The Samba-Bugzilla – Attachment 1552 Details for
Bug 3224
net rpc join fails with LDAP backend
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Level 10 smbd log on attempted "net rpc join -S MERLIN -Uroot%password"
smbd-ll10 (text/plain), 539.29 KB, created by
John H Terpstra (mail address dead(
on 2005-10-28 17:38:48 UTC
(
hide
)
Description:
Level 10 smbd log on attempted "net rpc join -S MERLIN -Uroot%password"
Filename:
MIME Type:
Creator:
John H Terpstra (mail address dead(
Created:
2005-10-28 17:38:48 UTC
Size:
539.29 KB
patch
obsolete
>[2005/10/28 18:12:39, 0] libsmb/credentials.c:creds_server_check(159) > creds_server_check: credentials check failed. >[2005/10/28 18:12:39, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client MERLIN machine account MERLIN$ >[2005/10/28 18:12:39, 0] rpc_server/srv_netlog_nt.c:get_md4pw(241) > get_md4pw: Workstation MIDEARTH$: no account in domain >[2005/10/28 18:12:39, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(409) > _net_auth2: failed to get machine password for account MIDEARTH$ >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] smbd/reply.c:reply_special(494) > init msg_type=0x81 msg_flags=0x0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 179 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb3 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 1 of length 183 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=179 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=2 > smt_wct=0 > smb_bcc=144 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 53 DOS LANM AN2.1..S > [070] 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E 20 amba..NT LANMAN > [080] 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 1.0..NT LM 0.12. >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBnegprot (pid 6131) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [LANMAN1.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [LM1.2X002] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [DOS LANMAN2.1] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [Samba] >[2005/10/28 18:13:40, 10] lib/util.c:set_remote_arch(2038) > set_remote_arch: Client arch is 'Samba' >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_nt1(345) > using SPNEGO >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(567) > Selected protocol NT LANMAN 1.0 >[2005/10/28 18:13:40, 5] smbd/negprot.c:reply_negprot(573) > negprot index=7 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=85 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=62208 (0xF300) > smb_vwv[ 8]= 23 (0x17) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=15186 (0x3B52) > smb_vwv[13]= 7581 (0x1D9D) > smb_vwv[14]=50652 (0xC5DC) > smb_vwv[15]=26625 (0x6801) > smb_vwv[16]= 1 (0x1) > smb_bcc=16 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 6D 65 72 6C 69 6E 00 00 00 00 00 00 00 00 00 00 merlin.. ........ >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 88 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x58 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 2 of length 92 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=3 > smt_wct=13 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 6130 (0x17F2) > smb_vwv[ 5]= 6131 (0x17F3) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=49244 (0xC05C) > smb_vwv[12]= 0 (0x0) > smb_bcc=27 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S > [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBsesssetupX (pid 6131) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(795) > wct=13 flg2=0xc801 >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(941) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(956) > sesssetupX:name=[]\[]@[merlin] >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:check_guest_password(115) > Got anonymous request >[2005/10/28 18:13:40, 5] auth/auth.c:make_auth_context_subsystem(482) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match guest >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method guest has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match sam >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method sam has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method trustdomain has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method winbind has a valid init >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(99) > attempting to make a user_info for () >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(109) > making strings for 's user_info struct >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(151) > making blobs for 's user_info struct >[2005/10/28 18:13:40, 10] auth/auth_util.c:make_user_info(167) > made an encrypted user_info for () >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: []\[]@[] >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by fixed >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] 00 00 00 00 00 00 00 00 ........ >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:12:26 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_get(401) > cache_account_policy_get: no valid cache entry (cache expired) >[2005/10/28 18:13:40, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3349) > ldapsam_get_account_policy_from_ldap >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [sambaDomainName=MIDEARTH,dc=terpstra-world,dc=org], filter => [(objectclass=*)], scope => [0] >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_close(894) > The connection to the LDAP server was closed >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_open_connection(538) > smbldap_open_connection: ldap://localhost >[2005/10/28 18:13:40, 2] lib/smbldap.c:smbldap_open_connection(634) > smbldap_open_connection: connection opened >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_connect_system(766) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=terpstra-world,dc=org" >[2005/10/28 18:13:40, 3] lib/smbldap.c:smbldap_connect_system(809) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/10/28 18:13:40, 4] lib/smbldap.c:smbldap_open(874) > The LDAP server is succesfully connected >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_set(368) > cache_account_policy_set: updating account pol cache >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_set(348) > account_policy_set: name: password history, value: 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:12:26 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(203) > account policy cache lastset now: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_set(380) > cache_account_policy_set: cache valid until: Fri, 28 Oct 2005 18:14:40 GMT >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username nobody, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name nobody, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\nobody, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\nobody, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-501 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-501 from rid 501 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-514 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-514 from rid 514 >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: guest authentication for user [] succeeded >[2005/10/28 18:13:40, 5] auth/auth.c:check_ntlm_password(307) > check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_user_info(1454) > attempting to free (and zero) a user_info structure >[2005/10/28 18:13:40, 10] auth/auth_util.c:free_user_info(1457) > structure was created for >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_user_info(1454) > attempting to free (and zero) a user_info structure >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 100 >[2005/10/28 18:13:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(255) > register_vuid: (65534,65533) nobody nobody MIDEARTH guest=1 >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(257) > User name: nobody Real name: nobody >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(276) > UNIX uid 65534 is UNIX user nobody, and will be vuid 100 >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=150 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=100 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=109 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 > [020] 00 31 00 70 00 72 00 65 00 31 00 2D 00 53 00 56 .1.p.r.e .1.-.S.V > [030] 00 4E 00 2D 00 62 00 75 00 69 00 6C 00 64 00 2D .N.-.b.u .i.l.d.- > [040] 00 55 00 4E 00 4B 00 4E 00 4F 00 57 00 4E 00 2D .U.N.K.N .O.W.N.- > [050] 00 53 00 55 00 53 00 45 00 00 00 4D 00 49 00 44 .S.U.S.E ...M.I.D > [060] 00 45 00 41 00 52 00 54 00 48 00 00 00 .E.A.R.T .H... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 76 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x4c >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 3 of length 80 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=100 > smb_mid=4 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC > [020] 00 . >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtconX (pid 6131) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 4] smbd/reply.c:reply_tcon_and_X(617) > Client requested device type [IPC] for share [IPC$] >[2005/10/28 18:13:40, 5] smbd/service.c:make_connection(815) > making a connection to 'normal' service ipc$ >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_alloc(313) > Finding user nobody >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_internals(262) > Trying _Get_Pwnam(), username as lowercase is nobody >[2005/10/28 18:13:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_internals(290) > Get_Pwnam_internals did find user [nobody]! >[2005/10/28 18:13:40, 3] smbd/service.c:make_connection_snum(478) > Connect path is '/var/tmp' for service [IPC$] >[2005/10/28 18:13:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(218) > get_share_security: using default secdesc for IPC$ >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/10/28 18:13:40, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2005/10/28 18:13:40, 3] smbd/vfs.c:vfs_init_default(215) > Initialising default vfs hooks >[2005/10/28 18:13:40, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/10/28 18:13:40, 10] smbd/uid.c:is_share_read_only_for_user(122) > is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >[2005/10/28 18:13:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(218) > get_share_security: using default secdesc for IPC$ >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/10/28 18:13:40, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-501 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-132067 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(65534,65534) gid=(0,65533) >[2005/10/28 18:13:40, 3] smbd/service.c:make_connection_snum(666) > merlin (172.16.10.4) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 6131) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/reply.c:reply_tcon_and_X(665) > tconX service=IPC$ >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 100 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x64 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 4 of length 104 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=5 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-501 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-132067 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(65534,65534) gid=(0,65533) >[2005/10/28 18:13:40, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to /var/tmp >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe lsarpc (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7147 (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7147 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=18176 (0x4700) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 154 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 5 of length 158 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28999 (0x7147) > smb_bcc=87 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7147 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7147 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7147) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d7d40 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7147 name: lsarpc open: Yes len: 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345778 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 89 ab >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 56 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7147 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 142 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x8e >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 6 of length 146 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28999 (0x7147) > smb_bcc=75 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 24 .......< .......$ > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=60 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7147 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7147 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7147) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d7d40 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7147 name: lsarpc open: Yes len: 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 003c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000024 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0006 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[1].fn == 0x81343f6 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 system_name: 005c >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_obj_attr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 len : 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c ptr_root_dir: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 ptr_obj_name: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 attributes : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 ptr_sec_desc: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c ptr_sec_qos : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 des_access: 02000000 >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F3 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f3 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called lsarpc successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 800 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 44 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7147 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 B4 BE 62 43 F3 17 00 00 00 00 00 .......b C....... > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x80 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 7 of length 132 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28999 (0x7147) > smb_bcc=61 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F3 17 00 00 05 00 .....bC. ..... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7147 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7147 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7147) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d7d40 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7147 name: lsarpc open: Yes len: 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 30 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 30 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0007 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[2].fn == 0x813466b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f3 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 info_class: 0005 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F3 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 22000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 info_class: 0005 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 uni_dom_max_len: 0010 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a uni_dom_str_len: 0012 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c buffer_dom_name: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 buffer_dom_sid : 00000001 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_str_len: 00000008 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 num_auths: 00000004 >[2005/10/28 18:13:40, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_dom_sid sid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0034 sid_rev_num: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0035 num_auths : 04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0036 id_auth[0] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0037 id_auth[1] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 id_auth[2] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 id_auth[3] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[4] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[5] : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32s(930) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 004c status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called lsarpc successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 18 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 30 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7147 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0068 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000050 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 126 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x7e >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 8 of length 130 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28999 (0x7147) > smb_bcc=59 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F3 17 00 00 .....bC. ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7147 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7147 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7147) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d7d40 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7147 name: lsarpc open: Yes len: 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000004 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000014 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0000 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[4].fn == 0x8134b71 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f3 17 00 00 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F3 17 00 00 .... >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F3 17 00 00 .... >[2005/10/28 18:13:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called lsarpc successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 28 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7147 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 9 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=10 > smt_wct=3 > smb_vwv[ 0]=28999 (0x7147) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7147 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7147 (pipes_open=1) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7147 >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name lsarpc pnum=7147 (pipes_open=0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 104 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x68 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 10 of length 108 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=11 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=21 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \NETLOGON. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe NETLOGON opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe NETLOGON (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 7148 (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7148 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=18432 (0x4800) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 154 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 11 of length 158 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29000 (0x7148) > smb_bcc=87 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7148 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7148 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7148) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d6c60 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7148 name: NETLOGON open: Yes len: 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000005 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345678 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 cf fb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\samr >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\NETLOGON >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000005 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 56 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7148 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 176 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb0 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 12 of length 180 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29000 (0x7148) > smb_bcc=109 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 06 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 04 00 01 00 00 00 09 00 00 00 00 ........ ........ > [030] 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 00 52 .......\ .\.M.E.R > [040] 00 4C 00 49 00 4E 00 00 00 00 00 07 00 00 00 00 .L.I.N.. ........ > [050] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [060] 00 4E 00 00 00 27 F5 0C 32 A8 3F 2D 26 .N...'.. 2.?-& >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=94 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7148 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7148 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7148) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d6c60 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7148 name: NETLOGON open: Yes len: 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 005e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000006 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 78, incoming data = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000046 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0004 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 72 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[0].fn == 0x814890e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0030 buffer : M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 003e data: 27 f5 0c 32 a8 3f 2d 26 >[2005/10/28 18:13:40, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) > init_net_r_req_chal: 41 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0000 data: 79 5c 9d a2 17 79 a1 5e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0008 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called NETLOGON successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 32 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 78 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7148 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0024 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000006 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 0000000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 06 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 79 5C 9D A2 17 79 A1 ........ .y\...y. > [020] 5E 00 00 00 00 ^.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 214 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xd6 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 13 of length 218 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=214 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 132 (0x84) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29000 (0x7148) > smb_bcc=147 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 84 00 00 00 07 00 00 00 6C ........ .......l > [020] 00 00 00 00 00 0F 00 01 00 00 00 09 00 00 00 00 ........ ........ > [030] 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 00 52 .......\ .\.M.E.R > [040] 00 4C 00 49 00 4E 00 00 00 00 00 08 00 00 00 00 .L.I.N.. ........ > [050] 00 00 00 08 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [060] 00 4E 00 24 00 00 00 06 00 00 00 07 00 00 00 00 .N.$.... ........ > [070] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [080] 00 4E 00 00 00 FF A3 89 32 8F A0 EE 7D 00 00 FF .N...... 2...}... > [090] 01 07 00 ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=132 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7148 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7148 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7148) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d6c60 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7148 name: NETLOGON open: Yes len: 132 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 132 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 132 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 132, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 116 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 116 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0084 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000007 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 116 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 116, incoming data = 116 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000006c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 000f >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[2].fn == 0x8148c3a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_max_len: 00000008 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_str_len: 00000008 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0030 buffer : M.E.R.L.I.N.$... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0040 sec_chan: 0006 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0044 uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0048 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0050 buffer : M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00005e smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 005e data: ff a3 89 32 8f a0 ee 7d >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 net_io_neg_flags >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0068 neg_flags: 000701ff >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=MERLIN$)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(639) > init_sam_from_ldap: Entry found for user: merlin$ >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user merlin$ >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/10/28 18:13:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(994) > No cache entry, bad count = 0, bad time = 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 from rid 3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-553 from rid 553 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] 60 CA A5 08 31 FF DB E4 66 50 9E C2 16 2D 11 92 `...1... fP...-.. >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(116) > creds_server_init: client chal : 27F50C32A83F2D26 >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(117) > creds_server_init: server chal : 795C9DA21779A15E >[2005/10/28 18:13:40, 4] libsmb/credentials.c:cred_create_session_key(65) > cred_create_session_key >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(67) > clnt_chal_in: 27F50C32A83F2D26 >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(68) > srv_chal_in : 795C9DA21779A15E >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(69) > clnt+srv : A051AAD4BFB8CE84 >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(70) > sess_key_out : EE0BE8D993BA20DD >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(143) > creds_server_init: clnt : EA76F5BDD4FF9116 >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(144) > creds_server_init: server : BA83A1B39ECA28EA >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(145) > creds_server_init: seed : EA76F5BDD4FF9116 >[2005/10/28 18:13:40, 5] libsmb/credentials.c:creds_server_check(157) > creds_server_check: challenge : FFA389328FA0EE7D >[2005/10/28 18:13:40, 5] libsmb/credentials.c:creds_server_check(158) > calculated: EA76F5BDD4FF9116 >[2005/10/28 18:13:40, 0] libsmb/credentials.c:creds_server_check(159) > creds_server_check: credentials check failed. >[2005/10/28 18:13:40, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client MERLIN machine account MERLIN$ >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0000 data: 00 00 00 00 00 00 00 00 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 neg_flags: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 000c status: NT_STATUS_ACCESS_DENIED >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called NETLOGON successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 48 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 116 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7148 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0028 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000010 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 07 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 22 00 00 C0 .....".. . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 14 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=15 > smt_wct=3 > smb_vwv[ 0]=29000 (0x7148) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7148 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7148 (pipes_open=1) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7148 >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name NETLOGON pnum=7148 (pipes_open=0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=15 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 35 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x23 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 15 of length 39 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=16 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtdis (pid 6131) conn 0x836db50 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/service.c:close_cnum(839) > merlin (172.16.10.4) closed connection to service IPC$ >[2005/10/28 18:13:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2005/10/28 18:13:40, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to / >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=16 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_data(517) > read_data: read of 4 returned 0. Error = Success >[2005/10/28 18:13:40, 10] lib/util_sock.c:receive_smb_raw(666) > receive_smb_raw: length < 0! >[2005/10/28 18:13:40, 3] smbd/process.c:timeout_processing(1447) > timeout_processing: End of file from client (client has disconnected). >[2005/10/28 18:13:40, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/10/28 18:13:40, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 2] smbd/server.c:exit_server(614) > Closing connections >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_server_info(1480) > attempting to free (and zero) a server_info structure >[2005/10/28 18:13:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/10/28 18:13:40, 3] smbd/server.c:exit_server(655) > Server exit (normal exit) >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] smbd/reply.c:reply_special(494) > init msg_type=0x81 msg_flags=0x0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 179 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb3 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 1 of length 183 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=179 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=2 > smt_wct=0 > smb_bcc=144 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 53 DOS LANM AN2.1..S > [070] 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E 20 amba..NT LANMAN > [080] 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 1.0..NT LM 0.12. >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBnegprot (pid 6132) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [LANMAN1.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [LM1.2X002] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [DOS LANMAN2.1] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [Samba] >[2005/10/28 18:13:40, 10] lib/util.c:set_remote_arch(2038) > set_remote_arch: Client arch is 'Samba' >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_nt1(345) > using SPNEGO >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(567) > Selected protocol NT LANMAN 1.0 >[2005/10/28 18:13:40, 5] smbd/negprot.c:reply_negprot(573) > negprot index=7 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=85 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=62464 (0xF400) > smb_vwv[ 8]= 23 (0x17) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=15186 (0x3B52) > smb_vwv[13]= 7581 (0x1D9D) > smb_vwv[14]=50652 (0xC5DC) > smb_vwv[15]=26625 (0x6801) > smb_vwv[16]= 1 (0x1) > smb_bcc=16 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 6D 65 72 6C 69 6E 00 00 00 00 00 00 00 00 00 00 merlin.. ........ >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 162 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xa2 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 2 of length 166 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=162 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=3 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 80 (0x50) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=49244 (0xC05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=103 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 60 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E `N..+... ...D0B.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 0...+... ..7....0 > [020] 04 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 02 ..NTLMSS P....... > [030] 08 60 08 00 08 00 20 00 00 00 06 00 06 00 28 00 .`.... . ......(. > [040] 00 00 4D 49 44 45 41 52 54 48 4D 45 52 4C 49 4E ..MIDEAR THMERLIN > [050] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [060] 00 62 00 61 00 00 00 .b.a... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBsesssetupX (pid 6132) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(795) > wct=12 flg2=0xc801 >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(632) > Doing spnego session setup >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(663) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 100 >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_spnego_negotiate(524) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_spnego_negotiate(527) > Got secblob of size 46 >[2005/10/28 18:13:40, 5] auth/auth.c:make_auth_context_subsystem(482) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match guest >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method guest has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match sam >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method sam has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method trustdomain has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method winbind has a valid init >[2005/10/28 18:13:40, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2005/10/28 18:13:40, 5] auth/auth.c:get_ntlm_challenge(95) > auth_get_challenge: module guest did not want to specify a challenge >[2005/10/28 18:13:40, 5] auth/auth.c:get_ntlm_challenge(95) > auth_get_challenge: module sam did not want to specify a challenge >[2005/10/28 18:13:40, 5] auth/auth.c:get_ntlm_challenge(95) > auth_get_challenge: module winbind did not want to specify a challenge >[2005/10/28 18:13:40, 5] auth/auth.c:get_ntlm_challenge(135) > auth_context challenge created by random >[2005/10/28 18:13:40, 5] auth/auth.c:get_ntlm_challenge(136) > challenge is: >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] C7 EA 6E B9 3A 4A CF 0F ..n.:J.. >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=380 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 229 (0xE5) > smb_bcc=337 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] A1 81 E2 30 81 DF A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 C9 04 81 C6 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 > [030] 00 00 00 35 02 89 60 C7 EA 6E B9 3A 4A CF 0F 00 ...5..`. .n.:J... > [040] 00 00 00 00 00 00 00 86 00 86 00 40 00 00 00 4D ........ ...@...M > [050] 00 49 00 44 00 45 00 41 00 52 00 54 00 48 00 02 .I.D.E.A .R.T.H.. > [060] 00 10 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 ...M.I.D .E.A.R.T > [070] 00 48 00 01 00 0C 00 4D 00 45 00 52 00 4C 00 49 .H.....M .E.R.L.I > [080] 00 4E 00 04 00 24 00 74 00 65 00 72 00 70 00 73 .N...$.t .e.r.p.s > [090] 00 74 00 72 00 61 00 2D 00 77 00 6F 00 72 00 6C .t.r.a.- .w.o.r.l > [0A0] 00 64 00 2E 00 6F 00 72 00 67 00 03 00 32 00 6D .d...o.r .g...2.m > [0B0] 00 65 00 72 00 6C 00 69 00 6E 00 2E 00 74 00 65 .e.r.l.i .n...t.e > [0C0] 00 72 00 70 00 73 00 74 00 72 00 61 00 2D 00 77 .r.p.s.t .r.a.-.w > [0D0] 00 6F 00 72 00 6C 00 64 00 2E 00 6F 00 72 00 67 .o.r.l.d ...o.r.g > [0E0] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S > [0F0] 00 61 00 6D 00 62 00 61 00 20 00 33 00 2E 00 30 .a.m.b.a . .3...0 > [100] 00 2E 00 32 00 31 00 70 00 72 00 65 00 31 00 2D ...2.1.p .r.e.1.- > [110] 00 53 00 56 00 4E 00 2D 00 62 00 75 00 69 00 6C .S.V.N.- .b.u.i.l > [120] 00 64 00 2D 00 55 00 4E 00 4B 00 4E 00 4F 00 57 .d.-.U.N .K.N.O.W > [130] 00 4E 00 2D 00 53 00 55 00 53 00 45 00 00 00 4D .N.-.S.U .S.E...M > [140] 00 49 00 44 00 45 00 41 00 52 00 54 00 48 00 00 .I.D.E.A .R.T.H.. > [150] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 258 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x102 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 3 of length 262 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=258 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=100 > smb_mid=4 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 176 (0xB0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=49244 (0xC05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=199 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] A1 81 AD 30 81 AA A2 81 A7 04 81 A4 4E 54 4C 4D ...0.... ....NTLM > [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... > [020] 18 00 18 00 58 00 00 00 10 00 10 00 70 00 00 00 ....X... ....p... > [030] 08 00 08 00 80 00 00 00 0C 00 0C 00 88 00 00 00 ........ ........ > [040] 10 00 10 00 94 00 00 00 15 02 08 60 8A 18 C0 6D ........ ...`...m > [050] 1A 1E 00 AA 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 3D 91 28 B9 84 3C 6F B1 84 A0 76 50 ....=.(. .<o...vP > [070] 77 F4 E2 32 5B C1 BC D7 D4 0E A3 C4 4D 00 49 00 w..2[... ....M.I. > [080] 44 00 45 00 41 00 52 00 54 00 48 00 72 00 6F 00 D.E.A.R. T.H.r.o. > [090] 6F 00 74 00 4D 00 45 00 52 00 4C 00 49 00 4E 00 o.t.M.E. R.L.I.N. > [0A0] 73 A7 91 22 75 60 64 08 E5 63 04 F4 A7 1F 08 57 s.."u`d. .c.....W > [0B0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [0C0] 00 62 00 61 00 00 00 .b.a... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBsesssetupX (pid 6132) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(795) > wct=12 flg2=0xc801 >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(632) > Doing spnego session setup >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(663) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2005/10/28 18:13:40, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(642) > Got user=[root] domain=[MIDEARTH] workstation=[MERLIN] len1=24 len2=24 >[2005/10/28 18:13:40, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) > auth_context challenge set by NTLMSSP callback (NTLM2) >[2005/10/28 18:13:40, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) > challenge is: >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] AC D1 B9 48 E4 3E 62 17 ...H.>b. >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 4] lib/username.c:map_username(171) > Scanning username map /etc/samba/smbusers >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info_map(191) > make_user_info_map: Mapping user [MIDEARTH]\[root] from workstation [MERLIN] >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] auth/auth_util.c:is_trusted_domain(1634) > is_trusted_domain: Checking for domain trust with [MIDEARTH] >[2005/10/28 18:13:40, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(339) > secrets_fetch failed! >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 10] lib/gencache.c:gencache_get(291) > Cache entry with key = TDOM/MIDEARTH couldn't be found >[2005/10/28 18:13:40, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain MIDEARTH found. >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(99) > attempting to make a user_info for root (root) >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(109) > making strings for root's user_info struct >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(151) > making blobs for root's user_info struct >[2005/10/28 18:13:40, 10] auth/auth_util.c:make_user_info(167) > made an encrypted user_info for root (root) >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [MIDEARTH]\[root]@[MERLIN] with the new password interface >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [MIDEARTH]\[root]@[MERLIN] >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] AC D1 B9 48 E4 3E 62 17 ...H.>b. >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(259) > check_ntlm_password: guest had nothing to say >[2005/10/28 18:13:40, 8] lib/util.c:is_myname(1884) > is_myname("MIDEARTH") returns 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_close(894) > The connection to the LDAP server was closed >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_open_connection(538) > smbldap_open_connection: ldap://localhost >[2005/10/28 18:13:40, 2] lib/smbldap.c:smbldap_open_connection(634) > smbldap_open_connection: connection opened >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_connect_system(766) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=terpstra-world,dc=org" >[2005/10/28 18:13:40, 3] lib/smbldap.c:smbldap_connect_system(809) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/10/28 18:13:40, 4] lib/smbldap.c:smbldap_open(874) > The LDAP server is succesfully connected >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(639) > init_sam_from_ldap: Entry found for user: root >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-500 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-500 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-512 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-512 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name System Boss Man, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\root, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\root, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user root >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/10/28 18:13:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(994) > No cache entry, bad count = 0, bad time = 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username root, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name System Boss Man, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\root, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\root, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-500 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-500 from rid 500 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-512 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-512 from rid 512 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 9] passdb/passdb.c:pdb_update_autolock_flag(2333) > pdb_update_autolock_flag: Account root not autolocked, no check needed >[2005/10/28 18:13:40, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2005/10/28 18:13:40, 4] auth/auth_sam.c:sam_account_ok(122) > sam_account_ok: Checking SMB password for user root >[2005/10/28 18:13:40, 5] auth/auth_sam.c:logon_hours_ok(104) > logon_hours_ok: user root allowed to logon at this time (Fri Oct 28 18:13:40 2005 > ) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 10] lib/system_smbd.c:sys_getgrouplist(167) > sys_getgrouplist: user [root] >[2005/10/28 18:13:40, 10] lib/system_smbd.c:sys_getgrouplist(176) > sys_getgrouplist(): disabled winbindd for group lookup [user == root] >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 8] lib/system_smbd.c:remove_duplicate_gids(49) > remove_duplicate_gids: Enter 4 gids >[2005/10/28 18:13:40, 8] lib/system_smbd.c:remove_duplicate_gids(67) > remove_duplicate_gids: Exit 3 gids >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(240) > fetch sid from gid cache 0 -> S-1-5-21-726309263-4128913605-1168186429-1001 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=64))], scope => [2] >[2005/10/28 18:13:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2249) > ldapsam_getgroup: Did not find group >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 10] passdb/passdb.c:local_gid_to_sid(1250) > local_gid_to_sid: Fall back to algorithmic mapping: 64 -> S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/10/28 18:13:40, 10] passdb/lookup_sid.c:gid_to_sid(379) > gid_to_sid: local 64 -> S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [ou=Groups,dc=terpstra-world,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2143) > init_group_from_ldap: Entry found for group: 512 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 10] passdb/passdb.c:local_gid_to_sid(1261) > local_gid_to_sid: gid (512) -> SID S-1-5-21-726309263-4128913605-1168186429-512. >[2005/10/28 18:13:40, 10] passdb/lookup_sid.c:gid_to_sid(379) > gid_to_sid: local 512 -> S-1-5-21-726309263-4128913605-1168186429-512 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-500] >[2005/10/28 18:13:40, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-512] >[2005/10/28 18:13:40, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2005/10/28 18:13:40, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2005/10/28 18:13:40, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-1001] >[2005/10/28 18:13:40, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-726309263-4128913605-1168186429-1129] >[2005/10/28 18:13:40, 10] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-500 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-500 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-1001 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-1129 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_server_info_sam(867) > make_server_info_sam: made server info for user root -> root >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: sam authentication for user [root] succeeded >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth.c:check_ntlm_password(294) > check_ntlm_password: PAM Account for user [root] succeeded >[2005/10/28 18:13:40, 2] auth/auth.c:check_ntlm_password(307) > check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_user_info(1454) > attempting to free (and zero) a user_info structure >[2005/10/28 18:13:40, 10] auth/auth_util.c:free_user_info(1457) > structure was created for root >[2005/10/28 18:13:40, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(118) > Got NT session key of length 16 >[2005/10/28 18:13:40, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(125) > Got LM session key of length 16 >[2005/10/28 18:13:40, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(708) > ntlmssp_server_auth: Created NTLM2 session key. >[2005/10/28 18:13:40, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332) > NTLMSSP Sign/Seal - Initialising with flags: >[2005/10/28 18:13:40, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 101 >[2005/10/28 18:13:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(255) > register_vuid: (0,0) root root MIDEARTH guest=0 >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(257) > User name: root Real name: System Boss Man >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(276) > UNIX uid 0 is UNIX user root, and will be vuid 101 >[2005/10/28 18:13:40, 7] param/loadparm.c:lp_servicenumber(4229) > lp_servicenumber: couldn't find root >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(305) > Adding homes service for user 'root' using home directory: '/root' >[2005/10/28 18:13:40, 8] param/loadparm.c:add_a_service(2397) > add_a_service: Creating snum = 15 for root >[2005/10/28 18:13:40, 3] param/loadparm.c:lp_add_home(2438) > adding home's share [root] for user 'root' at '/data/users/%U/Documents' >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=101 > smb_mid=4 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=117 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 31 00 70 00 72 00 65 ...0...2 .1.p.r.e > [030] 00 31 00 2D 00 53 00 56 00 4E 00 2D 00 62 00 75 .1.-.S.V .N.-.b.u > [040] 00 69 00 6C 00 64 00 2D 00 55 00 4E 00 4B 00 4E .i.l.d.- .U.N.K.N > [050] 00 4F 00 57 00 4E 00 2D 00 53 00 55 00 53 00 45 .O.W.N.- .S.U.S.E > [060] 00 00 00 4D 00 49 00 44 00 45 00 41 00 52 00 54 ...M.I.D .E.A.R.T > [070] 00 48 00 00 00 .H... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 76 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x4c >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 4 of length 80 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=101 > smb_mid=5 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC > [020] 00 . >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtconX (pid 6132) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 4] smbd/reply.c:reply_tcon_and_X(617) > Client requested device type [IPC] for share [IPC$] >[2005/10/28 18:13:40, 5] smbd/service.c:make_connection(815) > making a connection to 'normal' service ipc$ >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_alloc(313) > Finding user root >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_internals(262) > Trying _Get_Pwnam(), username as lowercase is root >[2005/10/28 18:13:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got root from pwnam_cache >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_internals(290) > Get_Pwnam_internals did find user [root]! >[2005/10/28 18:13:40, 3] smbd/service.c:make_connection_snum(478) > Connect path is '/var/tmp' for service [IPC$] >[2005/10/28 18:13:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(218) > get_share_security: using default secdesc for IPC$ >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/10/28 18:13:40, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2005/10/28 18:13:40, 3] smbd/vfs.c:vfs_init_default(215) > Initialising default vfs hooks >[2005/10/28 18:13:40, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/10/28 18:13:40, 10] smbd/uid.c:is_share_read_only_for_user(122) > is_share_read_only_for_user: share IPC$ is read-only for unix user root >[2005/10/28 18:13:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(218) > get_share_security: using default secdesc for IPC$ >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/10/28 18:13:40, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-500 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-500 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-1001 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-1129 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 64 > Group[ 2]: 512 >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/service.c:make_connection_snum(666) > merlin (172.16.10.4) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 6132) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/reply.c:reply_tcon_and_X(665) > tconX service=IPC$ >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=5 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 100 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x64 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 5 of length 104 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=6 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 18 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-500 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-500 