[2021/11/25 17:13:32.377610, 0] ../../source3/smbd/server.c:1784(main) smbd version 4.13.4-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2020 [2021/11/25 17:13:32.378019, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 doing parameter max log size = 20000 doing parameter include = /etc/samba/print.conf doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter cups options = raw doing parameter cups server = localhost:631 doing parameter spoolss: architecture = Windows x64 doing parameter root preexec = /usr/bin/renice +18 -p %d doing parameter force printername = yes doing parameter rpc_server:spoolss = external doing parameter rpc_daemon:spoolssd = fork doing parameter spoolssd:prefork_min_children = 5 doing parameter spoolssd:prefork_child_min_life = 120 doing parameter printcap cache time = 60 [2021/11/25 17:13:32.378378, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:3985(lp_load_ex) pm_process() returned Yes [2021/11/25 17:13:32.378398, 7, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:4320(lp_servicenumber) lp_servicenumber: couldn't find homes [2021/11/25 17:13:32.378735, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref) messaging_dgm_ref: messaging_dgm_init returned Success [2021/11/25 17:13:32.378862, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref) messaging_dgm_ref: unique = 7929372908757050509 [2021/11/25 17:13:32.378941, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 2 - private_data=(nil) [2021/11/25 17:13:32.378976, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2021/11/25 17:13:32.378993, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 11 - private_data=(nil) [2021/11/25 17:13:32.379007, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 12 - private_data=(nil) [2021/11/25 17:13:32.379021, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2021/11/25 17:13:32.379035, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 1 - private_data=(nil) [2021/11/25 17:13:32.379048, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 5 - private_data=(nil) [2021/11/25 17:13:32.379061, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 51 - private_data=(nil) [2021/11/25 17:13:32.379075, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:611(messaging_init_internal) messaging_init_internal: my id: 62409 [2021/11/25 17:13:32.379098, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_config.c:45(global_dcesrv_context) global_dcesrv_context: Initializing DCE/RPC server context [2021/11/25 17:13:32.379174, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 [2021/11/25 17:13:32.379402, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:3943(lp_load_ex) lp_load_ex: refreshing parameters [2021/11/25 17:13:32.379427, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1369(free_param_opts) Freeing parametrics: [2021/11/25 17:13:32.379465, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:551(init_globals) Initialising global parameters [2021/11/25 17:13:32.379543, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:2845(lp_do_section) Processing section "[global]" doing parameter unix extensions = no doing parameter security = ads doing parameter restrict anonymous = 2 doing parameter ldap ssl = start_tls doing parameter ldap server require strong auth = allow_sasl_over_tls doing parameter disable netbios = yes doing parameter netbios name = PRINT-MR2-FRA doing parameter realm = AD.CORP.ACME.COM doing parameter workgroup = ACME doing parameter local master = no doing parameter domain master = no doing parameter admin users = @"domain admins" @helpdesk-full doing parameter enable asu support = no doing parameter inherit acls = yes doing parameter server signing = auto doing parameter client signing = auto doing parameter smb encrypt = desired doing parameter deadtime = 15 doing parameter server min protocol = SMB2 doing parameter server max protocol = SMB3 doing parameter client min protocol = SMB2 doing parameter client max protocol = SMB3 doing parameter fake oplocks = yes doing parameter kernel oplocks = no doing parameter idmap config * : backend = tdb doing parameter idmap config * : range = 3000-7999 doing parameter idmap config ACME:backend = ad doing parameter idmap config ACME:range = 1000000-9999999 doing parameter map to guest = bad uid doing parameter ntlm auth = no doing parameter log level = 10 [2021/11/25 17:13:32.379831, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 doing parameter max log size = 20000 doing parameter include = /etc/samba/print.conf doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter cups options = raw doing parameter cups server = localhost:631 doing parameter spoolss: architecture = Windows x64 doing parameter root preexec = /usr/bin/renice +18 -p %d doing parameter force printername = yes doing parameter rpc_server:spoolss = external doing parameter rpc_daemon:spoolssd = fork doing parameter spoolssd:prefork_min_children = 5 doing parameter spoolssd:prefork_child_min_life = 120 doing parameter printcap cache time = 60 [2021/11/25 17:13:32.380145, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:2862(lp_do_section) Processing section "[printers]" [2021/11/25 17:13:32.380170, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1484(add_a_service) add_a_service: Creating snum = 0 for printers [2021/11/25 17:13:32.380185, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1526(hash_a_service) hash_a_service: creating servicehash [2021/11/25 17:13:32.380200, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1534(hash_a_service) hash_a_service: hashing index 0 for service name printers doing parameter admin users = +ACME\support-admin-printers printcentral-role doing parameter comment = All Printers doing parameter browseable = yes doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter public = yes doing parameter valid users = +ACME\support-admin-printers printcentral-role [2021/11/25 17:13:32.380286, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:2862(lp_do_section) Processing section "[print$]" [2021/11/25 17:13:32.380312, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1484(add_a_service) add_a_service: Creating snum = 1 for print$ [2021/11/25 17:13:32.380326, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1534(hash_a_service) hash_a_service: hashing index 1 for service name print$ doing parameter admin users = +ACME\support-admin-printers printcentral-role doing parameter write list = +ACME\support-admin-printers printcentral-role doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/printers doing parameter browseable = yes doing parameter guest ok = no doing parameter create mask = 2777 doing parameter directory mask = 2777 doing parameter force create mode = 2775 doing parameter force directory mode = 2775 doing parameter valid users = +ACME\support-admin-printers printcentral-role [2021/11/25 17:13:32.380445, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:2862(lp_do_section) Processing section "[admin$]" [2021/11/25 17:13:32.380469, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1484(add_a_service) add_a_service: Creating snum = 2 for admin$ [2021/11/25 17:13:32.380484, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1534(hash_a_service) hash_a_service: hashing index 2 for service name admin$ doing parameter comment = Admin Share doing parameter path = /vol/admin doing parameter browseable = no doing parameter guest ok = yes doing parameter writeable = yes [2021/11/25 17:13:32.380545, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:3985(lp_load_ex) pm_process() returned Yes [2021/11/25 17:13:32.380565, 7, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:4320(lp_servicenumber) lp_servicenumber: couldn't find homes [2021/11/25 17:13:32.380586, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1484(add_a_service) add_a_service: Creating snum = 3 for IPC$ [2021/11/25 17:13:32.380600, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1534(hash_a_service) hash_a_service: hashing index 3 for service name IPC$ [2021/11/25 17:13:32.380616, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:1646(lp_add_ipc) adding IPC service [2021/11/25 17:13:32.380637, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 [2021/11/25 17:13:32.380869, 6, pid=62409, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:2361(lp_file_list_changed) lp_file_list_changed() file /etc/samba/print.conf -> /etc/samba/print.conf last mod_time: Fri Mar 8 20:09:10 2019 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Nov 25 17:13:21 2021 [2021/11/25 17:13:32.380921, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 [2021/11/25 17:13:32.381493, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/interface.c:343(add_interface) added interface ens13 ip=2620:0:10c9:112a:a800:1ff:fe01:71a8 bcast= netmask=ffff:ffff:ffff:ffff:: [2021/11/25 17:13:32.381527, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/interface.c:343(add_interface) added interface ens13 ip=100.109.121.74 bcast=100.109.121.255 netmask=255.255.255.0 [2021/11/25 17:13:32.381568, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/server.c:1858(main) loaded services [2021/11/25 17:13:32.381590, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_names.c:149(init_names) Netbios name list:- my_netbios_names[0]="PRINT-MR2-FRA" [2021/11/25 17:13:32.382983, 1, pid=62409, effective(0, 0), real(0, 0)] ../../source3/profile/profile_dummy.c:30(set_profile_level) INFO: Profiling support unavailable in this build. [2021/11/25 17:13:32.383029, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/server.c:1877(main) Standard input is not a socket, assuming -D option [2021/11/25 17:13:32.383045, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/server.c:1890(main) Becoming a daemon. [2021/11/25 17:13:32.383278, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor) msg_dgm_ref_destructor: refs=(nil) [2021/11/25 17:13:32.383402, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref) messaging_dgm_ref: messaging_dgm_init returned Success [2021/11/25 17:13:32.383508, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref) messaging_dgm_ref: unique = 490639176217880972 [2021/11/25 17:13:32.383530, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2021/11/25 17:13:32.383621, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:79(smb_register_passdb) Attempting to register passdb backend smbpasswd [2021/11/25 17:13:32.383661, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:92(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2021/11/25 17:13:32.383688, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:79(smb_register_passdb) Attempting to register passdb backend tdbsam [2021/11/25 17:13:32.383859, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:92(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2021/11/25 17:13:32.383882, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:79(smb_register_passdb) Attempting to register passdb backend samba_dsdb [2021/11/25 17:13:32.383902, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:92(smb_register_passdb) Successfully added passdb backend 'samba_dsdb' [2021/11/25 17:13:32.383916, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:79(smb_register_passdb) Attempting to register passdb backend samba4 [2021/11/25 17:13:32.383930, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:92(smb_register_passdb) Successfully added passdb backend 'samba4' [2021/11/25 17:13:32.383951, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:79(smb_register_passdb) Attempting to register passdb backend ldapsam [2021/11/25 17:13:32.383967, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:92(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2021/11/25 17:13:32.383983, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:79(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2021/11/25 17:13:32.383998, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:92(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2021/11/25 17:13:32.384012, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:155(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2021/11/25 17:13:32.384026, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:176(make_pdb_method_name) Found pdb backend tdbsam [2021/11/25 17:13:32.384050, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:187(make_pdb_method_name) pdb backend tdbsam has a valid init [2021/11/25 17:13:32.386404, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_lock) dbwrap_lock_order_lock: check lock order 1 for /run/samba/smbXsrv_version_global.tdb [2021/11/25 17:13:32.386449, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/dbwrap/dbwrap.c:131(debug_lock_order) lock order: 1:/run/samba/smbXsrv_version_global.tdb 2: 3: 4: [2021/11/25 17:13:32.386470, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/dbwrap/dbwrap_tdb.c:60(db_tdb_log_key) db_tdb_log_key: Locking key 736D62587372765F7665 [2021/11/25 17:13:32.386492, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/dbwrap/dbwrap_tdb.c:153(db_tdb_fetch_locked_internal) db_tdb_fetch_locked_internal: Allocated locked data 0x564054be5ba0 [2021/11/25 17:13:32.386616, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/dbwrap/dbwrap_tdb.c:60(db_tdb_log_key) db_tdb_log_key: Unlocking key 736D62587372765F7665 [2021/11/25 17:13:32.386641, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/dbwrap/dbwrap.c:178(dbwrap_lock_order_unlock) dbwrap_lock_order_unlock: release lock order 1 for /run/samba/smbXsrv_version_global.tdb [2021/11/25 17:13:32.386656, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/smbXsrv_version.c:250(smbXsrv_version_global_init) smbXsrv_version_global_init [2021/11/25 17:13:32.386670, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/smbXsrv_version.c:251(smbXsrv_version_global_init) [2021/11/25 17:13:32.386695, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:429(ndr_print_debug) &global_blob: struct smbXsrv_version_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_version_globalU(case 0) info0 : * info0: struct smbXsrv_version_global0 db_rec : NULL num_nodes : 0x00000001 (1) nodes: ARRAY(1) nodes: struct smbXsrv_version_node0 server_id: struct server_id pid : 0x000000000000f3c9 (62409) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x06cf19bb335b698c (490639176217880972) min_version : SMBXSRV_VERSION_0 (0) max_version : SMBXSRV_VERSION_0 (0) current_version : SMBXSRV_VERSION_0 (0) [2021/11/25 17:13:32.390863, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_procid.c:53(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory [2021/11/25 17:13:32.391228, 10, pid=62411, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor) msg_dgm_ref_destructor: refs=(nil) [2021/11/25 17:13:32.391460, 10, pid=62411, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref) messaging_dgm_ref: