >[2019/03/15 14:20:16.508795, 10, pid=11844, effective(10005, 202), real(10005, 202), class=locking] ../source3/smbd/oplock.c:1096(contend_level2_oplocks_begin_default) > No read oplocks around >[2019/03/15 14:20:16.508810, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/aio.c:915(schedule_aio_smb2_write) > smb2: scheduled aio_write for file /tmp/smbprn.OrxuV0, offset 0, len = 170 (mid = 9) outstanding_aio_calls = 1 > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 48 > req->in.vector[4].iov_len = 170 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2019/03/15 14:20:16.508943, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/aio.c:935(aio_pwrite_smb2_done) > pwrite_recv returned 170, err = no error >[2019/03/15 14:20:16.508968, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/fileio.c:228(trigger_write_time_update) > Update write time 2000000 usec later on /tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.508985, 8, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:667(dos_mode) > dos_mode: /tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.509001, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:70(dos_mode_debug_print) > dos_mode_debug_print: dos_mode_from_sbuf returning (0x0): "" >[2019/03/15 14:20:16.509017, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:70(dos_mode_debug_print) > dos_mode_debug_print: dos_mode returning (0x80): "" >[2019/03/15 14:20:16.509032, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:756(file_set_dosmode) > file_set_dosmode: setting dos mode 0x20 on file /tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.509114, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/dosmode.c:206(unix_mode) > unix_mode: unix_mode(/tmp/smbprn.OrxuV0) returning 0744 >[2019/03/15 14:20:16.509151, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/notify_msg.c:218(notify_trigger) > notify_trigger called action=0x3, filter=0x4, dir=/tmp, name=/tmp/smbprn.OrxuV0 >[2019/03/15 14:20:16.509170, 3, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_write.c:215(smb2_write_complete_internal) > smb2: fnum 1838850691, file /tmp/smbprn.OrxuV0, length=170 offset=0 wrote=170 >[2019/03/15 14:20:16.509191, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/aio.c:956(aio_pwrite_smb2_done) > smb2: scheduled aio_write completed for file /tmp/smbprn.OrxuV0, offset 0, requested 170, written = 170 (errcode = 0, NTSTATUS = NT_STATUS_OK) >[2019/03/15 14:20:16.509209, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:167 >[2019/03/15 14:20:16.509227, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 8000, charge 1, granted 33, current possible/max 320/512, total granted/max/low/range 225/8192/10/225 >[2019/03/15 14:20:16.509739, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.509763, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 10 (position 10) from bitmap >[2019/03/15 14:20:16.509790, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 10 >[2019/03/15 14:20:16.509807, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2019/03/15 14:20:16.509830, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_close.c:230(smbd_smb2_close) > smbd_smb2_close: /tmp/smbprn.OrxuV0 - fnum 1838850691 >[2019/03/15 14:20:16.509886, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-8b5c-90a6442e0000 >[2019/03/15 14:20:16.509937, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.509974, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.510006, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.510039, 4, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:460(get_printer_snum) > short name:someprinter >[2019/03/15 14:20:16.510064, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:468(print_job_find) > print_job_find: looking up job 6 for share someprinter >[2019/03/15 14:20:16.510088, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:496(print_job_find) > print_job_find: returning system job -1 for jobid 6. >Jobtitle = 131_130_2_200 >[2019/03/15 14:20:16.512649, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/print_generic.c:90(print_run_command) > Running the command `echo 1>&2 Jobtitle = 131_130_2_200' gave 0 >[2019/03/15 14:20:16.512724, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/smbrun.c:58(setup_out_fd) > setup_out_fd: Created tmp file /tmp/smb.twzzjk >[2019/03/15 14:20:16.513399, 3, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/print_generic.c:90(print_run_command) > Running the command `lpq -P'someprinter'' gave 0 >[2019/03/15 14:20:16.513521, 3, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1447(print_queue_update_internal) > print_queue_update_internal: 0 jobs in queue for someprinter >[2019/03/15 14:20:16.513684, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1111(traverse_fn_delete) > traverse_fn_delete: pjob 5 deleted due to pjob.starttime (1552655905) < ts->lpq_time (1552656016) >[2019/03/15 14:20:16.513717, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:468(print_job_find) > print_job_find: looking up job 5 for share someprinter >[2019/03/15 14:20:16.513746, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:496(print_job_find) > print_job_find: returning system job -1 for jobid 5. >[2019/03/15 14:20:16.513800, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.513853, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:2138(remove_from_jobs_added) > remove_from_jobs_added: removed jobid 5 >[2019/03/15 14:20:16.513877, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:158(rap_jobid_delete) > rap_jobid_delete: called. >[2019/03/15 14:20:16.513966, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1523(print_queue_update_internal) > print_queue_update_internal: printer someprinter INFO/total_jobs = 1 >[2019/03/15 14:20:16.514023, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/printing.c:1205(set_updating_pid) > set_updating_pid: not updating lpq cache for print share someprinter >[2019/03/15 14:20:16.516694, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/print_generic.c:90(print_run_command) > Running the command `lpq -P'someprinter'' gave 0 >[2019/03/15 14:20:16.516817, 2, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/print_generic.c:292(generic_job_submit) > failed to get sysjob for job 6 (Remote Downlevel Document origin_ips), tracking as Unix job >[2019/03/15 14:20:16.516874, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: appending message 0x01/0x0a for printer someprinter to notify_queue_head >[2019/03/15 14:20:16.516904, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:298(send_spoolss_notify2_msg) > send_spoolss_notify2_msg: replacing message 0x01/0x16 for printer someprinter in notify_queue >[2019/03/15 14:20:16.516929, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.516964, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 8B 5C 90 A6 ........ .....\.. > [0010] 44 2E 00 00 D... >[2019/03/15 14:20:16.517001, 6, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2019/03/15 14:20:16.517019, 1, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2019/03/15 14:20:16.517097, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_open_global.tdb >[2019/03/15 14:20:16.517117, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.517142, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key 86D5315A >[2019/03/15 14:20:16.517163, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b6071b10 >[2019/03/15 14:20:16.517188, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key 86D5315A >[2019/03/15 14:20:16.517203, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_open_global.tdb >[2019/03/15 14:20:16.517235, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/files.c:563(file_free) > freed files structure 1838850691 (0 used) >[2019/03/15 14:20:16.517258, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:147 >[2019/03/15 14:20:16.517278, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 7968, charge 1, granted 33, current possible/max 288/512, total granted/max/low/range 257/8192/11/257 >[2019/03/15 14:20:16.517945, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3934(smbd_smb2_io_handler) > smbd_smb2_request idx[1] of 5 vectors >[2019/03/15 14:20:16.517970, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:678(smb2_validate_sequence_number) > smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 11 (position 11) from bitmap >[2019/03/15 14:20:16.517988, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:2327(smbd_smb2_request_dispatch) > smbd_smb2_request_dispatch: opcode[SMB2_OP_TDIS] mid = 11 >[2019/03/15 14:20:16.518006, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2019/03/15 14:20:16.518024, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.518040, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.518056, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.518084, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) > smbd_smb2_request_pending_queue: req->current_idx = 1 > req->in.vector[0].iov_len = 0 > req->in.vector[1].iov_len = 0 > req->in.vector[2].iov_len = 64 > req->in.vector[3].iov_len = 4 > req->in.vector[4].iov_len = 0 > req->out.vector[0].iov_len = 4 > req->out.vector[1].iov_len = 0 > req->out.vector[2].iov_len = 64 > req->out.vector[3].iov_len = 8 > req->out.vector[4].iov_len = 0 >[2019/03/15 14:20:16.518174, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.518191, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.518205, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.518229, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.518248, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.518263, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.518280, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key E1C707E5 >[2019/03/15 14:20:16.518299, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606aac0 >[2019/03/15 14:20:16.518320, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key E1C707E5 >[2019/03/15 14:20:16.518336, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_tcon_global.tdb >[2019/03/15 14:20:16.518353, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.518369, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.518383, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.518406, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.518424, 2, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/service.c:1120(close_cnum) > someserver (ipv4:131.130.2.200:57546) closed connection to service someprinter >[2019/03/15 14:20:16.518459, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:888(vfs_ChDir) > vfs_ChDir to / >[2019/03/15 14:20:16.518485, 4, pid=11844, effective(10005, 202), real(10005, 202), class=vfs] ../source3/smbd/vfs.c:946(vfs_ChDir) > vfs_ChDir got / >[2019/03/15 14:20:16.518502, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.518516, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.518534, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.518558, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.518579, 10, pid=11844, effective(10005, 202), real(10005, 202), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection spoolss >[2019/03/15 14:20:16.518611, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:3062(smbd_smb2_request_done_ex) > smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[4] dyn[no:0] at ../source3/smbd/smb2_tcon.c:527 >[2019/03/15 14:20:16.518629, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2_credits] ../source3/smbd/smb2_server.c:936(smb2_set_operation_credit) > smb2_set_operation_credit: smb2_set_operation_credit: requested 7936, charge 1, granted 33, current possible/max 256/512, total granted/max/low/range 289/8192/12/289 >[2019/03/15 14:20:16.519120, 10, pid=11844, effective(10005, 202), real(10005, 202), class=smb2] ../source3/smbd/smb2_server.c:1093(smbd_server_connection_terminate_ex) > smbd_server_connection_terminate_ex: conn[ipv4:131.130.2.200:57546] reason[NT_STATUS_END_OF_FILE] at ../source3/smbd/smb2_server.c:3986 >[2019/03/15 