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-1001 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-1129 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 64 > Group[ 2]: 512 >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to /var/tmp >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe lsarpc (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7140 (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7140 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=6 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=16384 (0x4000) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 154 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 6 of length 158 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28992 (0x7140) > smb_bcc=87 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7140 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7140 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7140) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7140 name: lsarpc open: Yes len: 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000008 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345778 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 89 ab >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000008 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 56 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7140 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 150 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x96 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 7 of length 154 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28992 (0x7140) > smb_bcc=83 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 09 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=68 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7140 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7140 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7140) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7140 name: lsarpc open: Yes len: 68 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 68 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000009 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000002c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0006 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 70 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[1].fn == 0x81343f6 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 system_name: 005c >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_obj_attr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 len : 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c ptr_root_dir: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 ptr_obj_name: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 attributes : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 ptr_sec_desc: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c ptr_sec_qos : 00000001 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_qos sec_qos >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 len : 0000000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 sec_imp_level : 0002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 sec_ctxt_mode : 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 effective_only: 00 >[2005/10/28 18:13:40, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 des_access: 02000000 >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called lsarpc successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 808 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 52 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7140 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 B4 BE 62 43 F4 17 00 00 00 00 00 .......b C....... > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x80 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 8 of length 132 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28992 (0x7140) > smb_bcc=61 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 0A 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 05 00 .....bC. ..... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7140 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7140 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7140) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7140 name: lsarpc open: Yes len: 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 30 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000a >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 30 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0007 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[2].fn == 0x813466b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 info_class: 0005 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 22000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 info_class: 0005 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 uni_dom_max_len: 0010 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a uni_dom_str_len: 0012 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c buffer_dom_name: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 buffer_dom_sid : 00000001 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_str_len: 00000008 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0020 buffer : M.I.D.E.A.R.T.H. >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 num_auths: 00000004 >[2005/10/28 18:13:40, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_dom_sid sid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0034 sid_rev_num: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0035 num_auths : 04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0036 id_auth[0] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0037 id_auth[1] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 id_auth[2] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 id_auth[3] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[4] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[5] : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32s(930) > 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 004c status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called lsarpc successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 18 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 30 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7140 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0068 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000050 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 0A 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... > [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ > [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E > [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ > [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. > [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 126 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x7e >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 9 of length 130 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28992 (0x7140) > smb_bcc=59 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 .....bC. ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7140 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7140 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7140) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7140 name: lsarpc open: Yes len: 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000b >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000014 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0000 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[4].fn == 0x8134b71 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called lsarpc successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 28 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7140 name: lsarpc len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 10 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=11 > smt_wct=3 > smb_vwv[ 0]=28992 (0x7140) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7140 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name lsarpc pnum=7140 (pipes_open=1) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7140 >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name lsarpc pnum=7140 (pipes_open=0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=11 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 96 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x60 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 11 of length 100 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=12 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=13 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \samr. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe samr opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested samr (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested samr >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe samr >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe samr (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe samr with handle 7141 (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name samr pnum=7141 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \samr >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=12 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=16640 (0x4100) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 154 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 12 of length 158 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=87 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 0C 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000c >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345778 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 89 ac >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\samr >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\samr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000c >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 56 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0C 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 142 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x8e >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 13 of length 146 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=75 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 0D 00 00 00 24 .......< .......$ > [020] 00 00 00 00 00 39 00 01 00 00 00 07 00 00 00 00 .....9.. ........ > [030] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [040] 00 4E 00 00 00 00 00 00 00 00 02 .N...... ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=60 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 003c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000d >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000024 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0039 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 68 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[1].fn == 0x8176414 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_connect >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr_srv_name: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : M.E.R.L.I.N... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 access_mask: 02000000 >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_connect(2160) > _samr_connect: 2160 >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/10/28 18:13:40, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) > _samr_connect: access GRANTED (requested: 0x02000000, granted: 0x000f003f) >[2005/10/28 18:13:40, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) > get_samr_info_by_sid: created new info for sid (NULL) >[2005/10/28 18:13:40, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(244) > get_samr_info_by_sid: created new info for NULL sid. >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_connect(2192) > _samr_connect: 2192 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_connect >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd connect_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 970 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 44 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000d >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 B4 BE 62 43 F4 17 00 00 00 00 00 .......b C....... > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 158 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9e >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 14 of length 162 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=91 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 0E 00 00 00 34 .......L .......4 > [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 00 00 00 02 04 .....bC. ........ > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 8F ........ ........ > [050] 99 4A 2B C5 38 1A F6 3D 1C A1 45 .J+.8..= ..E >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 76 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 76 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 004c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000e >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000034 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0007 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[39].fn == 0x817478d >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_domain >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 flags: 02000000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_dom_sid2 sid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 num_auths: 00000004 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_dom_sid sid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001c sid_rev_num: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001d num_auths : 04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001e id_auth[0] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001f id_auth[1] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0020 id_auth[2] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0021 id_auth[3] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0022 id_auth[4] : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0023 id_auth[5] : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32s(930) > 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_open_domain: access check ((granted: 0x000f003f; required: 0x00000020) >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/10/28 18:13:40, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) > _samr_open_domain: access GRANTED (requested: 0x02000000, granted: 0x000f07ff) >[2005/10/28 18:13:40, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_domain >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000003 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 956 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 60 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0E 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 B4 BE 62 43 F4 17 00 00 00 00 00 .......b C....... > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 170 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xaa >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 15 of length 174 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=170 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=103 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 58 00 00 00 0F 00 00 00 40 .......X .......@ > [020] 00 00 00 00 00 32 00 00 00 00 00 03 00 00 00 00 .....2.. ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 0E 00 0E 00 01 .....bC. ........ > [040] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 6D ........ .......m > [050] 00 65 00 72 00 6C 00 69 00 6E 00 24 00 00 00 00 .e.r.l.i .n.$.... > [060] 01 00 00 0B 00 05 E0 ....... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=88 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 88 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 88 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0058 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000f >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000040 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0032 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[33].fn == 0x81760e9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_create_user >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000003 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unihdr hdr_name >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 uni_str_len: 000e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 uni_max_len: 000e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 buffer : 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 uni_name >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0028 buffer : m.e.r.l.i.n.$. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0038 acb_info : 00000100 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 003c access_mask: e005000b >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_create_user: access check ((granted: 0x000f07ff; required: 0x00000010) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=merlin$)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(639) > init_sam_from_ldap: Entry found for user: merlin$ >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user merlin$ >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/10/28 18:13:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(994) > No cache entry, bad count = 0, bad time = 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 from rid 3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-553 from rid 553 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_create_user >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 access_granted: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 user_rid : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 001c status: NT_STATUS_USER_EXISTS >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 14 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 72 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0038 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000f >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000020 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..56] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 0F 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 176 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb0 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 16 of length 180 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=109 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 10 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 11 00 00 00 00 00 03 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 01 00 00 00 E8 .....bC. ........ > [040] 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E 00 01 ........ ........ > [050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 6D ........ .......m > [060] 00 65 00 72 00 6C 00 69 00 6E 00 24 00 .e.r.l.i .n.$. >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=94 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 005e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000010 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 78, incoming data = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000046 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0011 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[19].fn == 0x81755c1 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_lookup_names >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000003 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 num_names1: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 flags : 000003e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c ptr : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 num_names2: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unihdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 uni_str_len: 000e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 uni_max_len: 000e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 buffer : 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0038 buffer : m.e.r.l.i.n.$. >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1094) > _samr_lookup_names: 1094 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_lookup_names: access check ((granted: 0x000f07ff; required: 0000000000) >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1113) > _samr_lookup_names: looking name on SID S-1-5-21-726309263-4128913605-1168186429 >[2005/10/28 18:13:40, 10] passdb/util_sam_sid.c:map_name_to_wellknown_sid(204) > map_name_to_wellknown_sid: looking up merlin$ >[2005/10/28 18:13:40, 4] lib/username.c:map_username(171) > Scanning username map /etc/samba/smbusers >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=merlin$)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(639) > init_sam_from_ldap: Entry found for user: merlin$ >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user merlin$ >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/10/28 18:13:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(994) > No cache entry, bad count = 0, bad time = 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 from rid 3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-553 from rid 553 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4689) > init_samr_r_lookup_names >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1157) > _samr_lookup_names: 1157 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_lookup_names >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 num_rids1: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 ptr_rids : 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 num_rids2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c rid[00] : 00000bca >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 num_types1: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 ptr_types : 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 num_types2: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c type[00] : 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0020 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 46 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 78 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 003c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000010 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000024 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 10 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .$...... ........ > [020] 00 01 00 00 00 CA 0B 00 00 01 00 00 00 01 00 00 ........ ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 134 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x86 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 17 of length 138 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=67 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 11 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 22 00 00 00 00 00 03 00 00 00 00 .....".. ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 00 00 00 02 CA .....bC. ........ > [040] 0B 00 00 ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0034 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000011 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000001c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0022 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[20].fn == 0x8175aa2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_user >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000003 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 access_mask: 02000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 user_rid : 00000bca >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_open_user: access check ((granted: 0x000f07ff; required: 0x00000200) >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-500. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-500 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1001 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-1129 >[2005/10/28 18:13:40, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) > _samr_open_user: access GRANTED (requested: 0x02000000, granted: 0x000f07ff) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 from rid 3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-553 from rid 553 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) > get_samr_info_by_sid: created new info for sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_user >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 1744 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 36 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000011 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 11 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ > [020] 00 00 00 00 00 B4 BE 62 43 F4 17 00 00 00 00 00 .......b C....... > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 650 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x28a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 18 of length 654 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=650 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 568 (0x238) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 568 (0x238) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=583 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 38 02 00 00 12 00 00 00 20 .......8 ....... > [020] 02 00 00 00 00 3A 00 00 00 00 00 04 00 00 00 00 .....:.. ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 18 00 18 00 60 .....bC. .......` > [040] 85 E9 D6 41 1C 81 71 61 76 17 BC 58 E7 79 42 60 ...A..qa v..X.yB` > [050] 0A D0 D0 1F AB E3 DE 93 B9 59 B1 A1 AF D1 31 D6 ........ .Y....1. > [060] A6 15 18 11 90 02 82 9D 28 21 B4 F6 1B 7B 81 31 ........ (!...{.1 > [070] C6 D6 DB 24 69 8C 3D D9 F9 CB BD F7 70 E2 66 B0 ...$i.=. ....p.f. > [080] 80 4D 0B 84 E6 59 1C B7 61 B0 B3 D9 09 93 9C 5E .M...Y.. a......^ > [090] 10 36 EC A2 C2 2C D5 7C 3D 66 25 78 AD 94 31 46 .6...,.| =f%x..1F > [0A0] 0A 0B EE 9D D5 C4 A1 8B BD 76 3D 75 E3 C3 74 3D ........ .v=u..t= > [0B0] 99 30 5B C5 F8 DB 8A 23 2E 3F A2 F3 95 DC 2B 5E .0[....# .?....+^ > [0C0] 26 50 B2 DD D0 49 EB 20 F3 26 48 6F 1F C6 F7 03 &P...I. .&Ho.... > [0D0] 4C AF FF 75 57 99 8E CB B2 4D 29 79 CF 7D 34 26 L..uW... .M)y.}4& > [0E0] 08 E6 02 67 88 BC 11 2F 95 E7 EC 41 CE 8E C1 F6 ...g.../ ...A.... > [0F0] 63 37 6A F2 BB 35 CF 7F D3 BA 11 F5 4E D1 F9 9C c7j..5.. ....N... > [100] C4 0A 4F 7D BA 83 32 5D 00 AC FA AA 07 F7 75 DA ..O}..2] ......u. > [110] CC 2A B6 43 20 D9 47 B2 D6 39 3D 0C 3F C8 D7 D4 .*.C .G. .9=.?... > [120] 3E 6F 42 F5 FD 90 ED B3 CC 1D 07 16 2D 59 30 F7 >oB..... ....-Y0. > [130] 79 8B 81 9B ED 2F 7D A2 C4 05 87 F0 1A 11 2A 2C y..../}. ......*, > [140] E5 CF 40 D3 67 07 98 FD 06 2E A9 08 FA B3 38 21 ..@.g... ......8! > [150] C3 DC 31 CC C2 F7 DC F7 4A 92 14 E2 87 07 88 48 ..1..... J......H > [160] 2E A0 5F BA F0 9C 59 12 55 43 EC BD E7 90 20 89 .._...Y. UC.... . > [170] A9 EB 01 F7 83 59 C0 23 58 17 A7 CE 73 A1 6E FC .....Y.# X...s.n. > [180] 51 B8 92 6C 99 B9 1F 86 EB 60 AC 95 06 96 2E E6 Q..l.... .`...... > [190] 73 0D EF 62 22 A6 D5 87 6E 72 1E 84 81 85 B0 62 s..b"... nr.....b > [1A0] F7 03 F0 FE A2 EF 05 55 21 E9 1C E5 A6 6A 52 CA .......U !....jR. > [1B0] F2 EF E6 45 9B 4A 19 E7 1E E4 4C B4 6A 55 D9 CB ...E.J.. ..L.jU.. > [1C0] 7E F6 9C 6F 63 BF AF 18 2C 4F 8B 78 9C DE 25 B7 ~..oc... ,O.x..%. > [1D0] EC 19 F1 18 21 63 D6 99 22 18 01 A8 72 E7 46 33 ....!c.. "...r.F3 > [1E0] 68 6C F4 F8 69 9F FA D5 B0 7E FD CF AF 6D 63 70 hl..i... .~...mcp > [1F0] 66 F7 4E 55 D9 F8 6B 0E 2B FA F1 9F 6B BE B5 61 f.NU..k. +...k..a >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=568 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 568 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 568 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 568 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 568, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 552 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 552 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0238 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000012 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 552 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 552, incoming data = 552 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000220 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 003a >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[22].fn == 0x8176c0a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 switch_value: 0018 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 switch_value: 0018 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 sam_io_user_info24 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 password: 60 85 e9 d6 41 1c 81 71 61 76 17 bc 58 e7 79 42 60 0a d0 d0 1f ab e3 de 93 b9 59 b1 a1 af d1 31 d6 a6 15 18 11 90 02 82 9d 28 21 b4 f6 1b 7b 81 31 c6 d6 db 24 69 8c 3d d9 f9 cb bd f7 70 e2 66 b0 80 4d 0b 84 e6 59 1c b7 61 b0 b3 d9 09 93 9c 5e 10 36 ec a2 c2 2c d5 7c 3d 66 25 78 ad 94 31 46 0a 0b ee 9d d5 c4 a1 8b bd 76 3d 75 e3 c3 74 3d 99 30 5b c5 f8 db 8a 23 2e 3f a2 f3 95 dc 2b 5e 26 50 b2 dd d0 49 eb 20 f3 26 48 6f 1f c6 f7 03 4c af ff 75 57 99 8e cb b2 4d 29 79 cf 7d 34 26 08 e6 02 67 88 bc 11 2f 95 e7 ec 41 ce 8e c1 f6 63 37 6a f2 bb 35 cf 7f d3 ba 11 f5 4e d1 f9 9c c4 0a 4f 7d ba 83 32 5d 00 ac fa aa 07 f7 75 da cc 2a b6 43 20 d9 47 b2 d6 39 3d 0c 3f c8 d7 d4 3e 6f 42 f5 fd 90 ed b3 cc 1d 07 16 2d 59 30 f7 79 8b 81 9b ed 2f 7d a2 c4 05 87 f0 1a 11 2a 2c e5 cf 40 d3 67 07 98 fd 06 2e a9 08 fa b3 38 21 c3 dc 31 cc c2 f7 dc f7 4a 92 14 e2 87 07 88 48 2e a0 5f ba f0 9c 59 12 55 43 ec bd e7 90 20 89 a9 eb 01 f7 83 59 c0 23 58 17 a7 ce 73 a1 6e fc 51 b8 92 6c 99 b9 1f 86 eb 60 a +> > c 95 06 96 2e e6 73 0d ef 62 22 a6 d5 87 6e 72 1e 84 81 85 b0 62 f7 03 f0 fe a2 ef 05 55 21 e9 1c e5 a6 6a 52 ca f2 ef e6 45 9b 4a 19 e7 1e e4 4c b4 6a 55 d9 cb 7e f6 9c 6f 63 bf af 18 2c 4f 8b 78 9c de 25 b7 ec 19 f1 18 21 63 d6 99 22 18 01 a8 72 e7 46 33 68 6c f4 f8 69 9f fa d5 b0 7e fd cf af 6d 63 70 66 f7 4e 55 d9 f8 6b 0e 2b fa f1 9f 6b be b5 61 85 9d a1 56 1a 42 90 dc 9b 04 ec 7d a3 f0 97 b0 b6 45 d2 7f d0 74 78 08 0e b8 df 68 8e ff 08 aa ed b7 01 ae c6 ee 1f cf ab 9a 86 08 a4 67 e5 09 7c 0f fb d5 50 ab db 06 f4 a3 79 ba cd cc 8b 98 00 58 f5 >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2755) > _samr_set_userinfo: 2755 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_set_userinfo: access check ((granted: 0x000f07ff; required: 0x000000b0) >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2771) > _samr_set_userinfo: sid:S-1-5-21-726309263-4128913605-1168186429-3018, level:24 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 from rid 3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-553 from rid 553 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2803) > _samr_set_userinfo: does possess sufficient rights >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2687) > Attempting administrator password change for user merlin$ >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:12:39 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_get(401) > cache_account_policy_get: no valid cache entry (cache expired) >[2005/10/28 18:13:40, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3349) > ldapsam_get_account_policy_from_ldap >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [sambaDomainName=MIDEARTH,dc=terpstra-world,dc=org], filter => [(objectclass=*)], scope => [0] >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_set(368) > cache_account_policy_set: updating account pol cache >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_set(348) > account_policy_set: name: maximum password age, value: -1 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:12:39 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(203) > account policy cache lastset now: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_set(380) > cache_account_policy_set: cache valid until: Fri, 28 Oct 2005 18:14:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:12:39 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_get(401) > cache_account_policy_get: no valid cache entry (cache expired) >[2005/10/28 18:13:40, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3349) > ldapsam_get_account_policy_from_ldap >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [sambaDomainName=MIDEARTH,dc=terpstra-world,dc=org], filter => [(objectclass=*)], scope => [0] >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_set(368) > cache_account_policy_set: updating account pol cache >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_set(348) > account_policy_set: name: minimum password age, value: 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:12:39 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(203) > account policy cache lastset now: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:cache_account_policy_set(380) > cache_account_policy_set: cache valid until: Fri, 28 Oct 2005 18:14:40 GMT >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2707) > Changing trust account or non-unix-user password, not updating /etc/passwd >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2725) > set_user_info_pw: pdb_update_pwd() >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=merlin$)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1836) > ldapsam_update_sam_account: user merlin$ to be modified has dn: uid=merlin$,ou=Computers,ou=Users,dc=terpstra-world,dc=org >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1054) > init_ldap_from_sam: Setting entry for user: merlin$ >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(454) > smbldap_make_mod: deleting attribute |sambaPwdCanChange| values |1130544759| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(463) > smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1130544820| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(438) > smbldap_make_mod: attribute |sambaPwdMustChange| not changed. >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(454) > smbldap_make_mod: deleting attribute |sambaLMPassword| values |6DDB6584C6DCFC2D64AD4C2D8725BFCC| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(463) > smbldap_make_mod: adding attribute |sambaLMPassword| value |9418E92DD6FF1190B13B4D390E77FEED| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(454) > smbldap_make_mod: deleting attribute |sambaNTPassword| values |60CAA50831FFDBE466509EC2162D1192| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(463) > smbldap_make_mod: adding attribute |sambaNTPassword| value |57D16D15B4E6D066A70F90ABDDAF5420| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(454) > smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |1130544759| >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(463) > smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1130544820| >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_modify(1159) > smbldap_modify: dn => [uid=merlin$,ou=Computers,ou=Users,dc=terpstra-world,dc=org] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1869) > ldapsam_update_sam_account: successfully modified uid = merlin$ in the LDAP database >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0000 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:api_rpcTNP(2214) > api_rpcTNP: rpc input buffer underflow (parse error?) >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 021c : 18 00 00 00 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 526 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 552 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 001c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000012 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 12 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 134 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x86 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 19 of length 138 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=67 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 13 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 25 00 00 00 00 00 04 00 00 00 00 .....