messaging_dgm_init returned Success [2021/11/25 17:13:32.391494, 10, pid=62411, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref) messaging_dgm_ref: unique = 3864671895097385330 [2021/11/25 17:13:32.391519, 2, pid=62411, effective(0, 0), real(0, 0)] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2021/11/25 17:13:32.391555, 5, pid=62411, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:155(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2021/11/25 17:13:32.391579, 5, pid=62411, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:176(make_pdb_method_name) Found pdb backend tdbsam [2021/11/25 17:13:32.391610, 5, pid=62411, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:187(make_pdb_method_name) pdb backend tdbsam has a valid init [2021/11/25 17:13:32.391641, 5, pid=62411, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 [2021/11/25 17:13:32.392142, 5, pid=62411, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 794 - private_data=0x564054bcf120 [2021/11/25 17:13:32.392171, 5, pid=62411, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 795 - private_data=0x564054bcf120 [2021/11/25 17:13:32.392186, 5, pid=62411, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 796 - private_data=0x564054bcf120 [2021/11/25 17:13:32.392182, 10, pid=62412, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor) msg_dgm_ref_destructor: refs=(nil) [2021/11/25 17:13:32.392311, 10, pid=62411, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm.c:1444(messaging_dgm_send) messaging_dgm_send: Sending message to 62409 [2021/11/25 17:13:32.392392, 10, pid=62412, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref) messaging_dgm_ref: messaging_dgm_init returned Success [2021/11/25 17:13:32.392434, 10, pid=62412, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref) messaging_dgm_ref: unique = 6084616262357164730 [2021/11/25 17:13:32.392460, 2, pid=62412, effective(0, 0), real(0, 0)] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2021/11/25 17:13:32.392492, 5, pid=62412, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:155(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2021/11/25 17:13:32.392515, 5, pid=62412, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:176(make_pdb_method_name) Found pdb backend tdbsam [2021/11/25 17:13:32.392548, 5, pid=62412, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:187(make_pdb_method_name) pdb backend tdbsam has a valid init [2021/11/25 17:13:32.392567, 5, pid=62412, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 13 - private_data=0x564054bd2900 [2021/11/25 17:13:32.392584, 5, pid=62412, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 788 - private_data=0x564054bd2900 [2021/11/25 17:13:32.392619, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/server.c:620(cleanupd_init) cleanupd_init: Started cleanupd pid=62412 [2021/11/25 17:13:32.392718, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 789 - private_data=0x564054bcb890 [2021/11/25 17:13:32.392838, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:769(regdb_init) regdb_init: registry db openend. refcount reset (1) [2021/11/25 17:13:32.392980, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:68(reghook_cache_init) reghook_cache_init: new tree with default ops 0x7fbe394013c0 for key [] [2021/11/25 17:13:32.394211, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2021/11/25 17:13:32.394290, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2021/11/25 17:13:32.394313, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2021/11/25 17:13:32.394386, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2021/11/25 17:13:32.394405, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:32.394454, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2021/11/25 17:13:32.394479, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2021/11/25 17:13:32.394495, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:32.394521, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2021/11/25 17:13:32.394536, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2021/11/25 17:13:32.394560, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b7020 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2021/11/25 17:13:32.394575, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.394661, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2021/11/25 17:13:32.394677, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.394692, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2021/11/25 17:13:32.394706, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.394721, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2021/11/25 17:13:32.394735, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.394748, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2021/11/25 17:13:32.394762, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.394778, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2021/11/25 17:13:32.394791, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.394804, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation] [2021/11/25 17:13:32.394818, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.394852, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation] to tree [2021/11/25 17:13:32.394879, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.394893, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b7080 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2021/11/25 17:13:32.394907, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.394922, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2021/11/25 17:13:32.394935, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.394949, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe39401020 for key [\HKLM\SOFTWARE\Samba\smbconf] [2021/11/25 17:13:32.394962, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.394976, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2021/11/25 17:13:32.394990, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395003, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b70e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2021/11/25 17:13:32.395017, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.395031, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2021/11/25 17:13:32.395045, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395058, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b7140 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2021/11/25 17:13:32.395071, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.395087, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2021/11/25 17:13:32.395100, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395113, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b71a0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2021/11/25 17:13:32.395127, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.395142, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2021/11/25 17:13:32.395155, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395173, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b7200 for key [\HKPT] [2021/11/25 17:13:32.395191, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.395205, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2021/11/25 17:13:32.395219, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395232, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b7260 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2021/11/25 17:13:32.395246, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.395263, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2021/11/25 17:13:32.395276, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395290, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:93(reghook_cache_add) reghook_cache_add: Adding ops 0x7fbe398b72c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2021/11/25 17:13:32.395303, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2021/11/25 17:13:32.395318, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:281(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2021/11/25 17:13:32.395332, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2021/11/25 17:13:32.395346, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (1->0) [2021/11/25 17:13:32.395635, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_util.c:1107(auth3_session_info_create) Could not convert SID S-1-5-18 to gid, ignoring it [2021/11/25 17:13:32.395673, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../libcli/security/security_token.c:56(security_token_debug) Security token SIDs (1): SID[ 0]: S-1-5-18 Privileges (0xFFFFFFFFFFFFFFFF): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2021/11/25 17:13:32.395776, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2021/11/25 17:13:32.395806, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2021/11/25 17:13:32.395828, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2021/11/25 17:13:32.396237, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:158(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2021/11/25 17:13:32.396289, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user PRINT-MR2-FRA\nobody [2021/11/25 17:13:32.396308, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is print-mr2-fra\nobody [2021/11/25 17:13:32.396681, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:127(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is PRINT-MR2-FRA\nobody [2021/11/25 17:13:32.396834, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:140(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is PRINT-MR2-FRA\NOBODY [2021/11/25 17:13:32.396945, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:152(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in print-mr2-fra\nobody [2021/11/25 17:13:32.396966, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:158(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [PRINT-MR2-FRA\nobody]! [2021/11/25 17:13:32.396981, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2021/11/25 17:13:32.396994, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2021/11/25 17:13:32.397009, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:158(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2021/11/25 17:13:32.397385, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:321(create_local_nt_token_from_info3) Create local NT token for nobody [2021/11/25 17:13:32.397413, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2021/11/25 17:13:32.397441, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2021/11/25 17:13:32.397456, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:158(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2021/11/25 17:13:32.397497, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/system_smbd.c:176(sys_getgrouplist) sys_getgrouplist: user [nobody] [2021/11/25 17:13:32.949434, 5, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:89(gencache_init) Opening cache file at /run/samba/gencache.tdb [2021/11/25 17:13:32.952956, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:1186(xid_to_sid) xid_to_sid: GID 65534 -> S-0-0 from cache [2021/11/25 17:13:32.952991, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:1226(xid_to_sid) xid_to_sid: GID 65534 -> S-1-22-2-65534 fallback [2021/11/25 17:13:32.953035, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.953071, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:32.953099, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.953115, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:32.953140, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:32.953204, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:32.953318, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.953338, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:32.953352, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.953365, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:32.953379, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:32.953464, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:32.953545, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3090878058-984011176-2032571936-501] [2021/11/25 17:13:32.953569, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3090878058-984011176-2032571936-514] [2021/11/25 17:13:32.953587, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-65534] [2021/11/25 17:13:32.953605, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/privileges.c:178(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2021/11/25 17:13:32.953626, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2021/11/25 17:13:32.953643, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/privileges.c:98(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2021/11/25 17:13:32.953677, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-3090878058-984011176-2032571936-501]: value=[65534:U] [2021/11/25 17:13:32.953695, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-3090878058-984011176-2032571936-501]: id=[65534], endptr=[:U] [2021/11/25 17:13:32.953728, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-1-0]: value=[3003:G] [2021/11/25 17:13:32.953744, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-1-0]: id=[3003], endptr=[:G] [2021/11/25 17:13:32.953760, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-2]: value=[3004:G] [2021/11/25 17:13:32.953774, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-2]: id=[3004], endptr=[:G] [2021/11/25 17:13:32.953794, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-32-546]: value=[3002:G] [2021/11/25 17:13:32.953815, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-32-546]: id=[3002], endptr=[:G] [2021/11/25 17:13:32.955800, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.955831, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:32.955845, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.955860, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:32.955873, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:32.955908, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:1759(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 514. [2021/11/25 17:13:32.955928, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2021/11/25 17:13:32.955942, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2021/11/25 17:13:32.955956, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2021/11/25 17:13:32.955969, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:32.955982, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:32.956060, 4, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_tdb.c:558(tdbsam_open) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2021/11/25 17:13:32.956096, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. [2021/11/25 