14:20:16.519157, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.519172, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.519189, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.519213, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.519231, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.519246, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.519260, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.519283, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.519301, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.519315, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.519329, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.519352, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.519373, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) > dbwrap_lock_order_lock: check lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.519393, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:116(debug_lock_order) > lock order: 1:/tmp/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2019/03/15 14:20:16.519412, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Locking key F28A8A36 >[2019/03/15 14:20:16.519429, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:145(db_tdb_fetch_locked_internal) > Allocated locked data 0x0x5602b606cc10 >[2019/03/15 14:20:16.519452, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) > dbwrap_lock_order_unlock: release lock order 1 for /tmp/smbXsrv_session_global.tdb >[2019/03/15 14:20:16.519468, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../lib/dbwrap/dbwrap_tdb.c:61(db_tdb_log_key) > Unlocking key F28A8A36 >[2019/03/15 14:20:16.519487, 4, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:16.519501, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:16.519516, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:16.519539, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:16.519568, 5, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:180(print_notify_send_messages_to_printer) > print_notify_send_messages_to_printer: sending 7 print notify messages to printer someprinter >[2019/03/15 14:20:16.519657, 10, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:16.519821, 3, pid=11844, effective(10005, 202), real(10005, 202)] ../source3/smbd/server_exit.c:236(exit_server_common) > Server exit (NT_STATUS_END_OF_FILE) >[2019/03/15 14:20:16.524943, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm.c:1430(messaging_dgm_send) > messaging_dgm_send: Sending message to 11838 >[2019/03/15 14:20:16.525010, 10, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/lib/messages.c:400(messaging_recv_cb) > messaging_recv_cb: Received message 0x314 len 0 (num_fds:0) from 11836 >[2019/03/15 14:20:16.525267, 10, pid=11838, effective(10005, 202), real(10005, 202)] ../source3/smbd/smbd_cleanupd.c:194(smbd_cleanupd_process_exited) > smbd_cleanupd_process_exited: cleaned up pid 11844 >[2019/03/15 14:20:17.515148, 4, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:17.515223, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:17.515247, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:17.515286, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:17.515316, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/printing/notify.c:180(print_notify_send_messages_to_printer) > print_notify_send_messages_to_printer: sending 1 print notify message to printer someprinter >[2019/03/15 14:20:19.305465, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.305521, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.305539, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.305571, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.305595, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.305618, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.305634, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.305658, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.305678, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.305693, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.305707, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.305730, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.305761, 4, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.305789, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.305804, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.305827, 5, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.305979, 10, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:19.306191, 3, pid=11836, effective(10005, 202), real(10005, 202)] ../source3/smbd/server_exit.c:236(exit_server_common) > Server exit (termination signal) >[2019/03/15 14:20:19.306895, 4, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.306936, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.306954, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.306981, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.307001, 4, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.307022, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.307037, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.307060, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.307078, 4, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.307093, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.307107, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.307131, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.307148, 4, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2019/03/15 14:20:19.307163, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2019/03/15 14:20:19.307177, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/auth/token_util.c:810(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2019/03/15 14:20:19.307204, 5, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(10005,10005) gid=(202,202) >[2019/03/15 14:20:19.307325, 10, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor) > msg_dgm_ref_destructor: refs=(nil) >[2019/03/15 14:20:19.307487, 3, pid=11839, effective(10005, 202), real(10005, 202)] ../source3/smbd/server_exit.c:236(exit_server_common) > Server exit (termination signal)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13745
: 14933 |
14934
|
15487
|
15504
|
15516
|
15613