%.. ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 10 00 10 00 00 .....bC. ........ > [040] 01 00 00 ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0034 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000013 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000001c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0025 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x25 - api_rpcTNP: rpc command: SAMR_SET_USERINFO2 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[23].fn == 0x8176db5 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 switch_value: 0010 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 switch_value: 0010 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 samr_io_r_user_info16 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 acb_info: 00000100 >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo2(2896) > samr_reply_set_userinfo2: 2896 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_set_userinfo2: access check ((granted: 0x000f07ff; required: 0x000000b0) >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo2(2912) > samr_reply_set_userinfo2: sid:S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(sambaSID=S-1-5-21-726309263-4128913605-1168186429-3018)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(639) > init_sam_from_ldap: Entry found for user: merlin$ >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user merlin$ >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/10/28 18:13:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(994) > No cache entry, bad count = 0, bad time = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo2(2943) > _samr_set_userinfo: does possess sufficient rights >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1836) > ldapsam_update_sam_account: user merlin$ to be modified has dn: uid=merlin$,ou=Computers,ou=Users,dc=terpstra-world,dc=org >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1054) > init_ldap_from_sam: Setting entry for user: merlin$ >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_make_mod(438) > smbldap_make_mod: attribute |sambaAcctFlags| not changed. >[2005/10/28 18:13:40, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1849) > ldapsam_update_sam_account: mods is empty: nothing to update for user: merlin$ >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0000 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 12 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 36 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 001c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000013 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 13 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 126 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x7e >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 20 of length 130 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=21 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=59 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 14 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 04 00 00 00 00 ........ ........ > [030] 00 00 00 B4 BE 62 43 F4 17 00 00 .....bC. ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: samr open: Yes len: 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000014 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000014 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0001 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[0].fn == 0x81745fe >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_close_hnd >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000004 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: b4 be 62 43 f4 17 00 00 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/10/28 18:13:40, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_close_hnd >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000c data5: 00 00 00 00 00 00 00 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0014 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called samr successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 28 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: samr len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000014 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=21 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 14 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 21 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=22 > smt_wct=3 > smb_vwv[ 0]=28993 (0x7141) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name samr pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7141 >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/10/28 18:13:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B4 BE 62 43 ........ ......bC > [010] F4 17 00 00 .... >[2005/10/28 18:13:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe samr >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name samr pnum=7141 (pipes_open=0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=22 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 104 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x68 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 22 of length 108 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=23 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=21 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \NETLOGON. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe NETLOGON opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe NETLOGON (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 7142 (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7142 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=23 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=16896 (0x4200) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 154 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 23 of length 158 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28994 (0x7142) > smb_bcc=87 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 15 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7142 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7142 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7142) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7142 name: NETLOGON open: Yes len: 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000015 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345678 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 cf fb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\samr >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\NETLOGON >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000015 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 56 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7142 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 176 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb0 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 24 of length 180 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28994 (0x7142) > smb_bcc=109 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 16 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 04 00 01 00 00 00 09 00 00 00 00 ........ ........ > [030] 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 00 52 .......\ .\.M.E.R > [040] 00 4C 00 49 00 4E 00 00 00 00 00 07 00 00 00 00 .L.I.N.. ........ > [050] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [060] 00 4E 00 00 00 28 49 64 FC 45 64 9E B6 .N...(Id .Ed.. >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=94 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7142 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7142 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7142) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7142 name: NETLOGON open: Yes len: 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 005e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000016 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 78, incoming data = 78 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000046 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0004 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 72 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[0].fn == 0x814890e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0030 buffer : M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 003e data: 28 49 64 fc 45 64 9e b6 >[2005/10/28 18:13:40, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) > init_net_r_req_chal: 41 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0000 data: fd 4e 74 40 ee 0e a8 bd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0008 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called NETLOGON successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 32 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 78 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7142 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0024 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000016 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 0000000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 FD 4E 74 40 EE 0E A8 ........ ..Nt@... > [020] BD 00 00 00 00 ..... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 214 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xd6 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 25 of length 218 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=214 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=26 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 132 (0x84) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28994 (0x7142) > smb_bcc=147 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 84 00 00 00 17 00 00 00 6C ........ .......l > [020] 00 00 00 00 00 0F 00 01 00 00 00 09 00 00 00 00 ........ ........ > [030] 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 00 52 .......\ .\.M.E.R > [040] 00 4C 00 49 00 4E 00 00 00 00 00 08 00 00 00 00 .L.I.N.. ........ > [050] 00 00 00 08 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [060] 00 4E 00 24 00 00 00 06 00 00 00 07 00 00 00 00 .N.$.... ........ > [070] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I > [080] 00 4E 00 00 00 A2 2B 97 FD 33 3D 01 E6 00 00 FF .N....+. .3=..... > [090] 01 07 40 ..@ >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=132 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7142 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7142 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7142) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7142 name: NETLOGON open: Yes len: 132 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 132 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 132 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 132, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 116 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 116 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0084 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000017 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 116 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 116, incoming data = 116 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000006c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 000f >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[2].fn == 0x8148c3a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_max_len: 00000008 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_str_len: 00000008 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0030 buffer : M.E.R.L.I.N.$... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0040 sec_chan: 0006 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0044 uni_max_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0048 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c uni_str_len: 00000007 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0050 buffer : M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00005e smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 005e data: a2 2b 97 fd 33 3d 01 e6 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 net_io_neg_flags >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0068 neg_flags: 400701ff >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=MERLIN$)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(639) > init_sam_from_ldap: Entry found for user: merlin$ >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user merlin$ >[2005/10/28 18:13:40, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2005/10/28 18:13:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(994) > No cache entry, bad count = 0, bad time = 0 >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username merlin$, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Computer - Merlin, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\merlin_, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-3018 from rid 3018 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-553 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-553 from rid 553 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] 57 D1 6D 15 B4 E6 D0 66 A7 0F 90 AB DD AF 54 20 W.m....f ......T >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(116) > creds_server_init: client chal : 284964FC45649EB6 >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(117) > creds_server_init: server chal : FD4E7440EE0EA8BD >[2005/10/28 18:13:40, 4] libsmb/credentials.c:cred_create_session_key(65) > cred_create_session_key >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(67) > clnt_chal_in: 284964FC45649EB6 >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(68) > srv_chal_in : FD4E7440EE0EA8BD >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(69) > clnt+srv : 2598D83C33734674 >[2005/10/28 18:13:40, 5] libsmb/credentials.c:cred_create_session_key(70) > sess_key_out : 94D786EFE60E4BC4 >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(143) > creds_server_init: clnt : A22B97FD333D01E6 >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(144) > creds_server_init: server : 18BD479498D9668D >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_init(145) > creds_server_init: seed : A22B97FD333D01E6 >[2005/10/28 18:13:40, 10] libsmb/credentials.c:creds_server_check(162) > creds_server_check: credentials check OK. >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 3] passdb/secrets.c:secrets_store_schannel_session_info(1054) > secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/MERLIN >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0000 data: 18 bd 47 94 98 d9 66 8d >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 neg_flags: 400001ff >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 000c status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called NETLOGON successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 48 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 116 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7142 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0028 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000017 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000010 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=26 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 18 BD 47 94 98 D9 66 ........ ...G...f > [020] 8D FF 01 00 40 00 00 00 00 ....@... . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 104 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x68 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 26 of length 108 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=27 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=21 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \NETLOGON. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe NETLOGON opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name NETLOGON pnum=7142 >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 2 for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe NETLOGON (pipes_open=1) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 7143 (pipes_open=2) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7143 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7142 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=27 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=17152 (0x4300) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 186 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xba >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 27 of length 190 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=28 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28995 (0x7143) > smb_bcc=119 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 68 00 18 00 18 00 00 00 B8 .......h ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 4D 49 44 45 41 52 54 48 00 .......M IDEARTH. > [070] 4D 45 52 4C 49 4E 00 MERLIN. >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=104 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7143 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7143 (pipes_open=2) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7142 (pipes_open=2) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7143) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d6920 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7143 name: NETLOGON open: Yes len: 104 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 104 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 104 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 88 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 88 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0068 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0018 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000018 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 88 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 88, incoming data = 88 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345678 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 cf fb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_rpc_hdr_auth >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 auth_type : 44 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 auth_level : 06 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a auth_pad_len : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b auth_reserved: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 003c auth_context_id: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_rpc_auth_schannel_neg >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0040 type1: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0044 type2: 00000003 >[2005/10/28 18:13:40, 6] lib/util.c:dump_data(2063) > [000] 4D 49 44 45 41 52 54 48 MIDEARTH >[2005/10/28 18:13:40, 6] lib/util.c:dump_data(2063) > [000] 4D 45 52 4C 49 4E MERLIN >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 3] passdb/secrets.c:secrets_restore_schannel_session_info(1142) > secrets_store_schannel_session_info: restored schannel info key SECRETS/SCHANNEL/MERLIN >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_auth >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 auth_type : 44 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 auth_level : 06 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 auth_pad_len : 08 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 auth_reserved: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 auth_context_id: 00000001 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_schannel_verifier >[2005/10/28 18:13:40, 6] lib/util.c:dump_data(2063) > [000] 01 . >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000a msg_type : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 flags : 00000005 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:pipe_schannel_auth_bind(1279) > pipe_schannel_auth_bind: schannel auth: domain [MIDEARTH] myname [MERLIN] >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\samr >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\NETLOGON >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0058 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000018 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 88 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7143 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: NETLOGON: current_pdu_len = 88, current_pdu_sent = 0 returning 88 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..88] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=28 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 18 00 00 ........ .X...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 08 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 05 00 00 00 ........ . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 28 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=29 > smt_wct=3 > smb_vwv[ 0]=28994 (0x7142) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7142 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7143 (pipes_open=2) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7142 (pipes_open=2) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7142 >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name NETLOGON pnum=7142 (pipes_open=1) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=29 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 29 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=30 > smt_wct=3 > smb_vwv[ 0]=28995 (0x7143) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6132) conn 0x83daa30 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7143 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7143 (pipes_open=1) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7143 >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name NETLOGON pnum=7143 (pipes_open=0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=30 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] smbd/reply.c:reply_special(494) > init msg_type=0x81 msg_flags=0x0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 179 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb3 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 1 of length 183 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=179 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=55297 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=2 > smt_wct=0 > smb_bcc=144 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 53 DOS LANM AN2.1..S > [070] 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E 20 amba..NT LANMAN > [080] 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 1.0..NT LM 0.12. >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBnegprot (pid 6133) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [LANMAN1.0] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [LM1.2X002] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [DOS LANMAN2.1] >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(474) > Requested protocol [Samba] >[2005/10/28 18:13:40, 10] lib/util.c:set_remote_arch(2038) > set_remote_arch: Client arch is 'Samba' >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_nt1(345) > using SPNEGO >[2005/10/28 18:13:40, 3] smbd/negprot.c:reply_negprot(567) > Selected protocol NT LANMAN 1.0 >[2005/10/28 18:13:40, 5] smbd/negprot.c:reply_negprot(573) > negprot index=7 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=85 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=62720 (0xF500) > smb_vwv[ 8]= 23 (0x17) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=15186 (0x3B52) > smb_vwv[13]= 7581 (0x1D9D) > smb_vwv[14]=50652 (0xC5DC) > smb_vwv[15]=26625 (0x6801) > smb_vwv[16]= 1 (0x1) > smb_bcc=16 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 6D 65 72 6C 69 6E 00 00 00 00 00 00 00 00 00 00 merlin.. ........ >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 88 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x58 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 2 of length 92 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=0 > smb_mid=3 > smt_wct=13 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 6130 (0x17F2) > smb_vwv[ 5]= 6133 (0x17F5) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=49244 (0xC05C) > smb_vwv[12]= 0 (0x0) > smb_bcc=27 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S > [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBsesssetupX (pid 6133) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(795) > wct=13 flg2=0xc801 >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(941) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(956) > sesssetupX:name=[]\[]@[merlin] >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 3] smbd/sesssetup.c:check_guest_password(115) > Got anonymous request >[2005/10/28 18:13:40, 5] auth/auth.c:make_auth_context_subsystem(482) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2005/10/28 18:13:40, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match guest >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method guest has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match sam >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method sam has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match trustdomain >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method trustdomain has a valid init >[2005/10/28 18:13:40, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method winbind has a valid init >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(99) > attempting to make a user_info for () >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(109) > making strings for 's user_info struct >[2005/10/28 18:13:40, 5] auth/auth_util.c:make_user_info(151) > making blobs for 's user_info struct >[2005/10/28 18:13:40, 10] auth/auth_util.c:make_user_info(167) > made an encrypted user_info for () >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: []\[]@[] >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by fixed >[2005/10/28 18:13:40, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2005/10/28 18:13:40, 5] lib/util.c:dump_data(2063) > [000] 00 00 00 00 00 00 00 00 ........ >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username nobody, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain MIDEARTH, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name nobody, was >[2005/10/28 18:13:40, 4] lib/substitute.c:automount_server(337) > Home server: merlin >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\merlin\nobody, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script scripts\logon.bat, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\merlin\profiles\nobody, was >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_cache_timestamp(193) > account policy cache lastset was: Fri, 28 Oct 2005 18:13:40 GMT >[2005/10/28 18:13:40, 10] lib/account_pol.c:account_policy_get(321) > account_policy_get: name: password history, val: 0 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-726309263-4128913605-1168186429-501 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-726309263-4128913605-1168186429-501 from rid 501 >[2005/10/28 18:13:40, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-726309263-4128913605-1168186429-514 >[2005/10/28 18:13:40, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-726309263-4128913605-1168186429-514 from rid 514 >[2005/10/28 18:13:40, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: guest authentication for user [] succeeded >[2005/10/28 18:13:40, 5] auth/auth.c:check_ntlm_password(307) > check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_user_info(1454) > attempting to free (and zero) a user_info structure >[2005/10/28 18:13:40, 10] auth/auth_util.c:free_user_info(1457) > structure was created for >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_user_info(1454) > attempting to free (and zero) a user_info structure >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 100 >[2005/10/28 18:13:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2005/10/28 18:13:40, 10] smbd/password.c:register_vuid(255) > register_vuid: (65534,65533) nobody nobody MIDEARTH guest=1 >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(257) > User name: nobody Real name: nobody >[2005/10/28 18:13:40, 3] smbd/password.c:register_vuid(276) > UNIX uid 65534 is UNIX user nobody, and will be vuid 100 >[2005/10/28 18:13:40, 6] param/loadparm.c:lp_file_list_changed(2838) > lp_file_list_changed() > file /etc/samba/smb-%L.conf -> /etc/samba/smb-merlin.conf last mod_time: Wed Oct 19 01:55:41 2005 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Oct 28 18:13:36 2005 > >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=150 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=100 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=109 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 > [020] 00 31 00 70 00 72 00 65 00 31 00 2D 00 53 00 56 .1.p.r.e .1.-.S.V > [030] 00 4E 00 2D 00 62 00 75 00 69 00 6C 00 64 00 2D .N.-.b.u .i.l.d.- > [040] 00 55 00 4E 00 4B 00 4E 00 4F 00 57 00 4E 00 2D .U.N.K.N .O.W.N.- > [050] 00 53 00 55 00 53 00 45 00 00 00 4D 00 49 00 44 .S.U.S.E ...M.I.D > [060] 00 45 00 41 00 52 00 54 00 48 00 00 00 .E.A.R.T .H... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 76 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x4c >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 3 of length 80 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=6130 > smb_uid=100 > smb_mid=4 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 5C 00 4D 00 45 00 52 00 4C 00 49 00 4E .\.\.M.E .R.L.I.N > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC > [020] 00 . >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtconX (pid 6133) conn 0x0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 4] smbd/reply.c:reply_tcon_and_X(617) > Client requested device type [IPC] for share [IPC$] >[2005/10/28 18:13:40, 5] smbd/service.c:make_connection(815) > making a connection to 'normal' service ipc$ >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_alloc(313) > Finding user nobody >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_internals(262) > Trying _Get_Pwnam(), username as lowercase is nobody >[2005/10/28 18:13:40, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2005/10/28 18:13:40, 5] lib/username.c:Get_Pwnam_internals(290) > Get_Pwnam_internals did find user [nobody]! >[2005/10/28 18:13:40, 3] smbd/service.c:make_connection_snum(478) > Connect path is '/var/tmp' for service [IPC$] >[2005/10/28 18:13:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(218) > get_share_security: using default secdesc for IPC$ >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2005/10/28 18:13:40, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2005/10/28 18:13:40, 3] smbd/vfs.c:vfs_init_default(215) > Initialising default vfs hooks >[2005/10/28 18:13:40, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2005/10/28 18:13:40, 10] smbd/uid.c:is_share_read_only_for_user(122) > is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >[2005/10/28 18:13:40, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(218) > get_share_security: using default secdesc for IPC$ >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2005/10/28 18:13:40, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-726309263-4128913605-1168186429-501. >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(250) >[2005/10/28 18:13:40, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-726309263-4128913605-1168186429-501 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132067 > se_access_check: also S-1-5-21-726309263-4128913605-1168186429-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2005/10/28 18:13:40, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-501 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-132067 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(65534,65534) gid=(0,65533) >[2005/10/28 18:13:40, 3] smbd/service.c:make_connection_snum(666) > merlin (172.16.10.4) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 6133) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/reply.c:reply_tcon_and_X(665) > tconX service=IPC$ >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 49 50 43 00 00 00 00 IPC.