17:13:32.956130, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.956148, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:1836(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2021/11/25 17:13:32.956162, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:1543(pdb_default_sid_to_id) SID S-1-5-21-3090878058-984011176-2032571936-514 belongs to our domain, but there is no corresponding object in the database. [2021/11/25 17:13:32.956185, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:32.956200, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:1125(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-21-3090878058-984011176-2032571936-514 [2021/11/25 17:13:32.956217, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.956231, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:32.956245, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.956265, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:32.956278, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:32.956304, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:1759(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 514. [2021/11/25 17:13:32.956321, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2021/11/25 17:13:32.956335, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2021/11/25 17:13:32.956351, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2021/11/25 17:13:32.956364, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:32.956377, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:32.956406, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. [2021/11/25 17:13:32.956435, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:32.956451, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:1836(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2021/11/25 17:13:32.956464, 5, pid=62409, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:1543(pdb_default_sid_to_id) SID S-1-5-21-3090878058-984011176-2032571936-514 belongs to our domain, but there is no corresponding object in the database. [2021/11/25 17:13:32.956486, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:32.956502, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:1125(legacy_sid_to_unixid) LEGACY: mapping failed for sid S-1-5-21-3090878058-984011176-2032571936-514 [2021/11/25 17:13:32.956516, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_util.c:628(create_local_token) Could not convert SID S-1-5-21-3090878058-984011176-2032571936-514 to gid, ignoring it [2021/11/25 17:13:32.956535, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../libcli/security/security_token.c:56(security_token_debug) Security token SIDs (10): SID[ 0]: S-1-5-21-3090878058-984011176-2032571936-501 SID[ 1]: S-1-5-21-3090878058-984011176-2032571936-514 SID[ 2]: S-1-22-2-65534 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-3003 SID[ 8]: S-1-22-2-3004 SID[ 9]: S-1-22-2-3002 Privileges (0x 0): Rights (0x 0): [2021/11/25 17:13:32.956591, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 4 supplementary groups Group[ 0]: 65534 Group[ 1]: 3003 Group[ 2]: 3004 Group[ 3]: 3002 [2021/11/25 17:13:32.956631, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user nobody [2021/11/25 17:13:32.956647, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:120(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2021/11/25 17:13:32.956669, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/username.c:158(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2021/11/25 17:13:32.956715, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-7]: value=[3005:G] [2021/11/25 17:13:32.956734, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-7]: id=[3005], endptr=[:G] [2021/11/25 17:13:32.956751, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-1-0]: value=[3003:G] [2021/11/25 17:13:32.956764, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-1-0]: id=[3003], endptr=[:G] [2021/11/25 17:13:32.956779, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:57(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-2]: value=[3004:G] [2021/11/25 17:13:32.956793, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-2]: id=[3004], endptr=[:G] [2021/11/25 17:13:32.956863, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/system_smbd.c:176(sys_getgrouplist) sys_getgrouplist: user [nobody] [2021/11/25 17:13:33.514359, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../libcli/security/security_token.c:56(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-7 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-22-1-65534 SID[ 4]: S-1-22-2-65534 SID[ 5]: S-1-22-2-3005 SID[ 6]: S-1-22-2-3003 SID[ 7]: S-1-22-2-3004 Privileges (0x 0): Rights (0x 0): [2021/11/25 17:13:33.514456, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 4 supplementary groups Group[ 0]: 65534 Group[ 1]: 3005 Group[ 2]: 3003 Group[ 3]: 3004 [2021/11/25 17:13:33.514721, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:734(dcesrv_init) dcesrv_init: Registering DCE/RPC endpoint servers [2021/11/25 17:13:33.514786, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'winreg' registered [2021/11/25 17:13:33.514824, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'srvsvc' registered [2021/11/25 17:13:33.514867, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'lsarpc' registered [2021/11/25 17:13:33.514887, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'samr' registered [2021/11/25 17:13:33.514930, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'netdfs' registered [2021/11/25 17:13:33.514962, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'dssetup' registered [2021/11/25 17:13:33.515002, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'wkssvc' registered [2021/11/25 17:13:33.515038, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'svcctl' registered [2021/11/25 17:13:33.515072, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'ntsvcs' registered [2021/11/25 17:13:33.515101, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'eventlog' registered [2021/11/25 17:13:33.515123, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'initshutdown' registered [2021/11/25 17:13:33.515137, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:808(dcesrv_init) dcesrv_init: Initializing DCE/RPC modules [2021/11/25 17:13:33.515156, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:80(rpc_mdssvc_module_init) rpc_mdssvc_module_init: Registering mdsvc RPC service [2021/11/25 17:13:33.515185, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_modules.c:64(register_rpc_module) register_rpc_module: Successfully added RPC module 'mdssvc' [2021/11/25 17:13:33.515242, 3, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:2535(dcerpc_register_ep_server) DCERPC endpoint server 'mdssvc' registered [2021/11/25 17:13:33.515259, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:842(dcesrv_init) dcesrv_init: Initializing DCE/RPC registered endpoint servers [2021/11/25 17:13:33.515324, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'winreg' registered on endpoint 'ncacn_np:[\pipe\winreg]' (single process required) [2021/11/25 17:13:33.515355, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ./librpc/gen_ndr/ndr_winreg_scompat.c:1145(winreg__check_register_in_endpoint) winreg__check_register_in_endpoint: Interface 'winreg' not registered in endpoint 'winreg' as service is embedded [2021/11/25 17:13:33.515382, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'winreg' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515416, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'srvsvc' registered on endpoint 'ncacn_np:[\pipe\srvsvc]' (single process required) [2021/11/25 17:13:33.515435, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ./librpc/gen_ndr/ndr_srvsvc_scompat.c:1520(srvsvc__check_register_in_endpoint) srvsvc__check_register_in_endpoint: Interface 'srvsvc' not registered in endpoint 'srvsvc' as service is embedded [2021/11/25 17:13:33.515462, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'srvsvc' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515486, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'lsarpc' registered on endpoint 'ncacn_np:[\pipe\netlogon]' (single process required) [2021/11/25 17:13:33.515508, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'lsarpc' registered on endpoint 'ncacn_np:[\pipe\lsarpc]' (single process required) [2021/11/25 17:13:33.515528, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'lsarpc' registered on endpoint 'ncacn_np:[\pipe\lsass]' (single process required) [2021/11/25 17:13:33.515551, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ./librpc/gen_ndr/ndr_lsa_scompat.c:2256(lsarpc__check_register_in_endpoint) lsarpc__check_register_in_endpoint: Interface 'lsarpc' not registered in endpoint 'lsarpc' as service is embedded [2021/11/25 17:13:33.515571, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'lsarpc' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515608, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'samr' registered on endpoint 'ncacn_np:[\pipe\samr]' (single process required) [2021/11/25 17:13:33.515626, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ./librpc/gen_ndr/ndr_samr_scompat.c:2105(samr__check_register_in_endpoint) samr__check_register_in_endpoint: Interface 'samr' not registered in endpoint 'samr' as service is embedded [2021/11/25 17:13:33.515651, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'samr' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515682, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'netdfs' registered on endpoint 'ncacn_np:[\pipe\netdfs]' (single process required) [2021/11/25 17:13:33.515699, 5, pid=62409, effective(0, 0), real(0, 0), class=msdfs] ./librpc/gen_ndr/ndr_dfs_scompat.c:702(netdfs__check_register_in_endpoint) netdfs__check_register_in_endpoint: Interface 'netdfs' not registered in endpoint 'netdfs' as service is embedded [2021/11/25 17:13:33.515719, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'netdfs' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515745, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'dssetup' registered on endpoint 'ncacn_np:[\pipe\lsarpc]' (single process required) [2021/11/25 17:13:33.515766, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'dssetup' registered on endpoint 'ncacn_np:[\pipe\lsass]' (single process required) [2021/11/25 17:13:33.515783, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ./librpc/gen_ndr/ndr_dssetup_scompat.c:428(dssetup__check_register_in_endpoint) dssetup__check_register_in_endpoint: Interface 'dssetup' not registered in endpoint 'dssetup' as service is embedded [2021/11/25 17:13:33.515806, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'dssetup' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515837, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'wkssvc' registered on endpoint 'ncacn_np:[\pipe\wkssvc]' (single process required) [2021/11/25 17:13:33.515858, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ./librpc/gen_ndr/ndr_wkssvc_scompat.c:945(wkssvc__check_register_in_endpoint) wkssvc__check_register_in_endpoint: Interface 'wkssvc' not registered in endpoint 'wkssvc' as service is embedded [2021/11/25 17:13:33.515884, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'wkssvc' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.515916, 3, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2021/11/25 17:13:33.515946, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:33.515968, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:33.515984, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:33.515998, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:33.516012, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:33.516104, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:33.516126, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:886(regdb_open) regdb_open: registry db opened. refcount reset (1) [2021/11/25 17:13:33.516199, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_ncacn_conn) make_internal_ncacn_conn: Create pipe requested winreg [2021/11/25 17:13:33.516291, 4, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_ncacn_np.c:306(make_internal_ncacn_conn) Created internal pipe winreg [2021/11/25 17:13:33.516373, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2021/11/25 17:13:33.518264, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2021/11/25 17:13:33.518285, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (1->2) [2021/11/25 17:13:33.518304, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2021/11/25 17:13:33.518326, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2021/11/25 17:13:33.518344, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.518357, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM] [2021/11/25 17:13:33.518510, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2021/11/25 17:13:33.518732, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.518752, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (2->3) [2021/11/25 17:13:33.518768, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.518783, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.518798, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.518811, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.518924, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.518945, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.518960, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.518974, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.518989, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.519002, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.519038, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.519054, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.519068, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519082, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519104, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.519118, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519201, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.519219, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.519284, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2021/11/25 17:13:33.519352, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.519369, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519487, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:2131(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519633, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.519743, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519789, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.519891, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.519927, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.520020, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.520053, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.520145, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.520184, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.520280, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.520311, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.520403, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.520436, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2021/11/25 17:13:33.520533, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:446(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.520594, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2021/11/25 17:13:33.520737, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2021/11/25 17:13:33.520758, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.520773, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.520790, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.520805, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.520820, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.520834, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.520849, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.520862, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.520898, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.520914, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.520928, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.520943, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.520957, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.520971, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.520984, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.521009, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.521025, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.521038, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.521052, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.521066, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.521080, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.521095, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.521108, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.521138, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.521154, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2021/11/25 17:13:33.521168, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.521182, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.521195, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.521211, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.521230, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.521289, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.521342, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.521479, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2021/11/25 17:13:33.521500, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.521514, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.521529, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.521566, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2021/11/25 17:13:33.521584, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2021/11/25 17:13:33.521599, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2021/11/25 17:13:33.521613, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2021/11/25 17:13:33.521628, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[28] [2021/11/25 17:13:33.521642, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[106] [2021/11/25 17:13:33.521656, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2021/11/25 17:13:33.521702, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.521809, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2021/11/25 17:13:33.521826, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.521864, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.521952, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2021/11/25 17:13:33.521967, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.522005, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2021/11/25 17:13:33.522174, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2021/11/25 17:13:33.522190, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.522227, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2021/11/25 17:13:33.522430, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2021/11/25 17:13:33.522448, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.522487, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2021/11/25 17:13:33.522938, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2021/11/25 17:13:33.522956, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.522998, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2021/11/25 17:13:33.523490, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2021/11/25 17:13:33.523507, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.523546, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 0d48d31d-5392-4fad-b934-62ac448a4a63 [2021/11/25 17:13:33.523587, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.523621, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2021/11/25 17:13:33.523770, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2021/11/25 17:13:33.523786, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.523800, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.523815, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.523829, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.523844, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.523858, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.523873, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.523886, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.523915, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.523930, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.523944, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.523959, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.523972, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.523987, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.524000, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.524030, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.524046, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.524060, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.524074, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.524088, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.524146, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.524165, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.524178, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.524213, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.524229, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.524244, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2021/11/25 17:13:33.524257, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.524272, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.524286, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.524301, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.524314, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2021/11/25 17:13:33.524339, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.524354, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2021/11/25 17:13:33.524367, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.524382, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2021/11/25 17:13:33.524401, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2021/11/25 17:13:33.524417, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.524430, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2021/11/25 17:13:33.524500, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.524560, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : afc3920f-983d-4e1c-b1f2-715ee96f9bfb name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2021/11/25 17:13:33.525110, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2021/11/25 17:13:33.525127, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.525142, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.525156, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2021/11/25 17:13:33.525204, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2021/11/25 17:13:33.525246, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : afc3920f-983d-4e1c-b1f2-715ee96f9bfb [2021/11/25 17:13:33.525287, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.525323, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2021/11/25 17:13:33.525468, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2021/11/25 17:13:33.525485, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.525499, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.525513, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.525528, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.525543, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.525557, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.525574, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.525587, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.525615, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.525631, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.525645, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.525659, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.525672, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.525687, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.525700, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.525725, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.525741, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.525755, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.525768, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.525782, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.525800, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.525816, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.525829, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.525860, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.525876, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2021/11/25 17:13:33.525889, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.525904, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.525917, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.525932, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.525945, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.526001, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.526049, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.526139, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2021/11/25 17:13:33.526155, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.526169, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.526190, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.526269, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2021/11/25 17:13:33.526289, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2021/11/25 17:13:33.526304, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2021/11/25 17:13:33.526318, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2021/11/25 17:13:33.526332, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[20] [2021/11/25 17:13:33.526347, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[164] [2021/11/25 17:13:33.526361, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2021/11/25 17:13:33.526400, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.526492, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2021/11/25 17:13:33.526507, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.526540, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.526650, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2021/11/25 17:13:33.526667, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.526708, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2021/11/25 17:13:33.526902, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2021/11/25 17:13:33.526920, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.526963, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2021/11/25 17:13:33.527121, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2021/11/25 17:13:33.527137, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.527173, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2021/11/25 17:13:33.527602, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2021/11/25 17:13:33.527618, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.527656, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2021/11/25 17:13:33.528373, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2021/11/25 17:13:33.528388, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.528425, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : bdbb092b-83c4-4269-865c-795efc63b130 [2021/11/25 17:13:33.528466, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.528501, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2021/11/25 17:13:33.528646, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2021/11/25 17:13:33.528662, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.528677, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.528691, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.528705, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.528720, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.528735, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.528749, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.528763, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.528791, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.528806, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.528820, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.528839, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.528853, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.528868, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.528881, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.528906, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.528922, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.528935, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.528949, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.528965, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.528979, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.528994, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.529007, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.529037, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.529053, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.529067, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2021/11/25 17:13:33.529080, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.529094, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.529108, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.529123, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.529136, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2021/11/25 