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 104 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x68 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 4 of length 108 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=5 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=21 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 6133) conn 0x836db50 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-726309263-4128913605-1168186429-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-726309263-4128913605-1168186429-501 > SID[ 1]: S-1-5-21-726309263-4128913605-1168186429-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-726309263-4128913605-1168186429-132067 > SID[ 6]: S-1-5-21-726309263-4128913605-1168186429-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(65534,65534) gid=(0,65533) >[2005/10/28 18:13:40, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to /var/tmp >[2005/10/28 18:13:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2005/10/28 18:13:40, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \NETLOGON. >[2005/10/28 18:13:40, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe NETLOGON opening. >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) > Created internal pipe NETLOGON (pipes_open=0) >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 7141 (pipes_open=1) >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=7141 >[2005/10/28 18:13:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=16640 (0x4100) > smb_vwv[ 3]= 369 (0x171) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 154 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x9a >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 5 of length 158 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=87 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 19 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6133) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: NETLOGON open: Yes len: 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000019 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 11, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 11 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1423) > api_pipe_bind_req: decode request. 1423 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1434) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345678 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0018 data : ef 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 001a data : 01 23 45 67 cf fb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002c data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002e data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1476) > api_pipe_bind_req: make response. 1476 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe.c:check_bind_req(910) > check_bind_req for \PIPE\NETLOGON >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\lsarpc >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\samr >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe.c:check_bind_req(915) > checking \PIPE\NETLOGON >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 000a str: \PIPE\lsass. >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0028 data : 9f e8 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 002a data : 08 00 2b 10 48 60 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000019 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 56 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(979) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 19 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 180 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xb4 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 6 of length 184 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=113 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 1A 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 09 00 00 00 00 ........ ........ > [030] 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 00 52 .......\ .\.M.E.R > [040] 00 4C 00 49 00 4E 00 00 00 00 00 09 00 00 00 00 .L.I.N.. ........ > [050] 00 00 00 09 00 00 00 4D 00 49 00 44 00 45 00 41 .......M .I.D.E.A > [060] 00 52 00 54 00 48 00 00 00 CC 7A 47 11 41 12 4C .R.T.H.. ..zG.A.L > [070] 29 ) >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6133) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=98 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: NETLOGON open: Yes len: 98 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 98 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 82 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0062 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000001a >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 82 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 82, incoming data = 82 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000004a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0004 >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 72 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[0].fn == 0x814890e >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0030 buffer : M.I.D.E.A.R.T.H... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0042 data: cc 7a 47 11 41 12 4c 29 >[2005/10/28 18:13:40, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) > init_net_r_req_chal: 41 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0000 data: 1c 2d 56 ab d8 41 c3 20 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 0008 status: NT_STATUS_OK >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called NETLOGON successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 36 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 82 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0024 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000001a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 0000000c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 1A 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 1C 2D 56 AB D8 41 C3 ........ ..-V..A. > [020] 20 00 00 00 00 .... >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 222 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xde >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 7 of length 226 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=222 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 140 (0x8C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 140 (0x8C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28993 (0x7141) > smb_bcc=155 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 8C 00 00 00 1B 00 00 00 74 ........ .......t > [020] 00 00 00 00 00 0F 00 01 00 00 00 09 00 00 00 00 ........ ........ > [030] 00 00 00 09 00 00 00 5C 00 5C 00 4D 00 45 00 52 .......\ .\.M.E.R > [040] 00 4C 00 49 00 4E 00 00 00 00 00 0A 00 00 00 00 .L.I.N.. ........ > [050] 00 00 00 0A 00 00 00 4D 00 49 00 44 00 45 00 41 .......M .I.D.E.A > [060] 00 52 00 54 00 48 00 24 00 00 00 06 00 00 00 09 .R.T.H.$ ........ > [070] 00 00 00 00 00 00 00 09 00 00 00 4D 00 49 00 44 ........ ...M.I.D > [080] 00 45 00 41 00 52 00 54 00 48 00 00 00 29 19 56 .E.A.R.T .H...).V > [090] B3 0F 8A C8 BF 00 00 FF 01 07 40 ........ ..@ >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 6133) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=140 params=0 setup=2 >[2005/10/28 18:13:40, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2005/10/28 18:13:40, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2005/10/28 18:13:40, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 7141) >[2005/10/28 18:13:40, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d74e0 max_trans_reply: 4280 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(862) > write_to_pipe: 7141 name: NETLOGON open: Yes len: 140 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 140 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 140 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) > fill_rpc_header: data_to_copy = 140, len_needed_to_complete_hdr = 16, receive_len = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 16 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 124 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 124 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 008c >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000001b >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) > unmarshall_rpc_header: using little-endian RPC >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) > unmarshall_rpc_header: type = 0, flags = 3 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 0 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(884) > write_to_pipe: data_left = 124 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(783) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 124, incoming data = 124 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) > process_complete_pdu: processing packet type 0 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000074 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 000f >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 0 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2123) > Requested \PIPE\NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2158) > api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2184) > api_rpc_cmds[2].fn == 0x8148c3a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0010 buffer : \.\.M.E.R.L.I.N... >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000022 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_max_len: 0000000a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c uni_str_len: 0000000a >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0030 buffer : M.I.D.E.A.R.T.H.$... >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0044 sec_chan: 0006 >[2005/10/28 18:13:40, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000046 smb_io_unistr2 unistr2 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0048 uni_max_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c offset : 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0050 uni_str_len: 00000009 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) > 0054 buffer : M.I.D.E.A.R.T.H... >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0066 data: 29 19 56 b3 0f 8a c8 bf >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006e net_io_neg_flags >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0070 neg_flags: 400701ff >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_search_ext(985) > smbldap_search_ext: base => [dc=terpstra-world,dc=org], filter => [(&(uid=MIDEARTH$)(objectclass=sambaSamAccount))], scope => [2] >[2005/10/28 18:13:40, 5] lib/smbldap.c:smbldap_close(894) > The connection to the LDAP server was closed >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_open_connection(538) > smbldap_open_connection: ldap://localhost >[2005/10/28 18:13:40, 2] lib/smbldap.c:smbldap_open_connection(634) > smbldap_open_connection: connection opened >[2005/10/28 18:13:40, 10] lib/smbldap.c:smbldap_connect_system(766) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=terpstra-world,dc=org" >[2005/10/28 18:13:40, 3] lib/smbldap.c:smbldap_connect_system(809) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2005/10/28 18:13:40, 4] lib/smbldap.c:smbldap_open(874) > The LDAP server is succesfully connected >[2005/10/28 18:13:40, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1477) > ldapsam_getsampwnam: Unable to locate user [MIDEARTH$] count=0 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 0] rpc_server/srv_netlog_nt.c:get_md4pw(241) > get_md4pw: Workstation MIDEARTH$: no account in domain >[2005/10/28 18:13:40, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(409) > _net_auth2: failed to get machine password for account MIDEARTH$ >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8s(790) > 0000 data: 00 00 00 00 00 00 00 00 >[2005/10/28 18:13:40, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 neg_flags: 00000000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) > 000c status: NT_STATUS_ACCESS_DENIED >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2205) > api_rpcTNP: called NETLOGON successfully >[2005/10/28 18:13:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) > free_pipe_context: destroying talloc pool of size 56 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(888) > write_to_pipe: data_used = 124 >[2005/10/28 18:13:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(920) > read_from_pipe: 7141 name: NETLOGON len: 4280 >[2005/10/28 18:13:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(993) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0028 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000001b >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000010 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2005/10/28 18:13:40, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2005/10/28 18:13:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2005/10/28 18:13:40, 10] lib/util.c:dump_data(2063) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 1B 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 22 00 00 C0 .....".. . >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x29 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 8 of length 45 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=9 > smt_wct=3 > smb_vwv[ 0]=28993 (0x7141) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBclose (pid 6133) conn 0x836db50 >[2005/10/28 18:13:40, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1191) > search for pipe pnum=7141 >[2005/10/28 18:13:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1195) > pipe name NETLOGON pnum=7141 (pipes_open=1) >[2005/10/28 18:13:40, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7141 >[2005/10/28 18:13:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2005/10/28 18:13:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1094) > closed pipe name NETLOGON pnum=7141 (pipes_open=0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=9 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 35 >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x23 >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) > Transaction 9 of length 39 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) > switch message SMBtdis (pid 6133) conn 0x836db50 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/service.c:close_cnum(839) > merlin (172.16.10.4) closed connection to service IPC$ >[2005/10/28 18:13:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2005/10/28 18:13:40, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to / >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_data(517) >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > read_data: read of 4 returned 0. Error = Success > got smb length of 35 >[2005/10/28 18:13:40, 10] lib/util_sock.c:receive_smb_raw(666) > receive_smb_raw: length < 0! >[2005/10/28 18:13:40, 6] smbd/process.c:process_smb(1193) >[2005/10/28 18:13:40, 3] smbd/process.c:timeout_processing(1447) > timeout_processing: End of file from client (client has disconnected). > got message type 0x0 of len 0x23 >[2005/10/28 18:13:40, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/10/28 18:13:40, 3] smbd/process.c:process_smb(1194) >[2005/10/28 18:13:40, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. > Transaction 30 of length 39 >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=31 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 3] smbd/process.c:switch_message(993) >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > switch message SMBtdis (pid 6132) conn 0x83daa30 > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) >[2005/10/28 18:13:40, 2] smbd/server.c:exit_server(614) > Closing connections > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_server_info(1480) > attempting to free (and zero) a server_info structure >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) >[2005/10/28 18:13:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) >[2005/10/28 18:13:40, 3] smbd/server.c:exit_server(655) > Server exit (normal exit) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 3] smbd/service.c:close_cnum(839) > merlin (172.16.10.4) closed connection to service IPC$ >[2005/10/28 18:13:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2005/10/28 18:13:40, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to / >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(454) >[2005/10/28 18:13:40, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=6130 > smb_uid=101 > smb_mid=31 > smt_wct=0 > smb_bcc=0 >[2005/10/28 18:13:40, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2005/10/28 18:13:40, 10] smbd/process.c:run_events(299) > run_events: No events >[2005/10/28 18:13:40, 10] lib/util_sock.c:read_data(517) > read_data: read of 4 returned 0. Error = Success >[2005/10/28 18:13:40, 10] lib/util_sock.c:receive_smb_raw(666) > receive_smb_raw: length < 0! >[2005/10/28 18:13:40, 3] smbd/process.c:timeout_processing(1447) > timeout_processing: End of file from client (client has disconnected). >[2005/10/28 18:13:40, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2005/10/28 18:13:40, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2005/10/28 18:13:40, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2005/10/28 18:13:40, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2005/10/28 18:13:40, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2005/10/28 18:13:40, 2] smbd/server.c:exit_server(614) > Closing connections >[2005/10/28 18:13:40, 5] auth/auth_util.c:free_server_info(1480) > attempting to free (and zero) a server_info structure >[2005/10/28 18:13:40, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2005/10/28 18:13:40, 3] smbd/server.c:exit_server(655) > Server exit (normal exit)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3224
: 1552 |
1553
|
1561
|
1562
|
1563