17:13:33.529160, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.529199, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2021/11/25 17:13:33.529214, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.529229, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2021/11/25 17:13:33.529243, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2021/11/25 17:13:33.529260, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.529273, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2021/11/25 17:13:33.529336, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.529391, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 67ccb3fe-952c-458c-b8ff-17158fefb74d name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2021/11/25 17:13:33.529940, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2021/11/25 17:13:33.529957, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.529972, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.529986, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2021/11/25 17:13:33.530060, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2021/11/25 17:13:33.530102, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 67ccb3fe-952c-458c-b8ff-17158fefb74d [2021/11/25 17:13:33.530143, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.530180, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2021/11/25 17:13:33.530327, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2021/11/25 17:13:33.530344, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.530358, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.530372, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.530387, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.530402, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.530416, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.530430, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.530443, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.530471, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.530486, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.530500, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.530515, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.530528, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.530543, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.530556, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.530582, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.530620, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.530635, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.530649, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.530663, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.530677, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.530692, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.530705, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.530738, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.530754, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2021/11/25 17:13:33.530767, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.530782, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.530795, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.530810, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.530823, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.530899, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.530948, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.531048, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2021/11/25 17:13:33.531065, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.531079, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.531093, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.531139, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2021/11/25 17:13:33.531158, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2021/11/25 17:13:33.531173, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2021/11/25 17:13:33.531187, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2021/11/25 17:13:33.531202, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[48] [2021/11/25 17:13:33.531216, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[126] [2021/11/25 17:13:33.531230, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2021/11/25 17:13:33.531269, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.531358, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2021/11/25 17:13:33.531373, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.531415, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.531503, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2021/11/25 17:13:33.531519, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.531555, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2021/11/25 17:13:33.531721, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2021/11/25 17:13:33.531741, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.531780, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2021/11/25 17:13:33.532041, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2021/11/25 17:13:33.532057, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.532093, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2021/11/25 17:13:33.532575, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2021/11/25 17:13:33.532598, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.532644, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2021/11/25 17:13:33.533213, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2021/11/25 17:13:33.533229, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.533266, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : f5cdd81b-bb02-4785-b0d3-c7db2fbc4222 [2021/11/25 17:13:33.533306, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.533350, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2021/11/25 17:13:33.533490, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2021/11/25 17:13:33.533506, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.533520, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.533534, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.533551, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.533566, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.533580, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.533595, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.533608, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.533638, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.533653, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.533673, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.533688, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.533702, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.533716, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.533730, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.533755, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.533771, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.533784, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.533798, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.533812, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.533826, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.533841, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.533854, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.533885, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.533901, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.533915, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2021/11/25 17:13:33.533928, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.533943, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.533956, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.533971, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.533984, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2021/11/25 17:13:33.534013, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.534028, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2021/11/25 17:13:33.534042, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.534056, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2021/11/25 17:13:33.534070, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2021/11/25 17:13:33.534085, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.534098, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2021/11/25 17:13:33.534173, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.534227, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 54a2b73c-888e-4c45-bd76-dbdcfd9caaa2 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2021/11/25 17:13:33.534838, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2021/11/25 17:13:33.534859, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.534873, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.534924, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2021/11/25 17:13:33.534974, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2021/11/25 17:13:33.535019, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 54a2b73c-888e-4c45-bd76-dbdcfd9caaa2 [2021/11/25 17:13:33.535061, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.535099, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2021/11/25 17:13:33.535259, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2021/11/25 17:13:33.535277, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.535292, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.535306, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.535320, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.535335, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.535350, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.535364, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.535378, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.535407, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.535422, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.535436, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.535451, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.535464, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.535479, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.535504, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.535532, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.535547, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.535561, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.535575, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.535592, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.535605, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.535620, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.535634, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.535666, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.535681, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2021/11/25 17:13:33.535694, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.535709, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.535723, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.535737, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.535751, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.535801, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.535847, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.535945, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2021/11/25 17:13:33.535961, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.535976, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.535990, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.536056, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2021/11/25 17:13:33.536076, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2021/11/25 17:13:33.536090, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2021/11/25 17:13:33.536105, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2021/11/25 17:13:33.536119, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[74] [2021/11/25 17:13:33.536133, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[5]: name[Description] len[178] [2021/11/25 17:13:33.536148, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[6]: name[ImagePath] len[88] [2021/11/25 17:13:33.536188, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.536278, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2021/11/25 17:13:33.536308, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.536348, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2021/11/25 17:13:33.536439, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2021/11/25 17:13:33.536454, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.536491, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2021/11/25 17:13:33.536669, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2021/11/25 17:13:33.536686, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.536725, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2021/11/25 17:13:33.537144, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2021/11/25 17:13:33.537164, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.537209, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(88) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x78 (120) [19] : 0x00 (0) [20] : 0x38 (56) [21] : 0x00 (0) [22] : 0x36 (54) [23] : 0x00 (0) [24] : 0x5f (95) [25] : 0x00 (0) [26] : 0x36 (54) [27] : 0x00 (0) [28] : 0x34 (52) [29] : 0x00 (0) [30] : 0x2d (45) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x75 (117) [39] : 0x00 (0) [40] : 0x78 (120) [41] : 0x00 (0) [42] : 0x2d (45) [43] : 0x00 (0) [44] : 0x67 (103) [45] : 0x00 (0) [46] : 0x6e (110) [47] : 0x00 (0) [48] : 0x75 (117) [49] : 0x00 (0) [50] : 0x2f (47) [51] : 0x00 (0) [52] : 0x73 (115) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x6d (109) [57] : 0x00 (0) [58] : 0x62 (98) [59] : 0x00 (0) [60] : 0x61 (97) [61] : 0x00 (0) [62] : 0x2f (47) [63] : 0x00 (0) [64] : 0x73 (115) [65] : 0x00 (0) [66] : 0x76 (118) [67] : 0x00 (0) [68] : 0x63 (99) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6c (108) [75] : 0x00 (0) [76] : 0x2f (47) [77] : 0x00 (0) [78] : 0x6e (110) [79] : 0x00 (0) [80] : 0x6d (109) [81] : 0x00 (0) [82] : 0x62 (98) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) size : 0x00000058 (88) [2021/11/25 17:13:33.537647, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2021/11/25 17:13:33.537664, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.537703, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2021/11/25 17:13:33.538482, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2021/11/25 17:13:33.538498, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.538549, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : de8cfafd-43cb-4429-9003-0118d0e8278e [2021/11/25 17:13:33.538609, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.538649, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : a295a277-fa1e-4b5c-a3c7-d0e0815b0804 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2021/11/25 17:13:33.538791, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:734(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2021/11/25 17:13:33.538807, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.538822, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.538866, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.538883, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.538915, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.538931, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.538960, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.538975, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.539007, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.539023, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.539037, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.539052, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.539065, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.539080, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.539093, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.539119, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.539134, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.539148, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.539161, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.539176, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.539189, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.539204, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.539217, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.539249, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.539264, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2021/11/25 17:13:33.539279, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2021/11/25 17:13:33.539292, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.539307, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.539333, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.539350, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.539363, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2021/11/25 17:13:33.539389, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.539404, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2021/11/25 17:13:33.539470, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.539488, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2021/11/25 17:13:33.539502, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2021/11/25 17:13:33.539536, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.539551, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2021/11/25 17:13:33.539620, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.539681, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : baae048b-d7d9-4064-9c6b-367941cb379c name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2021/11/25 17:13:33.540258, 8, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/winreg/srv_winreg_nt.c:766(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2021/11/25 17:13:33.540275, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2021/11/25 17:13:33.540290, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.540304, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2021/11/25 17:13:33.540357, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2021/11/25 17:13:33.540399, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : baae048b-d7d9-4064-9c6b-367941cb379c [2021/11/25 17:13:33.540439, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.540469, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : e315747b-ccda-453a-b52d-e5ad49a59f3e [2021/11/25 17:13:33.540515, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (3->2) [2021/11/25 17:13:33.540546, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (2->1) [2021/11/25 17:13:33.540640, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (1->0) [2021/11/25 17:13:33.540864, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'svcctl' registered on endpoint 'ncacn_np:[\pipe\svcctl]' (single process required) [2021/11/25 17:13:33.540903, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'svcctl' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.540931, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'ntsvcs' registered on endpoint 'ncacn_np:[\pipe\ntsvcs]' (single process required) [2021/11/25 17:13:33.540954, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'ntsvcs' registered on endpoint 'ncacn_np:[\pipe\plugplay]' (single process required) [2021/11/25 17:13:33.540971, 3, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2021/11/25 17:13:33.541005, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_ncacn_conn) make_internal_ncacn_conn: Create pipe requested winreg [2021/11/25 17:13:33.541068, 4, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_ncacn_np.c:306(make_internal_ncacn_conn) Created internal pipe winreg [2021/11/25 17:13:33.541109, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2021/11/25 17:13:33.541170, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2021/11/25 17:13:33.541203, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:33.541220, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:33.541235, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:33.541250, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:33.541272, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:33.541383, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:33.541405, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:886(regdb_open) regdb_open: registry db opened. refcount reset (1) [2021/11/25 17:13:33.541422, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2021/11/25 17:13:33.541436, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2021/11/25 17:13:33.541450, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.541466, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM] [2021/11/25 17:13:33.541549, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000001 (1) uuid : d95bd277-f02d-44d8-9ad3-48abde1dadf8 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2021/11/25 17:13:33.541667, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2021/11/25 17:13:33.541683, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (1->2) [2021/11/25 17:13:33.541699, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2021/11/25 17:13:33.541712, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2021/11/25 17:13:33.541727, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.541740, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM] [2021/11/25 17:13:33.541793, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2021/11/25 17:13:33.541826, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (2->3) [2021/11/25 17:13:33.541843, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.541856, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.541871, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.541884, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet] [2021/11/25 17:13:33.541920, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2021/11/25 17:13:33.541936, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.541950, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.541964, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.541979, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.541992, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2021/11/25 17:13:33.542038, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2021/11/25 17:13:33.542054, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.542069, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:33.542082, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:33.542097, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.542110, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:33.542146, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.542161, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.542176, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (3->2) [2021/11/25 17:13:33.542220, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 2cd2d25c-c438-4b4d-8a26-2caf96a8a9e3 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2021/11/25 17:13:33.542306, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7fbe394013c0) [2021/11/25 17:13:33.542323, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1944(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:33.542351, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2021/11/25 17:13:33.542371, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1888(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2021/11/25 17:13:33.542386, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:2131(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2021/11/25 17:13:33.542509, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 2cd2d25c-c438-4b4d-8a26-2caf96a8a9e3 [2021/11/25 17:13:33.542553, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (2->1) [2021/11/25 17:13:33.542578, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (1->0) [2021/11/25 17:13:33.542686, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'eventlog' registered on endpoint 'ncacn_np:[\pipe\eventlog]' (single process required) [2021/11/25 17:13:33.542728, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'initshutdown' registered on endpoint 'ncacn_np:[\pipe\InitShutdown]' (single process required) [2021/11/25 17:13:33.542758, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'mdssvc' registered on endpoint 'ncacn_np:[\pipe\mdssvc]' (single process required) [2021/11/25 17:13:33.542797, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../librpc/rpc/dcesrv_core.c:410(dcesrv_interface_register) dcesrv_interface_register: Interface 'mdssvc' registered on endpoint 'ncalrpc:' (single process required) [2021/11/25 17:13:33.542814, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:851(dcesrv_init) dcesrv_init: Initializing DCE/RPC connection endpoints [2021/11/25 17:13:33.542841, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\mdssvc]' [2021/11/25 17:13:33.542961, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 28 for mdssvc [2021/11/25 17:13:33.542990, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 28 for \pipe\mdssvc [2021/11/25 17:13:33.543027, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\mdssvc]' for 'mdssvc' 'mgmt' [2021/11/25 17:13:33.543058, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\InitShutdown]' [2021/11/25 17:13:33.543116, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 29 for initshutdown [2021/11/25 17:13:33.543134, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 29 for \pipe\InitShutdown [2021/11/25 17:13:33.543153, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\InitShutdown]' for 'initshutdown' 'mgmt' [2021/11/25 17:13:33.543174, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\eventlog]' [2021/11/25 17:13:33.543227, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 30 for eventlog [2021/11/25 17:13:33.543244, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 30 for \pipe\eventlog [2021/11/25 17:13:33.543263, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\eventlog]' for 'eventlog' 'mgmt' [2021/11/25 17:13:33.543283, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\plugplay]' [2021/11/25 17:13:33.543337, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 31 for plugplay [2021/11/25 17:13:33.543354, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 31 for \pipe\plugplay [2021/11/25 17:13:33.543372, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\plugplay]' for 'ntsvcs' 'mgmt' [2021/11/25 17:13:33.543392, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\ntsvcs]' [2021/11/25 17:13:33.543463, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 32 for ntsvcs [2021/11/25 17:13:33.543481, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 32 for \pipe\ntsvcs [2021/11/25 17:13:33.543501, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\ntsvcs]' for 'ntsvcs' 'mgmt' [2021/11/25 17:13:33.543521, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\svcctl]' [2021/11/25 17:13:33.543573, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 33 for svcctl [2021/11/25 17:13:33.543590, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 33 for \pipe\svcctl [2021/11/25 17:13:33.543609, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\svcctl]' for 'svcctl' 'mgmt' [2021/11/25 17:13:33.543629, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\wkssvc]' [2021/11/25 17:13:33.543683, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 34 for wkssvc [2021/11/25 17:13:33.543700, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 34 for \pipe\wkssvc [2021/11/25 17:13:33.543719, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\wkssvc]' for 'wkssvc' 'mgmt' [2021/11/25 17:13:33.543738, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\netdfs]' [2021/11/25 17:13:33.543791, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 35 for netdfs [2021/11/25 17:13:33.543808, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 35 for \pipe\netdfs [2021/11/25 17:13:33.543826, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\netdfs]' for 'netdfs' 'mgmt' [2021/11/25 17:13:33.543845, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\samr]' [2021/11/25 17:13:33.543899, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 36 for samr [2021/11/25 17:13:33.543931, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 36 for \pipe\samr [2021/11/25 17:13:33.543951, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\samr]' for 'samr' 'mgmt' [2021/11/25 17:13:33.543972, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\lsass]' [2021/11/25 17:13:33.544027, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 37 for lsass [2021/11/25 17:13:33.544047, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 37 for \pipe\lsass [2021/11/25 17:13:33.544066, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\lsass]' for 'dssetup' 'lsarpc' 'mgmt' [2021/11/25 17:13:33.544088, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\lsarpc]' [2021/11/25 17:13:33.544141, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 38 for lsarpc [2021/11/25 17:13:33.544158, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 38 for \pipe\lsarpc [2021/11/25 17:13:33.544177, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\lsarpc]' for 'dssetup' 'lsarpc' 'mgmt' [2021/11/25 17:13:33.544198, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\netlogon]' [2021/11/25 17:13:33.544252, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 39 for netlogon [2021/11/25 17:13:33.544269, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 39 for \pipe\netlogon [2021/11/25 17:13:33.544288, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\netlogon]' for 'lsarpc' 'mgmt' [2021/11/25 17:13:33.544308, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\srvsvc]' [2021/11/25 17:13:33.544361, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 40 for srvsvc [2021/11/25 17:13:33.544383, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 40 for \pipe\srvsvc [2021/11/25 17:13:33.544402, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\srvsvc]' for 'srvsvc' 'mgmt' [2021/11/25 17:13:33.544422, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncalrpc:' [2021/11/25 17:13:33.544509, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:561(dcesrv_create_ncalrpc_socket) dcesrv_create_ncalrpc_socket: Opened ncalrpc socket fd '41' for '/var/run/samba/ncalrpc/DEFAULT' [2021/11/25 17:13:33.544540, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncalrpc:[DEFAULT]' for 'mdssvc' 'svcctl' 'wkssvc' 'dssetup' 'netdfs' 'samr' 'lsarpc' 'srvsvc' 'winreg' 'mgmt' [2021/11/25 17:13:33.544560, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:185(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Setting up endpoint 'ncacn_np:[\pipe\winreg]' [2021/11/25 17:13:33.544615, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:149(dcesrv_create_ncacn_np_socket) dcesrv_create_ncacn_np_socket: Opened pipe socket fd 42 for winreg [2021/11/25 17:13:33.544632, 10, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_server.c:210(dcesrv_setup_ncacn_np_socket) dcesrv_setup_ncacn_np_socket: Opened pipe socket fd 42 for \pipe\winreg [2021/11/25 17:13:33.544651, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_service_setup.c:238(dcesrv_setup_endpoint_sockets) dcesrv_setup_endpoint_sockets: Successfully listening on 'ncacn_np:[\pipe\winreg]' for 'winreg' 'mgmt' [2021/11/25 17:13:33.544731, 0, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'smbd' finished starting up and ready to serve connections [2021/11/25 17:13:33.548089, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 515 - private_data=(nil) [2021/11/25 17:13:33.548160, 6, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:514(ads_find_dc) ads_find_dc: (ldap) looking for realm 'AD.CORP.ACME.COM' and falling back to domain '' [2021/11/25 17:13:33.548233, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:104(sitename_fetch) sitename_fetch: Returning sitename for realm 'AD.CORP.ACME.COM': "FRA" [2021/11/25 17:13:33.548257, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery_dc.c:78(ads_dc_name) ads_dc_name: domain= [2021/11/25 17:13:33.548275, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:104(sitename_fetch) sitename_fetch: Returning sitename for realm 'AD.CORP.ACME.COM': "FRA" [2021/11/25 17:13:33.548294, 6, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:437(resolve_and_ping_dns) resolve_and_ping_dns: (cldap) looking for realm 'AD.CORP.ACME.COM' [2021/11/25 17:13:33.548309, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:3315(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name AD.CORP.ACME.COM (sitename FRA) [2021/11/25 17:13:33.548335, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:215(saf_fetch) saf_fetch: Returning "fra-dc-3.ad.corp.acme.com" for "AD.CORP.ACME.COM" domain [2021/11/25 17:13:33.548361, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:3122(get_dc_list) get_dc_list: preferred server list: "fra-dc-3.ad.corp.acme.com, *" [2021/11/25 17:13:33.548378, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:2601(internal_resolve_name) internal_resolve_name: looking up AD.CORP.ACME.COM#1c (sitename FRA) [2021/11/25 17:13:33.548405, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namecache.c:166(namecache_fetch) name AD.CORP.ACME.COM#1C found. [2021/11/25 17:13:33.548435, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:1147(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2021/11/25 17:13:33.548451, 8, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:3143(get_dc_list) Adding 6 DC's from auto lookup [2021/11/25 17:13:33.548468, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:104(sitename_fetch) sitename_fetch: Returning sitename for realm 'AD.CORP.ACME.COM': "FRA" [2021/11/25 17:13:33.548483, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:2601(internal_resolve_name) internal_resolve_name: looking up fra-dc-3.ad.corp.acme.com#20 (sitename FRA) [2021/11/25 17:13:33.548505, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namecache.c:166(namecache_fetch) name fra-dc-3.ad.corp.acme.com#20 found. [2021/11/25 17:13:33.548522, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:1147(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2021/11/25 17:13:33.548540, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.242.135 [2021/11/25 17:13:33.548564, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c9:104b:250:56ff:fe80:9a7a [2021/11/25 17:13:33.548587, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 100.108.64.25 [2021/11/25 17:13:33.548604, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c9:1107:266e:96ff:fe7d:5288 [2021/11/25 17:13:33.548619, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.242.135 [2021/11/25 17:13:33.548641, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 2620:0:10c9:104b:250:56ff:fe80:1548 [2021/11/25 17:13:33.548657, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 100.108.64.24 [2021/11/25 17:13:33.548709, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:1147(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2021/11/25 17:13:33.548726, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:3265(get_dc_list) get_dc_list: returning 6 ip addresses in an ordered list [2021/11/25 17:13:33.548740, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:3269(get_dc_list) get_dc_list: 172.24.242.135:389 100.108.64.25:389 100.108.64.24:389 2620:0:10c9:104b:250:56ff:fe80:9a7a:389 2620:0:10c9:1107:266e:96ff:fe7d:5288:389 2620:0:10c9:104b:250:56ff:fe80:1548:389 [2021/11/25 17:13:33.548769, 9, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain AD.CORP.ACME.COM server 172.24.242.135 [2021/11/25 17:13:33.548788, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:272(ads_try_connect) ads_try_connect: sending CLDAP request to 172.24.242.135 (realm: AD.CORP.ACME.COM) [2021/11/25 17:13:33.549855, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:429(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0003f1fc (258556) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'fra-dc-3.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'FRA-DC-3' user_name : '' server_site : 'FRA' client_site : 'FRA' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2021/11/25 17:13:33.550114, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ACME], sitename = [FRA], expire = [2085923199] [2021/11/25 17:13:33.550142, 10, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:279(gencache_set_data_blob) gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/ACME] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034553816386 seconds ahead) [2021/11/25 17:13:33.550176, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ad.corp.acme.com], sitename = [FRA], expire = [2085923199] [2021/11/25 17:13:33.550192, 10, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:279(gencache_set_data_blob) gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/AD.CORP.ACME.COM] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034553816386 seconds ahead) [2021/11/25 17:13:33.550224, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:654(ads_connect) Successfully contacted LDAP server 172.24.242.135 [2021/11/25 17:13:33.550245, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:104(sitename_fetch) sitename_fetch: Returning sitename for realm 'AD.CORP.ACME.COM': "FRA" [2021/11/25 17:13:33.550271, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery_dc.c:151(ads_dc_name) ads_dc_name: using server='FRA-DC-3.AD.CORP.ACME.COM' IP=172.24.242.135 [2021/11/25 17:13:33.550287, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:272(ads_try_connect) ads_try_connect: sending CLDAP request to 172.24.242.135 (realm: AD.CORP.ACME.COM) [2021/11/25 17:13:33.551424, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:429(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0003f1fc (258556) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 869f0b94-fde8-4f4a-87e4-6d1bc63aea5d forest : 'ad.corp.acme.com' dns_domain : 'ad.corp.acme.com' pdc_dns_name : 'fra-dc-3.ad.corp.acme.com' domain_name : 'ACME' pdc_name : 'FRA-DC-3' user_name : '' server_site : 'FRA' client_site : 'FRA' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2021/11/25 17:13:33.551652, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ACME], sitename = [FRA], expire = [2085923199] [2021/11/25 17:13:33.551671, 10, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:279(gencache_set_data_blob) gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/ACME] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034553816386 seconds ahead) [2021/11/25 17:13:33.551696, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ad.corp.acme.com], sitename = [FRA], expire = [2085923199] [2021/11/25 17:13:33.551717, 10, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:279(gencache_set_data_blob) gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/AD.CORP.ACME.COM] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034553816386 seconds ahead) [2021/11/25 17:13:33.551741, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:654(ads_connect) Successfully contacted LDAP server 172.24.242.135 [2021/11/25 17:13:33.551758, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:73(ldap_open_with_timeout) Opening connection to LDAP server 'fra-dc-3.ad.corp.acme.com:389', timeout 15 seconds [2021/11/25 17:13:33.551811, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_sock.c:516(open_socket_out_send) Connecting to 172.24.242.135 at port 389 [2021/11/25 17:13:33.571051, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:127(ldap_open_with_timeout) Initialized connection for LDAP server 'ldap://fra-dc-3.ad.corp.acme.com:389' [2021/11/25 17:13:33.571094, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:697(ads_connect) Connected to LDAP server fra-dc-3.ad.corp.acme.com [2021/11/25 17:13:33.571111, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:231(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2021/11/25 17:13:33.571134, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:90(saf_store) saf_store: domain = [ACME], server = [fra-dc-3.ad.corp.acme.com], expire = [1637861313] [2021/11/25 17:13:33.571152, 10, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:279(gencache_set_data_blob) gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/ACME] and timeout=[Thu Nov 25 05:28:33 PM 2021 UTC] (900 seconds ahead) [2021/11/25 17:13:33.571186, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libsmb/namequery.c:90(saf_store) saf_store: domain = [AD.CORP.ACME.COM], server = [fra-dc-3.ad.corp.acme.com], expire = [1637861313] [2021/11/25 17:13:33.571201, 10, pid=62409, effective(0, 0), real(0, 0), class=tdb] ../../source3/lib/gencache.c:279(gencache_set_data_blob) gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/AD.CORP.ACME.COM] and timeout=[Thu Nov 25 05:28:33 PM 2021 UTC] (900 seconds ahead) [2021/11/25 17:13:33.571759, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/ldap.c:3244(ads_current_time) KDC time offset is 0 seconds [2021/11/25 17:13:33.572209, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sasl.c:676(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2021/11/25 17:13:33.572827, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sasl.c:542(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 [2021/11/25 17:13:33.572852, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sasl.c:542(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2021/11/25 17:13:33.572866, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sasl.c:542(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2021/11/25 17:13:33.572880, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sasl.c:542(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2021/11/25 17:13:33.572894, 3, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/sasl.c:542(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2021/11/25 17:13:33.573242, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/kerberos.c:148(kerberos_kinit_password_ext) kerberos_kinit_password_ext: as PRINT-MR2-FRA$@AD.CORP.ACME.COM using [MEMORY:prtpub_cache] as ccache and config [(null)] [2021/11/25 17:13:33.650249, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/libads/kerberos.c:211(kerberos_kinit_password_ext) kerberos_kinit_password_ext: PRINT-MR2-FRA$@AD.CORP.ACME.COM mapped to PRINT-MR2-FRA$@AD.CORP.ACME.COM [2021/11/25 17:13:33.652710, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'gssapi_spnego' registered [2021/11/25 17:13:33.652748, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'gssapi_krb5' registered [2021/11/25 17:13:33.652765, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2021/11/25 17:13:33.652784, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'spnego' registered [2021/11/25 17:13:33.652803, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'schannel' registered [2021/11/25 17:13:33.652821, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2021/11/25 17:13:33.652836, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2021/11/25 17:13:33.652854, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'ntlmssp' registered [2021/11/25 17:13:33.652869, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2021/11/25 17:13:33.652885, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'http_basic' registered [2021/11/25 17:13:33.652899, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'http_ntlm' registered [2021/11/25 17:13:33.652913, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'http_negotiate' registered [2021/11/25 17:13:33.653512, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'krb5' registered [2021/11/25 17:13:33.653538, 3, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:987(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2021/11/25 17:13:33.653892, 5, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:748(gensec_start_mech) Starting GENSEC mechanism spnego [2021/11/25 17:13:33.653965, 5, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:748(gensec_start_mech) Starting GENSEC submechanism gse_krb5 [2021/11/25 17:13:33.668266, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: gse_krb5[0x564054bf4d40]: subreq: 0x564054bffdb0 [2021/11/25 17:13:33.668315, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: spnego[0x564054bf2f50]: subreq: 0x564054c0e580 [2021/11/25 17:13:33.668359, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: gse_krb5[0x564054bf4d40]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x564054bffdb0/../../source3/librpc/crypto/gse.c:848]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x564054bfff60)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:859] [2021/11/25 17:13:33.668434, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: spnego[0x564054bf2f50]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x564054c0e580/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x564054c0e730)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] [2021/11/25 17:13:33.670070, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: gse_krb5[0x564054bf4d40]: subreq: 0x564054bffdb0 [2021/11/25 17:13:33.670105, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: spnego[0x564054bf2f50]: subreq: 0x564054c0e580 [2021/11/25 17:13:33.670126, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: gse_krb5[0x564054bf4d40]: NT_STATUS_OK tevent_req[0x564054bffdb0/../../source3/librpc/crypto/gse.c:848]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x564054bfff60)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:866] [2021/11/25 17:13:33.670272, 10, pid=62409, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: spnego[0x564054bf2f50]: NT_STATUS_OK tevent_req[0x564054c0e580/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x564054c0e730)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] [2021/11/25 17:13:33.670403, 5, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_ncacn_np.c:260(make_internal_ncacn_conn) make_internal_ncacn_conn: Create pipe requested winreg [2021/11/25 17:13:33.670446, 4, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/rpc_ncacn_np.c:306(make_internal_ncacn_conn) Created internal pipe winreg [2021/11/25 17:13:33.670535, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2021/11/25 17:13:33.670621, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2021/11/25 17:13:33.670658, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2021/11/25 17:13:33.670676, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:561(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2021/11/25 17:13:33.670690, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2021/11/25 17:13:33.670704, 5, pid=62409, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:52(security_token_debug) Security token: (NULL) [2021/11/25 17:13:33.670720, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2021/11/25 17:13:33.670852, 4, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2021/11/25 17:13:33.670875, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:886(regdb_open) regdb_open: registry db opened. refcount reset (1) [2021/11/25 17:13:33.670893, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2021/11/25 17:13:33.670914, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2021/11/25 17:13:33.670930, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.670943, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM] [2021/11/25 17:13:33.671051, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 77ba0443-9792-4201-be35-152ce2da26c6 keyname: struct winreg_String name_len : 0x008a (138) name_size : 0x008a (138) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printers' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2021/11/25 17:13:33.671172, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2021/11/25 17:13:33.671188, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (1->2) [2021/11/25 17:13:33.671203, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2021/11/25 17:13:33.671217, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2021/11/25 17:13:33.671232, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.671245, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE] [2021/11/25 17:13:33.671300, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2021/11/25 17:13:33.671316, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (2->3) [2021/11/25 17:13:33.671331, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2021/11/25 17:13:33.671344, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2021/11/25 17:13:33.671362, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.671381, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft] [2021/11/25 17:13:33.671466, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2021/11/25 17:13:33.671485, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (3->4) [2021/11/25 17:13:33.671500, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2021/11/25 17:13:33.671513, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2021/11/25 17:13:33.671529, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.671542, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2021/11/25 17:13:33.671630, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2021/11/25 17:13:33.671648, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (4->5) [2021/11/25 17:13:33.671674, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2021/11/25 17:13:33.671688, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2021/11/25 17:13:33.671704, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.671717, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe398b7260 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2021/11/25 17:13:33.671781, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2021/11/25 17:13:33.671800, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (5->6) [2021/11/25 17:13:33.671814, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2021/11/25 17:13:33.671828, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2021/11/25 17:13:33.671844, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.671857, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe398b7260 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2021/11/25 17:13:33.671917, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2021/11/25 17:13:33.671941, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (6->7) [2021/11/25 17:13:33.671957, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2021/11/25 17:13:33.671970, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2021/11/25 17:13:33.671987, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.672000, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2021/11/25 17:13:33.673958, 7, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2021/11/25 17:13:33.673983, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:858(regdb_open) regdb_open: incrementing refcount (7->8) [2021/11/25 17:13:33.673998, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printers] [2021/11/25 17:13:33.674012, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printers] [2021/11/25 17:13:33.674029, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2021/11/25 17:13:33.674042, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_cachehook.c:129(reghook_cache_find) reghook_cache_find: found ops 0x7fbe394013c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printers] [2021/11/25 17:13:33.674150, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:1742(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printers] not found [2021/11/25 17:13:33.674170, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (8->7) [2021/11/25 17:13:33.674289, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (7->6) [2021/11/25 17:13:33.674308, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (6->5) [2021/11/25 17:13:33.674322, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (5->4) [2021/11/25 17:13:33.674336, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (4->3) [2021/11/25 17:13:33.674349, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (3->2) [2021/11/25 17:13:33.674363, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (2->1) [2021/11/25 17:13:33.674408, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:478(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000001 (1) uuid : 77ba0443-9792-4201-be35-152ce2da26c6 [2021/11/25 17:13:33.674474, 10, pid=62409, effective(0, 0), real(0, 0), class=registry] ../../source3/registry/reg_backend_db.c:906(regdb_close) regdb_close: decrementing refcount (1->0) [2021/11/25 17:13:33.674699, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/rpc_client/cli_winreg_spoolss.c:1518(winreg_get_printer) winreg_get_printer: Could not open key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printers: WERR_FILE_NOT_FOUND [2021/11/25 17:13:33.674990, 1, pid=62409, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/printing/spoolssd.c:664(start_spoolssd) Forking SPOOLSS Daemon [2021/11/25 17:13:33.676616, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_sock.c:410(open_socket_in) bind succeeded on port 445 [2021/11/25 17:13:33.676688, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.676801, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.676938, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_sock.c:410(open_socket_in) bind succeeded on port 139 [2021/11/25 17:13:33.676962, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.677053, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.677175, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_sock.c:410(open_socket_in) bind succeeded on port 445 [2021/11/25 17:13:33.677197, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: [2021/11/25 17:13:33.677155, 10, pid=62427, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor) SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 msg_dgm_ref_destructor: refs=(nil) TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.677309, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.677417, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/util_sock.c:410(open_socket_in) bind succeeded on port 139 [2021/11/25 17:13:33.677436, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: [2021/11/25 17:13:33.677431, 10, pid=62427, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref) SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 messaging_dgm_ref: messaging_dgm_init returned Success TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 [2021/11/25 17:13:33.677476, 10, pid=62427, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref) SO_REUSEPORT = 1 SO_SNDBUF = 16384 messaging_dgm_ref: unique = 3174698110268105716 SO_RCVBUF = 131072 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2021/11/25 17:13:33.677510, 2, pid=62427, effective(0, 0), real(0, 0)] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) TCP_DEFER_ACCEPT = 0 Registered MSG_REQ_POOL_USAGE TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.677531, 5, pid=62409, effective(0, 0), real(0, 0)] ../../lib/util/util_net.c:1058(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 [2021/11/25 17:13:33.677561, 5, pid=62427, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:155(make_pdb_method_name) SO_RCVBUF = 131072 Attempting to find a passdb backend to match tdbsam (tdbsam) SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 [2021/11/25 17:13:33.677599, 5, pid=62427, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:176(make_pdb_method_name) SO_RCVTIMEO = 0 TCP_QUICKACK = 1 Found pdb backend tdbsam TCP_DEFER_ACCEPT = 0 TCP_USER_TIMEOUT = 0 [2021/11/25 17:13:33.677641, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 13 - private_data=(nil) [2021/11/25 17:13:33.677651, 5, pid=62427, effective(0, 0), real(0, 0), class=passdb] ../../source3/passdb/pdb_interface.c:187(make_pdb_method_name) pdb backend tdbsam has a valid init [2021/11/25 17:13:33.677665, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 33 - private_data=0x564054bcfc20 [2021/11/25 17:13:33.677692, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 783 - private_data=(nil) [2021/11/25 17:13:33.677720, 5, pid=62427, effective(0, 0), real(0, 0)] ../../lib/util/debug.c:811(debug_dump_status) INFO: Current debug levels: [2021/11/25 17:13:33.677729, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) all: 10 Registering messaging pointer for type 1 - private_data=(nil) tdb: 10 printdrivers: 10 [2021/11/25 17:13:33.677748, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:739(messaging_register) lanman: 10 smb: 10 rpc_parse: 10 Overriding messaging pointer for type 1 - private_data=(nil) rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 [2021/11/25 17:13:33.677773, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) auth: 10 Registering messaging pointer for type 770 - private_data=(nil) winbind: 10 vfs: 10 idmap: 10 [2021/11/25 17:13:33.677789, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 Registering messaging pointer for type 801 - private_data=(nil) registry: 10 scavenger: 10 dns: 10 ldb: 10 [2021/11/25 17:13:33.677817, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) tevent: 10 Registering messaging pointer for type 790 - private_data=(nil) auth_audit: 10 auth_json_audit: 10 kerberos: 10 [2021/11/25 17:13:33.677833, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) drs_repl: 10 Registering messaging pointer for type 791 - private_data=(nil) smb2: 10 smb2_credits: 10 dsdb_audit: 10 [2021/11/25 17:13:33.677848, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) dsdb_json_audit: 10 Registering messaging pointer for type 15 - private_data=(nil) dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 [2021/11/25 17:13:33.677862, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) dsdb_transaction_json_audit: 10 Registering messaging pointer for type 16 - private_data=(nil) dsdb_group_audit: 10 dsdb_group_json_audit: 10 [2021/11/25 17:13:33.677876, 5, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:723(messaging_register) Registering messaging pointer for type 799 - private_data=(nil) [2021/11/25 17:13:33.677903, 1, pid=62409, effective(0, 0), real(0, 0)] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record! [2021/11/25 17:13:33.677952, 2, pid=62409, effective(0, 0), real(0, 0)] ../../source3/smbd/server.c:1359(smbd_parent_loop) waiting for connections [2021/11/25 17:13:33.678000, 10, pid=62409, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:426(messaging_recv_cb) messaging_recv_cb: Received message 0x31f len 0 (num_fds:0) from 62411 [2021/11/25 17:13:33.678087, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm.c:1444(messaging_dgm_send) messaging_dgm_send: Sending message to 62412 [2021/11/25 17:13:33.678159, 10, pid=62409, effective(0, 0), real(0, 0)] ../../lib/messaging/messages_dgm.c:1444(messaging_dgm_send) messaging_dgm_send: Sending message to 62411 [2021/11/25 17:13:33.678169, 10, pid=62412, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:426(messaging_recv_cb) messaging_recv_cb: Received message 0x31f len 0 (num_fds:0) from 62409 [2021/11/25 17:13:33.678232, 10, pid=62411, effective(0, 0), real(0, 0)] ../../source3/lib/messages.c:426(messaging_recv_cb) messaging_recv_cb: Received message 0x31f len 0 (num_fds:0) from 62409